ARM is blocked by Azure Storage Account firewall

ARM = Azure Resource Management

If you enable the firewall, like below:

As a result, ARM wouldn’t be able to access any containers under this storage account.

If your ARM uses nested templates, and you put the nested templates in the containers, the deployment of your resource group would fail as ARM is unable to download the nested templates.

You will see the error like below:

{"code":"InvalidContentLink","message":"Unable to download deployment content from 'https://testtest.blob.core.windows.net/smengtestta539/git-azure/nestedtemplates/publicip-new.json'. The tracking Id is 'a97aed26-a3e9–4052-a164–29d53eb081b2'. Please see Deploy resources with PowerShell and template Azure Resource Manager for usage details."}

It is a known limitation, check it out : https://docs.microsoft.com/en-us/azure/azure-resource-manager/templates/linked-templates?tabs=azure-powershell

I quoted it as below:

Currently, you can't link to a template in a storage account that is behind an Azure Storage firewall.

And, there is an issue reported in ARM Github too: Azure Resource Manager · Issue #37309 · MicrosoftDocs/azure-docs · GitHub

Alright, that’s it. I do NOT understand this design though!!!