Hi there,
My current flow is that I have a JSON document representing multiple website configurations. This gets pulled into TF and used to create Frontdoor endpoints. Then I try to enable HTTPS for these endpoints using a cert stored in keyvault. However, when I try to just for_each over azurerm_frontdoor.frontdoor.frontend_endpoints, it fails in plan saying I can’t use one for the default endpoint, and if I try to filter out the default endpoint I get azurerm_frontdoor.frontdoor.frontend_endpointseis a map of string, known only after apply.
resource "azurerm_frontdoor_custom_https_configuration" "custom_https" {
# we don't need to make one for *.azurefd.net
for_each = {for key, endpoint in azurerm_frontdoor.frontdoor.frontend_endpoints : key => endpoint if key != "default"}
frontend_endpoint_id = each.value
custom_https_provisioning_enabled = true
dynamic "custom_https_configuration" {
for_each = var.environment != "dev" ? [null] : []
content {
certificate_source = "AzureKeyVault"
azure_key_vault_certificate_vault_id = local.prod_cokv_id
azure_key_vault_certificate_secret_name = local.ssl_certificate_name
}
}
}
Has anyone come across this before?
It looks like there’s a couple open issues related to this, but no solution: azurerm_frontdoor_custom_https_configuration and new Front Door endpoints precedence. · Issue #11857 · hashicorp/terraform-provider-azurerm (github.com), azurerm_frontdoor_custom_https_configuration and new Front Door endpoints · Issue #28785 · hashicorp/terraform (github.com)