Azurerm_app_service.webapp.possible_outbound_ip_addresses is a string, known only after apply

mail · April 10, 2022, 9:20am

if i use the output azurerm_app_service.webapp.possible_outbound_ip_addresses to build firewall rules for a postgres_flexible_server, the planning run failed with the Error:
azurerm_app_service.webapp.possible_outbound_ip_addresses is a string, known only after apply. To work around this, use
│ the -target argument to first apply only the resources that the for_each depends on
But I want to run this in one plan run and without running apply for the postgres_database resource.

Here my entire Code:

Configure the Azure provider

terraform {
required_providers {
azurerm = {
source = “hashicorp/azurerm”
version = “~> 3.1.0”
}
}
required_version = “>= 0.14.9”
}
provider “azurerm” {
features {}
}

Generate a random integer to create a globally unique name

resource “random_integer” “ri” {
min = 10000
max = 99999
}

Create the resource group

resource “azurerm_resource_group” “rg” {
name = “test_webapp_tf-${random_integer.ri.result}”
location = “westeurope”
}

Create the Linux App Service Plan

resource “azurerm_app_service_plan” “appserviceplan” {
name = “webapp-asp-${random_integer.ri.result}”
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
sku {
tier = “Free”
size = “F1”
}
}

Create the web app, pass in the App Service Plan ID, and deploy code from a public GitHub repo

resource “azurerm_app_service” “webapp” {
name = “webapp-${random_integer.ri.result}”
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
app_service_plan_id = azurerm_app_service_plan.appserviceplan.id
source_control {
repo_url = “GitHub - Azure-Samples/nodejs-docs-hello-world: A simple nodejs application for docs”
branch = “master”
manual_integration = true
use_mercurial = false
}
}
resource “azurerm_postgresql_flexible_server” “server” {
name = “unision-test-2”
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
administrator_login = “azureadmin”
administrator_password = “pwforTesting#”
sku_name = “GP_Standard_D2s_v3”
storage_mb = 32768
backup_retention_days = 7
version = “13”
zone = “1”
}
resource “azurerm_postgresql_flexible_server_firewall_rule” “pgfr_webapp” {

combine and flatten list of firewall rules and ,

for_each = toset(split(",", (azurerm_app_service.webapp.possible_outbound_ip_addresses)))
name = “web_app_ip_${replace(each.value, “.”, “_”)}”
server_id = azurerm_postgresql_flexible_server.server.id
start_ip_address = each.value
end_ip_address = each.value
depends_on = [
azurerm_app_service.webapp,
azurerm_postgresql_flexible_server.server
]
}

Topic		Replies	Views
For_each: Cannot apply App Service outbound IP to postgresql firewall Azure hcp-terraform , azure	0	794	February 12, 2021
Terraform 0.12 azurerm_app_service outputs as azurerm_mysql_firewall_rule inputs Terraform	10	2862	January 20, 2020
For_each with list of unknown strings Terraform	2	956	September 26, 2023
Bug in ip_restriction for app services Azure azure	0	826	June 4, 2021
Azurerm_function_app An argument named "scm_use_main_ip_restriction" is not expected here Azure azure	0	975	November 4, 2020