I’m trying to create and use the same Application Gateway over and over.
I’ve successfully setup dynamic block and am running for_each to create multiple frontend ports, backend address pools, probes, listeners, etc.
I’m wanting to take that to the next level and use workspaces as well.
I have several maps in my tfvars files for each of the application environments.
When I drop into a workspace (or simply run it from default referencing a different tfvars file) it see it as a change to the existing arguments rather than creating new arguments until the existing resource group.
Here is a chunk of the main.tf-
resource “azurerm_application_gateway” “APPGW-WESTHUB-PRIVATE” {
provider = azurerm.secondary_subscription_alias
name = “APPGW-WESTHUB-PRIVATE”
resource_group_name = “RG_Westhub”
location = “West US”
sku {
name = “Standard_v2”
tier = “Standard_v2”
}
autoscale_configuration {
min_capacity = “1”
max_capacity = “10”
}
identity {
identity_ids = [data.azurerm_user_assigned_identity.Managed_ID_West.id]
}
gateway_ip_configuration {
name = “appgw-westhub-private”
subnet_id = data.azurerm_subnet.subnet-westhub-appgw.id
}
frontend_ip_configuration {
name = “appgwPUBLICfrontendipDONOTUSE”
public_ip_address_id = data.azurerm_public_ip.appgw-west-public.id
}
frontend_ip_configuration {
name = “appgwPRIVATEfrontendip”
subnet_id = data.azurerm_subnet.subnet-westhub-appgw.id
private_ip_address_allocation = “Static”
private_ip_address = “10.251.140.200”
}
trusted_root_certificate {
name = “PremRootCA”
data = “*************************”
}
dynamic “frontend_port” {
for_each = [for l in var.lb_fe_port : {
name = l.frontend_port
port = l.frontend_port
}]
content {
name = "${local.env}_${frontend_port.value.name}"
port = frontend_port.value.port
}
}
dynamic “ssl_certificate” {
for_each = [for l in var.lb_ssl_west : {
name = l.name
key_vault = l.key_vault
}]
content {
name = ssl_certificate.value.name
key_vault_secret_id = ssl_certificate.value.key_vault
}
}
dynamic “backend_address_pool” {
for_each = [for l in var.lb_private_west : {
name = “${l.name}_addresspool”
members = l.members
}]
content {
name = "${local.env}_${backend_address_pool.value.name}"
ip_addresses = backend_address_pool.value.members
}
}
dynamic “probe” {
for_each = [for l in var.lb_private_west : {
name = “${l.name}_probe”
hostname = l.hostname
path = l.path
protocol = l.protocol
}]
content {
name = "${local.env}_${probe.value.name}"
host = probe.value.hostname
path = probe.value.path
protocol = probe.value.protocol
interval = 30
timeout = 30
unhealthy_threshold = 3
}
}
dynamic “backend_http_settings” {
for_each = [for l in var.lb_private_west : {
name = “{l.name}_http"
path = l.path
protocol = l.protocol
port = l.backend_port
probe_name = "{l.name}_probe”
backend_trusted_root_list = l.backend_trusted_root_list
hostname = l.hostname
}]
content {
name = "${local.env}_${backend_http_settings.value.name}"
cookie_based_affinity = "Disabled"
path = backend_http_settings.value.path
protocol = backend_http_settings.value.protocol
port = backend_http_settings.value.port
request_timeout = 20
probe_name = "${local.env}_${backend_http_settings.value.probe_name}"
trusted_root_certificate_names = backend_http_settings.value.backend_trusted_root_list
host_name = backend_http_settings.value.hostname
}
}
dynamic “http_listener” {
for_each = [for l in var.lb_private_west : {
name = “${l.name}_listener”
frontend_portname = l.frontend_port
protocol = l.protocol
hostname = l.hostname
cert = l.cert
}]
content {
name = "${local.env}_${http_listener.value.name}"
frontend_ip_configuration_name = "appgwPRIVATEfrontendip"
frontend_port_name = "${local.env}_${http_listener.value.frontend_portname}"
protocol = http_listener.value.protocol
host_name = http_listener.value.hostname
ssl_certificate_name = http_listener.value.cert
}
}
dynamic “request_routing_rule” {
for_each = [for l in var.lb_private_west : {
name = “{l.name}_rr"
listener = "{l.name}_listener”
address_pool = “{l.name}_addresspool"
http = "{l.name}_http”
}]
content {
name = "${local.env}_${request_routing_rule.value.name}"
rule_type = "Basic"
http_listener_name = "${local.env}_${request_routing_rule.value.listener}"
backend_address_pool_name = "${local.env}_${request_routing_rule.value.address_pool}"
backend_http_settings_name = "${local.env}_${request_routing_rule.value.http}"
}
}
}
I’ve tried a few things, the outcome is always the same- overwrite the existing arguments rather than creating new-
1- terraform apply -var-file=“PremierSummNP.tfvars” -var-file=“PremierAppNP.tfvars”
2- adjusted filenames to auto.tfvars
3- terraform workspace new PremierSummNP and then run apply