Error: A resource with the ID "......privateDnsZones/privatelink.azurewebsites.net" already exists -

We are getting an error that privateDNSzones already exists and it needs to be imported. I am pretty sure this because we have a problem with they way we have written our for_each loop.

The first run is fine, it creates the zone, everything is fine, but if we run it again, we get the error

Error: A resource with the ID “/subscriptions/xxxx/resourceGroups/rg-iblahblah/providers/Microsoft.Network/privateDnsZones/privatelink.azurewebsites.net” already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for “azurerm_private_dns_zone” for more information.

│ with module.services[“identity-service”].azurerm_private_dns_zone.app_service_dns_zone,
│ on baseline_modules/app_service/main.tf line 74, in resource “azurerm_private_dns_zone” “app_service_dns_zone”:
│ 74: resource “azurerm_private_dns_zone” “app_service_dns_zone” {

We are trying to deploy 6 web apps and each of those need private endpoints, etc. The error is repeated 10 times, once for each app. So I am guessing we have our for each loop goofed up somehow, but i cant track it down.

Here is the code that does most of the heavy lifting. You can see the code for the dns zone around the middle of the file. Its not in a for each loop, but it does seem to run for each app giving us the error for each app. So its looping somehow.

We have a separate file that has the names of the webapps and some app configuration in it, but nothing related to dns, so the error is not coming from another file. The error message is pretty clear the error is on line 74.


resource "azurerm_windows_web_app" "app_service" {
  for_each = local.locations_filtered

  name                = module.app_name[each.key].app_service.name
  location            = each.value.location
  resource_group_name = var.resource_group_name
  service_plan_id     = each.value.app_service_plan_id
  app_settings        = var.app_settings

  site_config {
    ftps_state        = "Disabled"
    default_documents = ["hostingstart.html"] # TODO: this may need to be updated to be different for every app
  }

  dynamic "connection_string" {
    for_each = var.connection_strings[each.key]
    content {
      name  = connection_string.value.name
      type  = connection_string.value.type
      value = connection_string.value.value
    }
  }
}

resource "azurerm_private_endpoint" "private_endpoint" {
  for_each = local.locations_filtered

  name                = module.app_name[each.key].private_endpoint.name
  location            = each.value.location
  resource_group_name = var.resource_group_name
  subnet_id           = each.value.private_endpoint_subnet_id
  tags                = local.tags

  private_dns_zone_group {
    name                 = "private-dns-zone-group"
    private_dns_zone_ids = [azurerm_private_dns_zone.app_service_dns_zone.id]
  }

  private_service_connection {
    name                           = module.app_name[each.key].private_service_connection.name
    is_manual_connection           = false
    private_connection_resource_id = azurerm_windows_web_app.app_service[each.key].id
    subresource_names              = ["sites"]
  }
}

resource "azurerm_private_dns_zone" "app_service_dns_zone" {
  name                = "privatelink.azurewebsites.net"
  resource_group_name = var.resource_group_name
}

resource "azurerm_private_dns_zone_virtual_network_link" "appservice_vnet_link" {
  for_each = local.locations_filtered

  name                  = var.naming_conventions[each.key].private_link_service.name
  resource_group_name   = var.resource_group_name
  private_dns_zone_name = azurerm_private_dns_zone.app_service_dns_zone.name
  virtual_network_id    = each.value.vnet_id
  tags                  = local.tags
}

resource "azurerm_app_service_virtual_network_swift_connection" "vnet_integration" {
  for_each = local.locations_filtered

  app_service_id = azurerm_windows_web_app.app_service[each.key].id
  subnet_id      = each.value.app_service_integration_subnet_id
}

You can see from the plan that its trying to create the dns zone 6 times. Which is why I think the error is happening. It should only have created it once, but…