We are getting an error that privateDNSzones already exists and it needs to be imported. I am pretty sure this because we have a problem with they way we have written our for_each loop.
The first run is fine, it creates the zone, everything is fine, but if we run it again, we get the error
Error: A resource with the ID “/subscriptions/xxxx/resourceGroups/rg-iblahblah/providers/Microsoft.Network/privateDnsZones/privatelink.azurewebsites.net” already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for “azurerm_private_dns_zone” for more information.
│
│ with module.services[“identity-service”].azurerm_private_dns_zone.app_service_dns_zone,
│ on baseline_modules/app_service/main.tf line 74, in resource “azurerm_private_dns_zone” “app_service_dns_zone”:
│ 74: resource “azurerm_private_dns_zone” “app_service_dns_zone” {
We are trying to deploy 6 web apps and each of those need private endpoints, etc. The error is repeated 10 times, once for each app. So I am guessing we have our for each loop goofed up somehow, but i cant track it down.
Here is the code that does most of the heavy lifting. You can see the code for the dns zone around the middle of the file. Its not in a for each loop, but it does seem to run for each app giving us the error for each app. So its looping somehow.
We have a separate file that has the names of the webapps and some app configuration in it, but nothing related to dns, so the error is not coming from another file. The error message is pretty clear the error is on line 74.
resource "azurerm_windows_web_app" "app_service" {
for_each = local.locations_filtered
name = module.app_name[each.key].app_service.name
location = each.value.location
resource_group_name = var.resource_group_name
service_plan_id = each.value.app_service_plan_id
app_settings = var.app_settings
site_config {
ftps_state = "Disabled"
default_documents = ["hostingstart.html"] # TODO: this may need to be updated to be different for every app
}
dynamic "connection_string" {
for_each = var.connection_strings[each.key]
content {
name = connection_string.value.name
type = connection_string.value.type
value = connection_string.value.value
}
}
}
resource "azurerm_private_endpoint" "private_endpoint" {
for_each = local.locations_filtered
name = module.app_name[each.key].private_endpoint.name
location = each.value.location
resource_group_name = var.resource_group_name
subnet_id = each.value.private_endpoint_subnet_id
tags = local.tags
private_dns_zone_group {
name = "private-dns-zone-group"
private_dns_zone_ids = [azurerm_private_dns_zone.app_service_dns_zone.id]
}
private_service_connection {
name = module.app_name[each.key].private_service_connection.name
is_manual_connection = false
private_connection_resource_id = azurerm_windows_web_app.app_service[each.key].id
subresource_names = ["sites"]
}
}
resource "azurerm_private_dns_zone" "app_service_dns_zone" {
name = "privatelink.azurewebsites.net"
resource_group_name = var.resource_group_name
}
resource "azurerm_private_dns_zone_virtual_network_link" "appservice_vnet_link" {
for_each = local.locations_filtered
name = var.naming_conventions[each.key].private_link_service.name
resource_group_name = var.resource_group_name
private_dns_zone_name = azurerm_private_dns_zone.app_service_dns_zone.name
virtual_network_id = each.value.vnet_id
tags = local.tags
}
resource "azurerm_app_service_virtual_network_swift_connection" "vnet_integration" {
for_each = local.locations_filtered
app_service_id = azurerm_windows_web_app.app_service[each.key].id
subnet_id = each.value.app_service_integration_subnet_id
}