Hey
I was tried to create Application gateway via terraform, use this module:
main.tf of the resource module:
resource "azurerm_application_gateway" "application_gateway" {
for_each = var.appgw_list
name = "agw-${each.value.application}-${each.value.env}-${each.value.region}-${each.value.index}"
resource_group_name = each.value.rg_name
location = var.location
tags = each.value.tags
zones = each.value.zones
autoscale_configuration {
min_capacity = 2
max_capacity = 10
}
ssl_certificate {
name = each.value.ssl_cert_name
key_vault_secret_id = each.value.key_vault_secret_id
}
identity {
...
}
sku {
...
}
gateway_ip_configuration {
...
}
dynamic "frontend_port" {
for_each = each.value.frontend_port
content {
name = frontend_port.key
port = frontend_port.value
}
}
frontend_ip_configuration {
...
}
backend_address_pool {
fqdns = each.value.backend_fqdns
name = each.value.backend_name
ip_addresses = each.value.backend_address
}
backend_http_settings {
name = each.value.backend_http_settings_name
affinity_cookie_name = each.value.affinity_cookie_name
cookie_based_affinity = "Disabled"
port = each.value.backend_http_settings_port
protocol = each.value.backend_http_settings_protocol
host_name = each.value.backend_host_name_override?each.value.backend_http_settings_host_name:"" //override the front host name
request_timeout = "50"
probe_name = each.value.backend_http_settings_probe_name
}
ssl_policy {
...
}
http_listener {
name = each.value.http_listener_name
frontend_ip_configuration_name = each.value.frontend_ip_configuration_name
frontend_port_name = each.value.frontend_port_name
protocol = "Https"
host_name = each.value.http_listener_host_name
ssl_certificate_name = each.value.ssl_cert_name
require_sni = true
}
request_routing_rule {
name = each.value.request_routing_rule_name
rule_type = "Basic"
http_listener_name = each.value.http_listener_name
backend_address_pool_name = each.value.backend_name
backend_http_settings_name = each.value.backend_http_settings_name
priority = 10
}
probe {
...
}
}
The resource in terraform.tfvars: (certain details have been censored)
appgw_list = {
"resource-name" = {
application = "child"
env = "dev"
region = "westeu"
rg_name = "rg-child-dev-westeu-001"
index = "001"
identityName = "id-001"
subnet_name = "snet-agw"
ssl_cert_name = "childcert"
key_vault_name = "kv-001"
key_vault_secret_id = "xxxx-xxxx-xxxx-xxxxx-xxxxx-xxxxx"
gateway_ip_configuration_name = "agw-ip"
frontend_port_name = "port_443"
frontend_port = [443]
frontend_ip_configuration_name = "pip-child-002"
backend_http_settings_name = "child-setting"
backend_fqdns = ["apim-child.net"]
backend_http_settings_port = "443"
backend_http_settings_protocol = "Https"
backend_http_settings_host_name = "childwizaed.code.co.il"
# backend_http_settings_probe_name = ""
backend_name = "apim_backend"
backend_address = ["20.201.60.232"]
http_listener_name = "childlistener"
http_listener_host_name = "childwizaed.code.co.il"
# ssl_certificate_name = ""
backend_host_name_override = false
affinity_cookie_name = "Application"
request_routing_rule_name = "child-rule"
backend_http_settings_probe_name = "apim-probe"
probe_host = "apim-child.net"
probe_interval = 30
probe_minimum_servers = 0
probe_name = "child-setting"
probe_path = "zzzz-zzz-zzzz-zzzz"
probe_pick_host_name_from_backend_http_settings = false
probe_protocol = "Https"
probe_timeout = 30
probe_unhealthy_threshold = 3
zones = []
capacity = 0
}
}
And this is the error:
Error: updating Application Gateway: (Name "resource-name" / Resource Group "rg-child-dev-westeu-001"): network.ApplicationGatewaysClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="InvalidResourceReference" Message="xxx/xxx/xxx/xxx/xxx/xxx/frontendPorts/port_443 referenced by resource xxx/xxx/xxx/xxx/xxx/xxxx/xxx/httpListeners/childlistener was not found. Please make sure that the referenced resource exists, and that both resources are in the same region." Details=[]
Any ideas?
Thanks!