How to modify existing Azure Subnet and add new service endpoints using Terraform script

jjayaraman · April 10, 2024, 3:00pm

How to modify existing Azure Subnet and add new service endpoints using Terraform script?

I tried this option… but seems this is not available.


# Service endpoints to associate with the existing subnet
locals {
  service_endpoints = [
    "Microsoft.EventHub",
    "Microsoft.KeyVault",
    "Microsoft.ServiceBus",
    "Microsoft.Sql",
    "Microsoft.Storage"
  ]
}
 
# Create service endpoint associations for each service
resource "azurerm_subnet_service_endpoint" "subnet1_association" {
  for_each = { for idx, endpoint in local.service_endpoints : idx => endpoint }
 
  subnet_id               = data.azurerm_subnet.subnet1.id
  service_endpoint_policy = each.value
}

But it complained about azurerm_subnet_service_endpoint… seems its not available

User
$ terraform plan
╷
│ Error: Invalid resource type
│
│ on subnet_serviceendpoint_association.tf line 13, in resource “azurerm_subnet_service_endpoint” “subnet1_association”:
│ 13: resource “azurerm_subnet_service_endpoint” “subnet1_association” {
│
│ The provider hashicorp/azurerm does not support resource type “azurerm_subnet_service_endpoint”.

As second option i tried this, but terraform plan command says it will create a new resoruce instead of updating existing subnet.

data "azurerm_subnet" "subnet1" {
  name                 = var.subnet1
  resource_group_name  = data.azurerm_resource_group.rg_ss.name
  virtual_network_name = data.azurerm_virtual_network.vnet1.name
}


resource "azurerm_subnet" "existing_subnet" {
  # id                   = data.azurerm_subnet.subnet1.id
  name                 = data.azurerm_subnet.subnet1.name
  resource_group_name  = data.azurerm_subnet.subnet1.resource_group_name
  virtual_network_name = data.azurerm_subnet.subnet1.virtual_network_name
  address_prefixes     = data.azurerm_subnet.subnet1.address_prefixes

  service_endpoints = [
    "Microsoft.EventHub",
    "Microsoft.KeyVault",
    "Microsoft.ServiceBus",
    "Microsoft.Sql",
    "Microsoft.Storage"
  ]
}

terraform plan

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # azurerm_subnet.example will be created
  + resource "azurerm_subnet" "example" {
      + address_prefixes                               = [
          + "10.0.0.0/24",
        ]
      + enforce_private_link_endpoint_network_policies = (known after apply)
      + enforce_private_link_service_network_policies  = (known after apply)
      + id                                             = (known after apply)
      + name                                           = "default"
      + private_endpoint_network_policies_enabled      = (known after apply)
      + private_link_service_network_policies_enabled  = (known after apply)
      + resource_group_name                            = "rgxxxx"
      + service_endpoints                              = [
          + "Microsoft.EventHub",
          + "Microsoft.KeyVault",
          + "Microsoft.ServiceBus",
          + "Microsoft.Sql",
          + "Microsoft.Storage",
        ]
      + virtual_network_name                           = "vnetxxxxx"
    }

Plan: 1 to add, 0 to change, 0 to destroy.