Private Endpoint gets destroyed and recreated when terraform state file is refreshed

Hello everyone,

I have deployed storage account and Private endpoint to storage restricting the public access through a single tfvars file.
If the same tfvars file is used for creating one more storage account, existing Private endpoint is getting destroyed and recreated though there are no changes in terms of configuration. Please help.

Need to understand what is the root cause of this issue. Thanks in advance !

Module code :

main.tf

resource “azurerm_private_endpoint” “pe” {
for_each = var.private_endpoint
name = lookup(each.value, “name”)
resource_group_name = var.resource_group_name
location = var.location
subnet_id = lookup(each.value, “subnet_id”)
tags = var.tags
private_service_connection {
name = lookup(each.value, “name”)
is_manual_connection = lookup(each.value, “is_manual_connection”)
#request_message = lookup(each.value,“request_message”)
request_message = lookup(each.value, “is_manual_connection”) ? “Please approve” : null
private_connection_resource_id = lookup(each.value, “private_connection_resource_id”)
#private_connection_resource_alias = lookup(each.value, “private_connection_resource_alias”)
subresource_names = lookup(each.value, “subresource_names”)
}
private_dns_zone_group {
name = lookup(each.value, “private_dns_zone_name”)
private_dns_zone_ids = lookup(each.value, “private_dns_zone_ids”)
}
}

variables.tf

variable private_endpoint {
type = map(object({
subnet_id = any
is_manual_connection = any
private_connection_resource_id = any
subresource_names = any
#request_message = string
name = any
private_dns_zone_ids = any
private_dns_zone_name = string
}))
default = {}
}

variable resource_group_name {
type = string
default = “”
}

variable location {
type = string
default = “”
}

1 Like

@ kollimouni30

Did you ever find a solution for this issue? I am facing the same. I had thought that for some reason tf was losing track of the private link resource in state, but found that a subsequent import of the private link results in an error stating that the private link was already managed by tf and found in state. So as best as I can tell, tf despite keeping track of the private link, sends some request that causes the link to get deleted. The end result of this behavior is that every other terraform apply fails (having sent some message, I assume checking the private link status, which unintentionally implies its deletion before the end of the run).