establish peering between non-terraform VNET with terraform VNET

Question

can we establish peering between non-terraform VNET with terraform VNET.

can someone please share at least the manual steps and required permission as well.

Answer 1

As mentioned by Isaac Ineh-dumbi, please confirm the network contributor access is given for 2 networks to be peered.

Contributor or Network Contributor role on both VNets (for creating peering).

The issue is related to the inability to sync address spaces between the VNets, as pointed out by the error, due not having the required Network Contributor access to the other virtual Network.

1 peerings are unable to connect to all the address spaces in this virtual network and must be synced. You must have contributor access to the peered virtual network to sync the virtual networks.

Please ensure that peering is configured in both directions, preferably via code, chek the sample code Deploy Azure Virtual Network Peering with a Terraform Module and also check that Network Contributor permissions are granted on both VNets.

Answer 2

Certainly! Establishing peering between non-Terraform-managed virtual networks (VNets) and Terraform-managed VNets in Azure is possible. Let's break down the steps:

1. Manual Steps:
   • Non-Terraform VNet:
     • In the Azure portal, navigate to the non-Terraform VNet.
     • Go to Settings > Peerings.
     • Click Add to create a new peering.
     • Specify the VNet to peer with(the Terraform-managed VNet).
     • Configure the peering options (e.g., allow forwarded traffic, gateway transit, etc.).
     • Click OK to create the peering.
   • Terraform-Managed VNet:
     • Define the VNet peering in your Terraform configuration using the azurerm_virtual_network_peering resource.
     • Specify the remote_virtual_network_id (the non-Terraform VNet's ID).
     • Set the appropriate properties (e.g., allow_forwarded_traffic, use_remote_gateways, etc.).
2. Required Permissions:
   • Ensure that the service principal or user account used by Terraform has the necessary permissions:
     • Contributor or Network Contributor role on both VNets (for creating peering).
     • Reader role on the non-Terraform VNet (to retrieve its details in Terraform).

Answer 3

ok i created one fresh VNET with terraform and tried to establish peering with existing non-terrafrom VNET and got this error message:

1 peerings are unable to connect to all the address spaces in this virtual network and must be synced. You must have contributor access to the peered virtual network to sync the virtual networks.

Am I missing any permission on existing non-terraform VNET ?

Answer 4

here is the screenshot as well:

Answer 5

The error message you encountered indicates that the peering between your Terraform-created VNET and the existing non-Terraform VNET lacks the necessary permissions to synchronize the virtual networks.

Please verify that you have the required permissions to sync the virtual networks. You will need at least Network Contributor permissions for both VNETs. This also applies to virtual networks in different subscriptions or EntraID tenants. To assign the Network Contributor role, follow these steps:

• Navigate to the Azure portal.
• Go to the Access control (IAM) section for your subscription or resource group.
• Add yourself or the relevant user/service principal as a Network Contributor to both the source and destination virtual networks. You can refer to this guide for more details: Role Assignments in the Azure Portal.

I hope this information is helpful! If you encounter any further issues, please feel free to ask for additional assistance and share the configuration code snippet! 😊👍