This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(204.8, 50%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ETR%3C/text%3E%3C/svg%3E)
Below is the terraform code which I am using to deploy WAF-2 appGW and provided all the required code for the certificate and all even though it's getting error .
this is the error:
Error: creating Application Gateway: (Name "appgw-appgw-v2-eastus" / Resource Group "rg-test-01"): network.ApplicationGatewaysClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="InvalidResourceReference" Message="Resource /subscriptions/7674bdf6-953a-4f69-b581-219e134c9a73/resourceGroups/rg-test-01/providers/Microsoft.Network/applicationGateways/appgw-appgw-v2-eastus/sslCertificates/ssl_cert_name referenced by resource /subscriptions/7674bdf6-953a-4f69-b581-219e134c9a73/resourceGroups/rg-test-01/providers/Microsoft.Network/applicationGateways/appgw-appgw-v2-eastus/httpListeners/listenertest was not found. Please make sure that the referenced resource exists, and that both resources are in the same region." Details=[]
dynamic "frontend_port" {
for_each = var.frontend_port_config
content {
name = frontend_port.value.name
port = frontend_port.value.port
}
}
ssl_policy {
policy_name = var.ssl_policy["policy_type"] == "Predifined" ? var.ssl_policy["Policy_name"] : null
policy_type = var.ssl_policy["policy_type"]
cipher_suites = var.ssl_policy["policy_type"] == "Custom" ? var.ssl_policy["cipher_suites"] : null
min_protocol_version = var.ssl_policy["policy_type"] == "Custom" ? "TLSv1_2" : null
}
dynamic "ssl_certificate" {
for_each = var.ssl_certificate_config
content {
name = ssl_certificate.value.ssl_certificate_name
#data = ssl_certificate.value.secret_id ? null : "${filebase64(ssl_certificate.value.ssl.ssl_cert_path)}"
#data = "${base64encode(file("/Users/thirumaldage/Desktop/cert.crt"))}"
#key_vault_secret_id = ssl_certificate.key_vault_secret_id ? data.azurerm_key_valut_certificate.certificate[ssl_certificate.key].secret_id : null
key_vault_secret_id = data.azurerm_key_vault_certificate.certificate.secret_id
}
}
identity {
type = "UserAssigned"
#identity_ids = [azurerm_user_assigned_identity.identity.id]
identity_ids = [data.azurerm_user_assigned_identity.identity.id]
}
dynamic "http_listener" {
for_each = var.http_routing_config
content {
name = http_listener.value.http_listener_name
host_name = http_listener.value.http_listener_host_name
frontend_ip_configuration_name = local.private_frontend_ip_configuration_name
frontend_port_name = http_listener.value.frontend_port_name
protocol = "Https"
ssl_certificate_name = http_listener.value.ssl_certificate_name
require_sni = true
}
}
dynamic "request_routing_rule" {
for_each = var.http_routing_config
content {
name = request_routing_rule.key
rule_type = "Basic"
http_listener_name = request_routing_rule.value.http_listener_name
backend_address_pool_name = request_routing_rule.value.backend_address_pool_name
priority = request_routing_rule.value.priority
backend_http_settings_name = "${request_routing_rule.key}-backend-setting"
rewrite_rule_set_name = request_routing_rule.value.rewrite_rule_set_name
}
}
dynamic "trusted_root_certificate" {
for_each = var.trusted_root_certificate
content {
name = trusted_root_certificate.key
data = base64encode(file("${trusted_root_certificate.value}"))
}
}
Welcome to the Microsoft Q&A Platform. Thank you for reaching out & I hope you are doing well.
I understand that you are facing issues with the Terraform deployment of App Gateway.
From the error message, it doesn't look like Listener is not found.
Rather, the Listener is unable to get the SSL Certificate.
Now, I see you are using
The above complicates the troubleshooting part. We have to isolate the issue,
Cheers,
Kapil
Key secret id looks fetching and displaying in plan key_vault_secret_id = "https://test-vault-01.vault.azure.net/secrets/appgw-cert/e61a56223cd44c709b56b926b5b63bca
I see.
However, we will only be able to isolate the issue if you could share the results for all the action plan provided.
Cheers,
Kapil
is there any chance to have meeting? od let me know what exactly i need to share?
Certificate issue was resolved and getting "requeest routing rule error" as below.
resourceGroups/payme-test-01/providers/Microsoft.Network/applicationGateways/appgw-appgw-v2-eastus/requestRoutingRules/test_rule1 was not found. Please make sure that the referenced resource exists, and that both resources are in the same region." Details=[]
this is my code snippet for request routing
dynamic "request_routing_rule" {
for_each = var.http_routing_config
content {
name = request_routing_rule.key
rule_type = "Basic"
http_listener_name = request_routing_rule.value.http_listener_name
backend_address_pool_name = request_routing_rule.value.backend_address_pool_name
priority = request_routing_rule.value.priority
backend_http_settings_name = "${request_routing_rule.key}-backend-setting"
rewrite_rule_set_name = request_routing_rule.value.rewrite_rule_set_name
}
}
@Thirumal Rao D As the error states, it looks like "test_rule1" is missing.
From your loop statement, we cannot confirm if test_rule1 is present or not.
I would suggest you to make sure the var "http_routing_config" has a rule with name "test_rule1"
Thanks,
Kapil
No, I am passing the rule name and tried without loop[ also but no luck.
tried like this also
request_routing_rule {
name = "test_rule1"
priority = 10
rule_type = "Basic"
http_listener_name = "listenertest"
backend_address_pool_name = "test_backendpool"
backend_http_settings_name = "backend_settings"
}
GOT IT....
As I have given the name of backend_http_setting_name = demo-http-settings and giving it as demo-http-setting in request_routing_rule. It will error out as it can't find the backend http setting.
Thank you!