500: Internal Server Error on Azure Container App correlation ID: a12af57d-832a-0f7c-479a-94e70a82ce42

Question

I am trying to deploy to my Azure Container App, but the terraform fails when trying to retrieve secrets for the container app. It was deploying fine last week and I haven't made any terraform changes. I am just deploying new code. The Azure health page says that nothing is wrong with the Azure Container App service, but this is affecting my deployment currently.

Answer 1

William Kelly

I understand you're facing an issue with deploying to your Azure Container App using Terraform. Here are a few steps you can follow to resolve this:

1. Managed Identity and Key Vault Permissions: Make sure the managed identity associated with your app has the necessary permissions. Assign an access policy in Key Vault to the managed identity, grant at least "Get" permissions on secrets, and verify that the correct identity is used when deploying via Terraform.
   Reference : https://learn.microsoft.com/en-us/azure/container-apps/manage-secrets?tabs=azure-portal

Ensure Proper Terraform Execution Permissions: The identity running Terraform needs the Microsoft.App/containerApps/listSecrets/action permission. This is typically included in roles like Contributor and Container App Operator. If you're using a service principal for your Terraform deployment, make sure it has these permissions assigned.

Check for Terraform Provider Issues: Sometimes, older versions of the Terraform AzureRM provider have problems retrieving secrets. Try updating to the latest version and check for any open issues in the provider’s GitHub repository.

1. Restart Revisions After Secret Updates: In Azure Container Apps, secret changes don't take effect immediately unless revisions are restarted. If you've updated secrets recently, try restarting your app’s revisions to ensure the new values are recognized.
   Reference : https://learn.microsoft.com/en-us/azure/container-apps/revisions

Please let us know if you need any further assistance.