Share via

Application gateway terraform application fails. What's the reason?

Heeyoung Eom (엄희영) 146 Reputation points
2021-11-27T17:55:38.81+00:00

this is error code 

Error: creating/updating Application Gateway: (Name "website-app-gateway" / Resource Group "website-azure"): network.ApplicationGatewaysClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="InvalidResourceReference" Message="Resource /subscriptions/f073f292-7255-416f-adaf-34b476e050be/resourceGroups/website-azure/providers/Microsoft.Network/applicationGateways/website-app-gateway/frontendIPConfigurations/website-network-feip-public referenced by resource /subscriptions/f073f292-7255-416f-adaf-34b476e050be/resourceGroups/website-azure/providers/Microsoft.Network/applicationGateways/website-app-gateway/httpListeners/website-network-listener-http was not found. Please make sure that the referenced resource exists, and that both resources are in the same region." Details=[]

this is my code, Please let me know if you need more information.

target region : KoreaCentral 

resource "azurerm_resource_group" "rg" {
  provider = azurerm.generic

  location = local.location
  name     = "${local.service_name}-azure"
}

resource "azurerm_virtual_network" "vn" {
  provider = azurerm.generic

  name                = "${local.service_name}-network"
  resource_group_name = azurerm_resource_group.rg.name
  location            = azurerm_resource_group.rg.location
  address_space       = ["10.254.0.0/16"]
}

resource "azurerm_subnet" "front_subnet" {
  provider = azurerm.generic

  name                 = "${local.service_name}-front"
  resource_group_name  = azurerm_resource_group.rg.name
  virtual_network_name = azurerm_virtual_network.vn.name
  address_prefixes     = ["10.254.0.0/24"]
}

resource "azurerm_subnet" "back_subnet" {
  provider = azurerm.generic

  name                 = "${local.service_name}-backend"
  resource_group_name  = azurerm_resource_group.rg.name
  virtual_network_name = azurerm_virtual_network.vn.name
  address_prefixes     = ["10.254.2.0/24"]
}

resource "azurerm_public_ip" "pub_ip" {
  provider = azurerm.generic

  name                = "${local.service_name}-ip"
  resource_group_name = azurerm_resource_group.rg.name
  location            = azurerm_resource_group.rg.location
  allocation_method   = "Static"
}

resource "azurerm_application_gateway" "app_gateway" {
  provider = azurerm.generic

  name                = "${local.service_name}-app-gateway"
  resource_group_name = azurerm_resource_group.rg.name
  location            = azurerm_resource_group.rg.location
  enable_http2        = true

  sku {
    name     = "Standard_Small"
    tier     = "Standard" # v1
    capacity = 2
  }

  gateway_ip_configuration {
    name      = "${local.service_name}-ip-config"
    subnet_id = "${azurerm_virtual_network.vn.id}/subnets/${azurerm_subnet.front_subnet.name}"
  }

  frontend_port {
    name = "${azurerm_virtual_network.vn.name}-port-80"
    port = 80
  }

  frontend_port {
    name = "${azurerm_virtual_network.vn.name}-port-443"
    port = 443
  }

  frontend_ip_configuration {
    name                 = local.frontend_ip_configuration_name
    public_ip_address_id = azurerm_public_ip.pub_ip.id
  }

  backend_address_pool {
    name  = "${azurerm_virtual_network.vn.name}-beap"
    fqdns = [local.host_name]
  }

  backend_http_settings {
    name                  = local.http_setting_name
    cookie_based_affinity = "Disabled"
    port                  = 443
    protocol              = "Https"
    path                  = "/path1/"
    request_timeout       = 60
    host_name             = local.host_name
  }

  http_listener {
    name                           = "${local.listener_name}-http"
    frontend_ip_configuration_name = "${local.frontend_ip_configuration_name}-public"
    frontend_port_name             = "${local.frontend_port_name}-80"
    protocol                       = "Http"
  }

  http_listener {
    name                           = "${local.listener_name}-https"
    frontend_ip_configuration_name = "${local.frontend_ip_configuration_name}-public"
    frontend_port_name             = "${local.frontend_port_name}-443"
    protocol                       = "Https"
  }

  request_routing_rule {
    name                       = "${local.request_routing_rule_name}-https"
    rule_type                  = "Basic"
    http_listener_name         = "${local.listener_name}-https"
    backend_address_pool_name  = local.backend_address_pool_name
    backend_http_settings_name = local.http_setting_name
  }

  redirect_configuration {
    name                 = local.redirect_configuration_name
    redirect_type        = "Permanent"
    include_path         = true
    include_query_string = true
    target_listener_name = "${local.listener_name}-https"
  }

  request_routing_rule {
    name                        = "${local.request_routing_rule_name}-http"
    rule_type                   = "Basic"
    http_listener_name          = "${local.listener_name}-http"
    redirect_configuration_name = local.redirect_configuration_name
  }

  url_path_map {
    name  = "${local.request_routing_rule_name}-urlmap"
    default_backend_address_pool_name = local.backend_address_pool_name
    default_backend_http_settings_name = local.http_setting_name

    path_rule {
      name = "test"
      paths = ["/path1/"]
      backend_address_pool_name = local.backend_address_pool_name
      backend_http_settings_name = local.http_setting_name
    }
  }

  lifecycle {
    ignore_changes = [
      backend_address_pool,
      backend_http_settings,
      frontend_port,
      http_listener,
      request_routing_rule,
      ssl_certificate,
      redirect_configuration
    ]
  }
}
Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
1,213 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. ChaitanyaNaykodi-MSFT 27,476 Reputation points Microsoft Employee Moderator
    2021-11-29T23:43:43.33+00:00

    Hello @Heeyoung Eom (엄희영) , Thank you for reaching out. As per my understanding the error might have occurred as there is no SSL certificate associated to your HTTPS listener. As per the documentation here under http_listener block you need to have a ssl_certificate_name property to associate a SSL certificate with your HTTPS listener. You also need to define a ssl_certificate block which will contain your PFX certificate.

    153494-image.png

    If it helps you can refer to this forum post for more details.

    Hope this helps! Please let me know if there are any additional questions. Thank you!

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.