Reputation: 303
terraform private endpoint private dns zone not able to populate
i have following code to create private endpoint, and if provided, will be associated with a private dns zone as well, however, the private endpoint is crated ignoring private dns zone value I entered, treat it as Null resource. I'm not sure what went wrong inside the dynamic block
resource "azurerm_private_endpoint" "this" {
name = join("", [lookup(var.service_subresource_map, "name"), "-pvt-endpoint"])
location = var.location
resource_group_name = var.resource_group_name
subnet_id = data.azurerm_subnet.endpoint_subnet.id
tags = var.tags
private_service_connection {
name = join("", [lookup(var.service_subresource_map, "name"), "-pvt-endpoint-conn"])
private_connection_resource_id = lookup(var.service_subresource_map, "resource_id")
subresource_names = [lookup(var.service_subresource_map, "subresource_name")]
is_manual_connection = false
}
dynamic "private_dns_zone_group" {
for_each = var.private_dns_zone_group[*]
content {
name = private_dns_zone_group.value.name
private_dns_zone_ids = private_dns_zone_group.value.private_dns_zone_ids
}
}
the value I provided in private_dns_zone_group is this
private_dns_zone_group = {
name = "private-dns-zone-group"
private_dns_zone_ids = [
"/subscriptions/xxx/resourceGroups/rogertest/providers/Microsoft.Network/privateDnsZones/example.com",
]
}
and variable is as following
variable "private_dns_zone_group" {
type = object({
name = string
private_dns_zone_ids = list(string)
})
default = null
}
everything is deployed without error except for private dns zone association
if I replace dynamic block with simple block like this
private_dns_zone_group {
name = "private-dns-zone-group"
private_dns_zone_ids = [
"/subscriptions/xxx/resourceGroups/rogertest/providers/Microsoft.Network/privateDnsZones/example.com",
]
}
then it works.
Upvotes: 0
Views: 8742
Answers (2)
Reputation: 303
Finally found out the reason.. I put resource "azurerm_private_endpoint" "this" as a module, when I'm calling the module, I forgot to include private_dns_zone_group = var.private_dns_zone_group
so of course, it's always missing the tfvar value.... always something so simple...
Upvotes: 0
Reputation: 11401
Depending on your service , if you want to use Private Endpoint then you will have to properly name as per the naming convention for the Private DNS Zones which can referred from this Microsoft Documentation . For example , If you are creating Private Endpoint for App Service, Storage and SQL , then your Private DNS Group will have Id's of Zones with names :
['privatelink.azurewebsites.net','privatelink.blob.core.windows.net','privatelink.database.windows.net'].
I tested the same for only app service by using your code :
.tfvars
private_dns_zone_group = {
name = "private-dns-zone-group"
private_dns_zone_ids = [
"/subscriptions/xxxxx/resourceGroups/xxxxx/providers/Microsoft.Network/privateDnsZones/privatelink.azurewebsites.net"
]
}
Main.tf
provider "azurerm" {
features{}
}
variable "private_dns_zone_group" {
type = object({
name = string
private_dns_zone_ids = list(string)
})
default = null
}
data "azurerm_subnet" "endpoint_subnet" {
name = "default"
virtual_network_name = "ansuman-vnet"
resource_group_name = "xxxxxx"
}
resource "azurerm_private_endpoint" "this" {
name = "appservice-pvt-endpoint"
location = "west us 2"
resource_group_name = data.azurerm_subnet.endpoint_subnet.resource_group_name
subnet_id = data.azurerm_subnet.endpoint_subnet.id
private_service_connection {
name = "appservice-pvt-endpoint-conn"
private_connection_resource_id = "/subscriptions/xxxxx/resourcegroups/xxxxx/providers/Microsoft.Web/sites/ansumantestapp"
subresource_names = ["sites"]
is_manual_connection = false
}
dynamic "private_dns_zone_group" {
for_each = var.private_dns_zone_group[*]
content {
name = private_dns_zone_group.value.name
private_dns_zone_ids = private_dns_zone_group.value.private_dns_zone_ids
}
}
}
Output:
Note:
Please make sure you have the latest versions of
Azurerm ProviderandTerraform.If you are still getting the error then try removing the default argument from the Private DNS group variable block:
variable "private_dns_zone_group" { type = object({ name = string private_dns_zone_ids = list(string) }) default = null ## remove this argument }
Upvotes: 2
Related Questions
- Registering a private endpoint in Azure private DNS automatically using Terraform
- Azure private endpoints and Terraform
- Terraform - private dns zone in gap
- Creating custom host name binding for app service in terraform fails with Cannot find Certificate with name
- Error message: The current SKU does not support 'private endpoint connection'
- Creating dynamic private dns zone records for private endpoints of Azure Container Registry (ACR)
- Error: "zone": conflicts with availability_set_id - Azure - Terraform
- Terraform-Azure-Unable to create Private IP configuration for application Gateway StandardV2
- How to access private ip in terraform azure local-exec provisioner?
- Terraform cannot create AWS private hosted route53 zone