Abhishek Singh
Reputation: 102
Trying to create Logic App Using ARM Template with exisiting vnet and subnet but getting delegation error
I am trying to create Logic App using ARM Template with existing Vnet and Subnet, but not able to do show, I am getting below error, I am new to ARM templates:
I am also sure whatever, I am doing is the correct way of doing it.
Error : "code":"PrivateEndpointCreationNotAllowedAsSubnetIsDelegated","message":"Private endpoint /subscriptions/f3ffdd01-4400-4ebe-8761-59ecebeba1a2/resourceGroups/logicapp-test-abhishek/providers/Microsoft.Network/privateEndpoints/name cannot be created as subnet /subscriptions/f3ffdd01-4400-4ebe-8761-123abdhuue/resourceGroups/my-rg/providers/Microsoft.Network/virtualNetworks/vnet-dev-eastus-edw/subnets/my-vnet is delegated."}]}
Here is my code :
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"logicAppFEname": {
"type": "String"
},
"appInsightName": {
"type": "String"
},
"privateEndpointName": {
"type": "string"
},
"vnetName": {
"type": "string"
},
"vnetRg": {
"type": "string"
},
"subNetName": {
"type": "string"
},
"use32BitWorkerProcess": {
"type": "Bool"
},
"location": {
"defaultValue": "[resourceGroup().location]",
"type": "String",
"metadata": {
"description": "Location to deploy resources to."
}
},
"hostingPlanFEName": {
"type": "String"
},
"contentStorageAccountName": {
"type": "String"
},
"sku": {
"type": "String"
},
"skuCode": {
"type": "String"
},
"workerSize": {
"type": "String"
},
"workerSizeId": {
"type": "String"
},
"numberOfWorkers": {
"type": "String"
}
},
"variables": {
"fileShareName": "[concat(toLower(parameters('logicAppFEname')), 'b86e')]"
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2021-04-01",
"name": "[parameters('contentStorageAccountName')]",
"location": "[resourceGroup().location]",
"dependsOn": [],
"sku": {
"name": "Standard_LRS",
"tier": "Standard"
},
"kind": "StorageV2",
"properties": {
"mode": "Incremental",
"networkAcls": {
"bypass": "AzureServices",
"defaultAction": "Allow"
},
"supportsHttpsTrafficOnly": true,
"encryption": {
"services": {
"file": {
"keyType": "Account",
"enabled": true
},
"blob": {
"keyType": "Account",
"enabled": true
}
},
"keySource": "Microsoft.Storage"
}
}
},
{
"type": "Microsoft.Storage/storageAccounts/fileServices/shares",
"apiVersion": "2021-04-01",
"name": "[concat(parameters('contentStorageAccountName'), '/default/', variables('fileShareName'))]",
"dependsOn": [
"[parameters('contentStorageAccountName')]"
]
},
{
"type": "Microsoft.Web/sites",
"apiVersion": "2021-03-01",
"name": "[parameters('vnetName')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[resourceId('Microsoft.Web/sites/', parameters('logicAppFEname'))]"
],
"properties": {
"subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets',parameters('vnetName'), parameters('subnetName'))]",
"isSwift": true
}
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2021-03-01",
"name": "[parameters('privateEndpointName')]",
"location": "[parameters('location')]",
"tags": {},
"dependsOn": [
"[resourceId('Microsoft.Web/sites', parameters('logicAppFEname'))]"
],
"properties": {
"subnet": {
"id": "[resourceId(parameters('vnetRg'), 'Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subNetName'))]"
},
"privateLinkServiceConnections": [
{
"name": "[parameters('privateEndpointName')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.Web/sites',parameters('logicAppFEname'))]",
"groupIds": [
"Web/sites"
]
}
}
]
}
},
{
"type": "Microsoft.Insights/components",
"apiVersion": "2020-02-02",
"name": "[parameters('appInsightName')]",
"location": "[resourceGroup().location]",
"kind": "web",
"properties": {
"mode": "Incremental",
"Application_Type": "web"
}
},
{
"type": "Microsoft.Web/sites",
"apiVersion": "2018-11-01",
"name": "[parameters('logicAppFEname')]",
"location": "[resourceGroup().location]",
"dependsOn": [
"[concat('Microsoft.Web/serverfarms/', parameters('hostingPlanFEName'))]"
],
"tags": {},
"kind": "functionapp,workflowapp",
"identity": {
"type": "SystemAssigned"
},
"properties": {
"mode": "Incremental",
"name": "[parameters('logicAppFEname')]",
"siteConfig": {
"appSettings": [
{
"name": "FUNCTIONS_EXTENSION_VERSION",
"value": "~3"
},
{
"name": "FUNCTIONS_WORKER_RUNTIME",
"value": "node"
},
{
"name": "APPINSIGHTS_INSTRUMENTATIONKEY",
"value": "[reference(resourceId('Microsoft.Insights/components', parameters('appInsightName')), '2015-05-01').InstrumentationKey]"
},
{
"name": "APPLICATIONINSIGHTS_CONNECTION_STRING",
"value": "[reference(resourceId('Microsoft.Insights/components', parameters('appInsightName')), '2015-05-01').ConnectionString]"
},
{
"name": "AzureWebJobsStorage",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=',parameters('contentStorageAccountName'),';AccountKey=',listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('contentStorageAccountName')), '2019-06-01').keys[0].value,';EndpointSuffix=','core.windows.net')]"
},
{
"name": "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING",
"value": "[concat('DefaultEndpointsProtocol=https;AccountName=',parameters('contentStorageAccountName'),';AccountKey=',listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('contentStorageAccountName')), '2019-06-01').keys[0].value,';EndpointSuffix=','core.windows.net')]"
},
{
"name": "WEBSITE_CONTENTSHARE",
"value": "[variables('fileShareName')]"
},
{
"name": "APP_KIND",
"value": "workflowApp"
},
{
"name": "WEBSITE_DNS_SERVER",
"value": "168.63.129.16"
},
{
"name": "AzureFunctionsJobHost__extensionBundle__id",
"value": "Microsoft.Azure.Functions.ExtensionBundle.Workflows",
"slotSetting": false
},
{
"name": "AzureFunctionsJobHost__extensionBundle__version",
"value": "[1.*, 2.0.0)",
"slotSetting": false
},
{
"name": "WEBSITE_CONTENTOVERVNET",
"value": "1",
"slotSetting": false
},
{
"name": "WEBSITE_VNET_ROUTE_ALL",
"value": "1"
}
],
"use32BitWorkerProcess": "[parameters('use32BitWorkerProcess')]",
"cors": {
"allowedOrigins": [
"https://afd.hosting.portal.azure.net",
"https://afd.hosting-ms.portal.azure.net",
"https://hosting.portal.azure.net",
"https://ms.hosting.portal.azure.net",
"https://ema-ms.hosting.portal.azure.net",
"https://ema.hosting.portal.azure.net",
"https://ema.hosting.portal.azure.net"
]
}
},
"serverFarmId": "[resourceId('Microsoft.Web/serverfarms/', parameters('hostingPlanFEName'))]",
"clientAffinityEnabled": true
},
"resources": []
},
{
"type": "Microsoft.Web/serverfarms",
"apiVersion": "2018-11-01",
"name": "[parameters('hostingPlanFEName')]",
"location": "[resourceGroup().location]",
"dependsOn": [],
"tags": {},
"sku": {
"Tier": "[parameters('sku')]",
"Name": "[parameters('skuCode')]"
},
"kind": "",
"properties": {
"mode": "Incremental",
"name": "[parameters('hostingPlanFEName')]",
"workerSize": "[parameters('workerSize')]",
"workerSizeId": "[parameters('workerSizeId')]",
"numberOfWorkers": "[parameters('numberOfWorkers')]",
"maximumElasticWorkerCount": "20"
}
}
]
}
Upvotes: 0
Views: 592
Answers (1)
Craig McGregor
Reputation: 51
For AppService the networking is different for inbound and outbound directions.
The template has the outbound set on Vnet subnet, and that subnet will have been delegated to the AppService. (A normal requirement with other AppService SKUs too).
You need to use a different subnet for inbound traffic to your privatelink connection, or look at other options like service endpoint if the sources are in Azure rather on-premises hybrid.
Upvotes: 1
Related Questions
- How to deploy Logic App with o365 Connector within ARM template
- How to create standard type Logic Apps using ARM templates
- Deploy of Arm Template with Logic Apps throws Error : Data sinks can’t be reused in different settings on the same category for the same resource
- Getting Error KeyVaultParameterReferenceAuthorizationFailed, while deploying Logic App using ARM templates(CICD)
- ARM template error 'properties.api' is not valid from parameter file?
- ARM template Office 365 connection for logic apps
- How to deploy new Logic app to existing API management from other resource group using ARM templates
- Access control configuration Logic Apps via ARM templates
- ARM Template deployment - The resource identificator is malformed
- Create LogicApp and API Connections ARM Template using DotNet SDK