Terraform code for deploying logic app workflow with private end point connection

Question

I have below Terraform code. I need to identify which value to be given for a specific subresource_names in private end point connection for logic app workflow. I am new to Terraform.

locals {
  app_service_name = "appserviceswathi"
  sku_sizes = {
    small   = "WS1"
    medium  = "WS2"
    premium = "WS3"
  }
}
data "azurerm_resource_group" "rg1" {
  name = var.resource_group_name
}
data "azurerm_resource_group" "rg2" {
  name = var.vnet_rg
}

data "azurerm_subnet" "integration_subnet_name" {
  name                 = var.subnet_name
  resource_group_name  = data.azurerm_resource_group.rg2.name
  virtual_network_name = var.vnet_name
}

data "azurerm_subnet" "private_endpoint_subnet_name" {
  name                 = var.app_service_private_endpoint_subnet_name
  resource_group_name  = data.azurerm_resource_group.rg2.name
  virtual_network_name = var.vnet_name
}

data "azurerm_storage_account" "storage_account" {
   name                = var.storage_account_name
  resource_group_name = data.azurerm_resource_group.rg1.name
}
resource "azurerm_app_service_plan" "service_plan" {
  count               = var.app_service_plan_name == "" ? 1 : 0
  name                = "${local.app_service_name}asp"
  location            = var.location
  resource_group_name = data.azurerm_resource_group.rg1.name
  kind                = "elastic"
  sku {
    tier = "WorkflowStandard"
    size = local.sku_sizes[var.size]
  }
}
module "storage_account" {
  source = "./dfs_storage"
  count  = var.storage_account_name == "" ? 1 : 0
  key_vault_is_required        = false
  lock_resource                = false
  fileshare_is_required        = true
  queue_is_required            = true
  table_is_required            = true
  dfs_subnet                   = var.subnet_name
  hns                          = false
  network_rules_default_action = "Deny"

 }
 

resource "azurerm_storage_share" "logicApp" {
  name                 = "${local.app_service_name}-content"
  storage_account_name = var.storage_account_name

  quota = 1024

  depends_on = [
       data.azurerm_storage_account.storage_account
  ]
}

resource "azurerm_logic_app_workflow" "logic_app" {
  name                = local.app_service_name
  location            = var.location
  resource_group_name = data.azurerm_resource_group.rg1.name
  identity {
    type = "SystemAssigned"
  }
}

resource "azurerm_private_endpoint" "endpoint" {
  name                = "${local.app_service_name}pe"
  location            = var.location
  resource_group_name = var.resource_group_name
  subnet_id           = data.azurerm_subnet.private_endpoint_subnet_name.id
  tags                = {}
  private_service_connection {
    name                           = "${local.app_service_name}psc"
    is_manual_connection           = false
    private_connection_resource_id = azurerm_logic_app_workflow.logic_app.id
    subresource_names              = ["workflow"]
  }
   lifecycle {
    ignore_changes = [
      network_interface,
      subnet_id,
      
    ]
  }
}

Error:

Error: creating Private Endpoint (Subscription: "" │ Resource Group Name: "" │ Private Endpoint Name: ""): performing CreateOrUpdate: unexpected status 400 with error: InvalidPrivateLinkServiceIdType: Private link service Id /subscriptions//resourceGroups//providers/Microsoft.Logic/workflows/ has an invalid resource type. Permitted type(s): Microsoft.DocumentDB/databaseAccounts, Microsoft.Sql/servers, Microsoft.Network/privateLinkServices, Microsoft.Web/sites, Microsoft.Web/hostingEnvironments, Microsoft.Storage/storageAccounts, Microsoft.DBforPostgreSQL/servers, Microsoft.DBforMySQL/servers, Microsoft.DBforMariaDB/servers, Microsoft.KeyVault/vaults, Microsoft.Synapse/workspaces, Microsoft.AppConfiguration/configurationStores, Microsoft.Search/searchServices, Microsoft.ContainerService/managedClusters, Microsoft.Attestation/attestationProviders, Microsoft.Devices/IotHubs, Microsoft.Cache/Redis, Microsoft.SignalRService/SignalR, Microsoft.MachineLearningServices/workspaces, Microsoft.Batch/batchAccounts, Microsoft.ContainerRegistry/registries, Microsoft.RecoveryServices/vaults, Microsoft.EventGrid/topics, Microsoft.EventGrid/domains, Microsoft.EventHub/namespaces, Microsoft.ServiceBus/namespaces, Microsoft.Relay/namespaces, Microsoft.StorageSync/storageSyncServices, Microsoft.HealthcareApis/services, Microsoft.Automation/automationAccounts, Microsoft.Insights/privateLinkScopes, Microsoft.CognitiveServices/accounts, Microsoft.Compute/diskAccesses, Microsoft.Network/applicationgateways, Microsoft.Media/mediaservices, Microsoft.Databricks/workspaces, Microsoft.Sql/managedInstances, Microsoft.Migrate/assessmentProjects, Microsoft.Migrate/migrateProjects, Microsoft.DataFactory/factories, Microsoft.Authorization/resourceManagementPrivateLinks, Microsoft.Devices/ProvisioningServices, Microsoft.Synapse/privateLinkHubs, Microsoft.PowerBI/privateLinkServicesForPowerBI, Microsoft.Cache/redisEnterprise, Microsoft.HybridCompute/privateLinkScopes, Microsoft.OffAzure/mastersites, Microsoft.TimeSeriesInsights/environments, Microsoft.DigitalTwins/digitalTwinsInstances, Microsoft.Keyvault/managedHSMs, Microsoft.Kusto/clusters, Microsoft.Purview/accounts, Microsoft.Web/staticSites, Microsoft.SignalRService/webPubSub, Microsoft.DeviceUpdate/accounts, Microsoft.DBforPostgreSQL/serverGroupsv2, Microsoft.HealthcareApis/workspaces, Microsoft.ApiManagement/service, Microsoft.HDInsight/clusters, Microsoft.DesktopVirtualization/hostpools, Microsoft.DesktopVirtualization/workspaces, Microsoft.Media/videoanalyzers, Microsoft.IoTCentral/IoTApps, Microsoft.EventGrid/partnerNamespaces, Microsoft.BotService/botServices, Microsoft.AgFoodPlatform/farmBeats, Microsoft.OpenEnergyPlatform/energyServices, Microsoft.Dashboard/grafana, Microsoft.DBforMySQL/flexibleServers, Microsoft.MachineLearningServices/registries, Microsoft.DBforPostgreSQL/flexibleServers, Microsoft.HardwareSecurityModules/cloudHsmClusters, Microsoft.Monitor/accounts, Microsoft.EventGrid/namespaces, Microsoft.ElasticSan/elasticSans.

Answer 1

This is resolved. The error you're encountering suggests that the provided private_connection_resource_id for your Logic App workflow is not of a valid resource type for a private link service. The permitted resource types for private link services do not include Logic App workflows according to the error message.

In your case, you've specified the subresource name as "workflow" in the subresource_names parameter, but it seems that Logic App workflows are not supported as private link services.