Develop Reference

Azure Virtual gateway: VirtualNetworkGatewayBgpPeeringAddressCannotBeModified

I want to set up the point-to-site VPN however I am getting the following error while trying to set up the point-to-site configuration.
Terraform version used : azurerm-3.0.2
│ Error: Creating/Updating Virtual Network Gateway: (Name "vpng-connectivity-shared-centralus-001" / Resource Group "rg-connectivity-shared-centralus-001"): network.VirtualNetworkGatewaysClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="VirtualNetworkGatewayBgpPeeringAddressCannotBeModified" Message="The BgpPeeringAddress for the virtual network gateway /subscriptions/xxxx/resourceGroups/rg-connectivity-shared-centralus-001/providers/Microsoft.Network/virtualNetworkGateways/vpng-connectivity-shared-centralus-001 cannot be modified" Details=[]
│
│ with module.create_connectivity_hub_subscription.azurerm_virtual_network_gateway.connectivity-hub-vnet-gateway,
│ on ../../Azure_Terraform_Modules/connectivity_subscription/connectivity_subscription.tf line 558, in resource "azurerm_virtual_network_gateway" "connectivity-hub-vnet-gateway":
│ 558: resource "azurerm_virtual_network_gateway" "connectivity-hub-vnet-gateway" {
│
╵
##[error]Bash exited with code '1'.
Below is the code used
resource "azurerm_virtual_network_gateway" "connectivity-hub-vnet-gateway" {
name = "vpng-${var.subscription_type}-shared-${var.location}-001"
location = var.location
resource_group_name = module.create_rg.rg_name
type = "Vpn"
vpn_type = "RouteBased"
active_active = false
enable_bgp = false
sku = "VpnGw1"
ip_configuration {
name = "vnetGatewayConfig"
public_ip_address_id = azurerm_public_ip.connectivity-hub-vpn-gateway1-pip.id
private_ip_address_allocation = "Dynamic"
subnet_id = module.create_gateway_subnet.subnet_id
}
vpn_client_configuration {
address_space = ["172.16.0.0/16"]
root_certificate {
name = "ROOTCERT"
public_cert_data = <<EOF
MIIC3zCCAcegAwIBAgIQJdWvUysG/oxPlBZu2cCi1DANBgkqhkiG9w0BAQsFADAS
EOF
}
}
depends_on = [azurerm_public_ip.connectivity-hub-vpn-gateway1-pip, module.create_gateway_subnet]
tags = var.tags
}

To achieve the desired outcome, I ran the terraform script below with a few modifications and with the "Azurem" version set to 3.29.1 or you can use latest one(3.37.0); it worked for me without any error.
When I tried it in my environment, I had the same issue. I included three IP configurations because the minimum criteria for creating a gateway is "3" & "2" client configuration peering addresses.
vi main.tf:
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "3.29.1"
}
}
}
provider "azurerm" {
features{}
}
resource "azurerm_resource_group" "xxx" {
name = "testfirst"
location = "West Europe"
}
resource "azurerm_virtual_network" "vnet" {
name = "<xxxvnet>"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
address_space = ["10.10.0.0/16"]
}
resource "azurerm_subnet" "xxxGatewaySubnet>" {
name = "xxxGatewaySubnet>"
resource_group_name = azurerm_resource_group.rg.name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefixes = ["10.10.1.0/24"]
}
resource "azurerm_public_ip" "xxip1" {
name = "xxip1"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
sku = "Standard"
allocation_method = "Static"
}
resource "azurerm_public_ip" "xxip2" {
name = "xxip2"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
sku = "Standard"
allocation_method = "Static"
}
resource "azurerm_public_ip" "xxip3" {
name = "xxip3"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
sku = "Standard"
allocation_method = "Static"
}
resource "azurerm_virtual_network_gateway" "xxxGateWay" {
name = "xxxGateWay"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
sku = "VpnGateway1"
type = "Vpn"
active_active = true
enable_bgp = true
ip_configuration {
name = "xxxvnetGatewayConfig1"
public_ip_address_id = azurerm_public_ip.gwip1.id
private_ip_address_allocation = "Dynamic"
subnet_id = azurerm_subnet.gwsubnet.id
}
ip_configuration {
name = "xxxxvnetGatewayConfig2"
public_ip_address_id = azurerm_public_ip.gwip2.id
private_ip_address_allocation = "Dynamic"
subnet_id = azurerm_subnet.gwsubnet.id
}
ip_configuration {
name = "xxxvnetGatewayConfig3"
public_ip_address_id = azurerm_public_ip.gwip3.id
private_ip_address_allocation = "Dynamic"
subnet_id = azurerm_subnet.gwsubnet.id
}
vpn_client_configuration {
address_space = ["172.16.0.0/16"]
root_certificate {
name = "ROOTCERT"
public_cert_data = <<EOF
MIIC6zCCAdOgAwIBAgIQdGSy/6KEorFGCYqMgGcJ0TANBgkqhkiG9w0BAQsFADAY
xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
LMd5oRRrWWIPI2kj6iOk8FGMNUaJ0q4PgEw0Z9kACoklUt6Wj6JaEU4GrfXQ6Ety
HdgWObzfF3I7azJlOM8Go4PE97LXMPRXJep6oOmQVQ==
EOF
}
}
bgp_settings {
asn = 65515
peering_addresses {
ip_configuration_name = "xxxvnetGatewayConfig1"
apipa_addresses = ["169.254.21.2", "169.254.22.2"]
}
peering_addresses {
ip_configuration_name = "xxxxvnetGatewayConfig2"
apipa_addresses = ["169.254.21.6", "169.254.22.6"]
}
}
tags = {
test = "testpurpose"
}
}
terraform init:
terraform plan:
terraform apply:
Point-to-site configuration in Portal after deployment:
Reference: terraform

Use Multiple version of azurerm in terrafom code

I Have a terraform code which use module inside a module.
main.tf
module "FunctionApp" {
source = "../modules/FunctionApp"
location = var.location
resourceGroupName = module.rg.name
}
module FunctionApp - main.tf
resource "azurerm_resource_group" "example" {
name = "azure-functions-test-rg"
location = "westus2"
}
resource "azurerm_storage_account" "example" {
name = "functionsappsacostco"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
account_tier = "Standard"
account_replication_type = "LRS"
min_tls_version = "TLS1_2"
}
resource "azurerm_app_service_plan" "example" {
name = "azure-functions-test-service-plan"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
kind = "windows"
sku {
tier = "PremiumV2"
size = "P1v2"
}
}
resource "azurerm_function_app" "example" {
name = "test-azure-functions-csco"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
storage_account_name = azurerm_storage_account.example.name
storage_account_access_key = azurerm_storage_account.example.primary_access_key
version = "~4"
}
module "fz_slot" {
source = "./fz-slot"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
function_app_name = azurerm_function_app.example.name
storage_account_name = azurerm_storage_account.example.name
storage_account_access_key = azurerm_storage_account.example.primary_access_key
}
module fz-slot - main.tf
resource "azurerm_function_app_slot" "example" {
provider = azurerm.old
name = "staging"
location = var.location
resource_group_name = var.resource_group_name
app_service_plan_id = var.app_service_plan_id
function_app_name = var.function_app_name
storage_account_name = var.storage_account_name
storage_account_access_key = var.storage_account_access_key
version = "~4"
}
I want to use the latest azurerm version in all the resources other than fz-slot module. In fz-slot module i want to use azurerm 2.67.0 version.
How can I achive this ?

You cannot do it.
You must create two terraform configurations, one for each version provider.

terraform code issues creating webapp runtime stack

i am trying to create a windows webapp stack using terraform but it creates windows container service plan here is my code
can anyone please help
**code**
provider "azurerm" {
version = "= 2.69.0"
features {}
}
resource "azurerm_resource_group" "example" {
name = "functoss11"
location = "East Asia"
}
resource "azurerm_app_service_plan" "example" {
name = "ASP-ush-9388"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
sku {
tier = "basic"
size = "B1"
}
}
resource "azurerm_app_service" "example" {
name = "newddshaikh"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
site_config {
dotnet_framework_version = "v5.0"
}
}

Azure Function app source control with terraform

I would like to deploy a Function App that has source control from github with terraform. I use the resource azurerm_function_app that has an argument source_control but I am facing this issue :
Error: Unsupported argument
on main.tf line 137, in resource "azurerm_function_app" "example":
137: source_control = {
An argument named "source_control" is not expected here. Did you mean to
define a block of type "source_control"?
I am using that code :
provider "azurerm" {
version = "~> 2.54"
features {}
}
resource "azurerm_app_service_plan" "example" {
name = "example"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
kind = "FunctionApp"
sku {
tier = "Standard"
size = "S1"
}
}
resource "azurerm_function_app" "example" {
name = "example_func"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
app_service_plan_id = azurerm_app_service_plan.example.id
storage_account_name = azurerm_storage_account.example.name
storage_account_access_key = azurerm_storage_account.example.primary_access_key
source_control = {
repo_url = "https://github.com/myrepo"
branch = "master"
}
}

Accordingly to the documentation, source_control is a block which means is defined without the = sign:
source_control {
}
Instead of:
source_control = {
}
With the = sign is an argument, not a block.

How to set Minimum Tls version

How can we set minimum tls version as 1.2 and Network connectivity to Public Endpoint (Selected network) while creating storage account through Terraform ?

Here is an example of Usage with Network Rules for azurerm_storage_account. To set minimum tls version as 1.2, you can use block min_tls_version. By default, the block network_rules is used for a public endpoint to a storage account. You can select to allow or deny some networks.
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_virtual_network" "example" {
name = "virtnetname"
address_space = ["10.0.0.0/16"]
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
}
resource "azurerm_subnet" "example" {
name = "subnetname"
resource_group_name = azurerm_resource_group.example.name
virtual_network_name = azurerm_virtual_network.example.name
address_prefix = "10.0.2.0/24"
service_endpoints = ["Microsoft.Sql", "Microsoft.Storage"]
}
resource "azurerm_storage_account" "example" {
name = "storageaccountname123"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
account_tier = "Standard"
account_replication_type = "LRS"
min_tls_version = "TLS1_2"
network_rules {
default_action = "Deny"
ip_rules = ["100.0.0.1"]
virtual_network_subnet_ids = [azurerm_subnet.example.id]
}
tags = {
environment = "staging"
}
}
Result
Version
You could check the terraform version or you can upgrade to latest terraform via https://www.terraform.io/downloads.html
Provider
provider "azurerm" {
subscription_id = var.subscription_id
client_id = var.client_id
client_secret = var.client_secret
tenant_id = var.tenant_id
features {}
}