I have a simple module for an eventhub configuration.
resource "azurerm_eventhub_namespace" "my-namespace" {
name = var.velocity_eventhub_namespace_name
location = var.location
resource_group_name = var.rg_name
sku = var.eventhub-sku
capacity = var.capacity
}
If var.eventhub-sku is set to "Dedicated" so that I may provision more than 10 Eventhubs in the namespace, I get
Error: expected sku to be one of [Basic Standard], got Dedicated
Is there anyway around this? Do I have to do some part of the configuration manually?
Thanks for reading
'Dedicated' is not a valid SKU for EH namespaces. Allowed namespace SKUs are Basic, and Standard. Dedicated is a cluster offering from Event Hubs. Please see more at https://learn.microsoft.com/en-us/azure/event-hubs/event-hubs-dedicated-overview
Related
When creating an App Service Plan on my new-ish (4 day old) subscription using Terraform, I immediately get a throttling error
App Service Plan Create operation is throttled for subscription <subscription>. Please contact support if issue persists
The thing is, when I then go to the UI and create an identical service plan, I receive no errors and it creates without issue, so it's clear that there is actually no throttling issue for creating the app service plan since I can make it.
I'm wondering if anyone knows why this is occurring?
NOTE
I've gotten around this issue by just creating the resource in the UI and then importing it into my TF state... but since the main point of IaC is automation, I'd like to ensure that this unusual behavior does not persist when I go to create new environments.
EDIT
My code is as follows
resource "azurerm_resource_group" "frontend_rg" {
name = "${var.env}-${var.abbr}-frontend"
location = var.location
}
resource "azurerm_service_plan" "frontend_sp" {
name = "${var.env}-${var.abbr}-sp"
resource_group_name = azurerm_resource_group.frontend_rg.name
location = azurerm_resource_group.frontend_rg.location
os_type = "Linux"
sku_name = "B1"
}
EDIT 2
terraform {
backend "azurerm" {}
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "3.15.0"
}
}
}
What is the way we can disable public network access using Terrform for Azure Event Hub
I selected options public_network_access_enabled as false and public_network_access as false under network_rulesset block and following error
"public_network_access_enabled" is not expected here.
I am not sure what I am missing here...any support would be great help here.
As you say the attribute public_network_access_enabled does not exist in the module azurerm_eventhub
The attribute public_network_access_enabled it is part of the module azurerm_eventhub_namespace
public_network_access_enabled - (Optional) Is public network access enabled for the EventHub Namespace? Defaults to true.
Source: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/eventhub_namespace#public_network_access_enabled
For example:
resource "azurerm_eventhub_namespace" "example" {
name = "example-namespace"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
SKU = "Standard"
capacity = 2
public_network_access_enabled = false # Default is true
tags = {
environment = "Production"
}
}
Better if you can provide more details about how you have configured the access to your Azure Event Hub Namespace. Because, if you have disabled the public access, you need to enable access via private endpoints. In that case, you need to correctly use public_network_access_enabled property in both namespace level and network_rulesets level.
If you are using hashicorp as the provider, check the latest documentations for this in https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/eventhub_namespace#network_rulesets
Note:
I'm having a bit of problem parsing the differences between Azure's name for things and Terraform's name for things, but overall I'm making a good go of it. I am having some specific problems, though. My situation is that someone built the APIM using the Azure portal, and the company now wants to "make it scalable" by using Terraform to build it out. I've got a pretty good riff going - define, plan, import, plan, modify - but there are some parts of Azure APIM that can't map (mentally) to Terraform commands. My first one is this screen right here (the definitions tab of an API in APIM:)
Since I'm still fresh in terms of rep on Stack, I can't actually show the image. But in the portal at the bottom of the API there is a tab called "definitions". I haven't been able to see a) how to "get" them using Azure Powershell, and b) I how to "set" them with Terraform.
Would someone more knowledgeable about AzureRM and Terraform be able to steer me in the right direction please?
One of the workaround you can follow to deploy an API management instance with api's.
We have tried to create APIM instance with API,
Here is the sample terraform code that we used you can use it by adding resource name according to your requirement.
example.tf:-
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_api_management" "example" {
name = "example-apimajmt"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
publisher_name = "My Company"
publisher_email = "company#terraform.io"
sku_name = "Developer_1"
}
resource "azurerm_api_management_api" "example" {
name = "example-apiajmt"
resource_group_name = azurerm_resource_group.example.name
api_management_name = azurerm_api_management.example.name
revision = "1"
display_name = "ajtest API"
path = "example"
protocols = ["https"]
import {
content_format = "swagger-link-json"
content_value = "http://conferenceapi.azurewebsites.net/?format=json"
}
}
After creation we can use it for adding tags
/* resource "azurerm_api_management_api_tag" "example" {
api_id = azurerm_api_management_api.example.id
name = "example-tagajmt"
}*/
Once the terraform apply is done then you will able to get the APIM instance along with the API and their tags after sometimes.
NOTE:- Creation of APIM will take upto 45 minutes.
OUTPUT SCREENSHOT FOR REFERENCE:-
For more information with configuration in APIM management by terraform please refer to this HashiCorp| Terraform Registry azurerm_api_management & this Similar SO THREAD|Tag an API in Azure API Management with Terraform.
New to Terraform and as the question states I want to add additional APIs to an existing API Manager instance. Below is the example Terraform and this works fine. But I want to add a second api. Is it absolutely required that I put it inline in this Terraform script? The reason I ask is, If my team develops "example api" and a second team develops "awesomeexample api" can they have the Terraform code they need just for the api resource in their repository? Do I need to get the name of the API Manager through Powershell or GraphAPI? Edit: Right now when I add an additional api resource it destroys the first. I am guessing this is because of Terraform state...but that is not the behavior I want. I just want to keep adding apis or altering them independently of the api manager.
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_api_management" "example" {
name = "example-apim"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
publisher_name = "My Company"
publisher_email = "company#terraform.io"
sku_name = "Developer_1"
}
resource "azurerm_api_management_api" "example" {
name = "example-api"
resource_group_name = azurerm_resource_group.example.name
api_management_name = azurerm_api_management.example.name
revision = "1"
display_name = "Example API"
path = "example"
protocols = ["https"]
import {
content_format = "swagger-link-json"
content_value = "http://conferenceapi.azurewebsites.net/?format=json"
}
}
Me, I've been putting each API in it's own tf file.
Like for your example api, I'd create a api-example.tf file, cut/paste the azurerm_api_management_api block into it.
terraform init/plan/apply should still just work.
To add a new API into this API Mgmt instance, just copy api-example.tf to api-newapi.tf, edit as appropriate (name/displayname/path/import, and poof, new api.
I don't like using the same instance name for multiple different resources. here you used example three times, an RG, APIM, and APIM_API. it gets confusing and may break the minute you add a new API also referenced as 'example'. I use thisrg, ex-apim, and example-api (since your original API is called example). Your awsomeexample api I'd call awesome-api or something like that to differentiate example-api vs awesomeexample-api
Just ran into a similar thing that led me here.
One of our developers had added his resource by modifying our terraform files, planned it and applied it. By doing that he modified the remote state, but he never commited his changes. Thus when we were going to apply the terraform files from master, the locally planned state did not match what was in the remote.
In your case though, it is hard to tell. If you define two APIs in the same file that collide (e.g. 2x resource "azurerm_api_management_api" "example") that might cause you issues.
Recently i figured out that my AKS cluster holds a subnet which is too small. Therefor im trying to add a second subnet and nodepool which is possible with the Azure CNI nowadays and then create a single proper subnet instead and migrate it back.
During terraform plan all goes well with a valid response however while applying it throws an error.
Error: Error Creating/Updating Subnet "me-test-k8s-subnet2" (Virtual Network "me-test-k8s-vnet" / Resource Group "me-test-k8s-rg"): network.SubnetsClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="NetcfgInvalidSubnet" Message="Subnet 'me-test-k8s-subnet2' is not valid in virtual network 'me-test-k8s-vnet'." Details=[]
on main.tf line 28, in resource "azurerm_subnet" "subnet2":
28: resource "azurerm_subnet" "subnet2" {
My original cluster is created with this configuration of Terraform:
name = "${var.cluster_name}-rg"
location = "${var.location}"
}
resource "azurerm_virtual_network" "network" {
name = "${var.cluster_name}-vnet"
location = "${azurerm_resource_group.rg.location}"
resource_group_name = "${azurerm_resource_group.rg.name}"
address_space = ["10.1.0.0/16"]
}
resource "azurerm_subnet" "subnet" {
name = "${var.cluster_name}-subnet"
resource_group_name = "${azurerm_resource_group.rg.name}"
address_prefixes = ["10.1.0.0/24"]
virtual_network_name = "${azurerm_virtual_network.network.name}"
}
To make things more easy i decided to first add the subnet to the network without the nodepool. This will bring me to this terraform plan:
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# azurerm_subnet.subnet2 will be created
+ resource "azurerm_subnet" "subnet2" {
+ address_prefix = (known after apply)
+ address_prefixes = [
+ "10.2.0.0/22",
]
+ enforce_private_link_endpoint_network_policies = false
+ enforce_private_link_service_network_policies = false
+ id = (known after apply)
+ name = "me-test-k8s-subnet2"
+ resource_group_name = "me-test-k8s-rg"
+ virtual_network_name = "me-test-k8s-vnet"
}
Hope that someone can explain me why this error occurs.
Best,
Pim
When creating a subnet in a virtual network, it is mandatory to check if it is not jumping out of the network range.
You are just out of the range with your network mask: 10.1.0.0/16
First host: 10.1.0.1
Last host: 10.1.255.254
And you are trying to create subnet 10.2.0.0/22.
For not overlapping with subnets that are already created, 10.1.4.0/22, can be accepted, for instance.
As mentioned in my comment and in someone's answer, Azure is throwing this error because you are trying to add a 10.2.0.0/22 subnet to a 10.1.0.0/16 network. ie- 10.2.0.0/22 is not part of that network.
I also want to point out that when you run a plan that is not submitting the actual API calls to Azure to make the changes, which is why things looked fine to you when you ran your plan, but Azure complained when you tried to apply it. I think the explanation is good in this tutorial. The excerpts that are applicable are:
Once you are happy with your declared configuration, you can ask
Terraform to generate an execution plan for it. The plan command in
the CLI is used to generate an execution plan from a configuration.
The execution plan tells you what changes Terraform would need to make
to bring your current infrastructure to the declared state in your
configuration.
If you accept the plan you can instruct Terraform to apply changes. Terraform will make the API calls required to implement the changes. If anything goes wrong terraform will not attempt to automatically rollback the infrastructure to the state it was in before running apply. This is because apply adheres to the plan
You might also run to a similar error if you try to deploy another vnet into a subscription where there already is a vnet with the same address space.