Azure Application Gateway WAF_V2 failing ARM deployment - azure

Getting error while deploying App gateway waf_v2 with more then one listener. For single listner it is working fine.
Error :
{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"BadRequest","message":"{\r\n "error": {\r\n "code": "ApplicationGatewayHttpListenersUsingSameFrontendPortAndFrontendIpConfig",\r\n "message": "Two Http Listeners of Application Gateway journal-listner and attachmentmgmt-listner are using the same Frontend Port /subscriptions/77585cb5-cc1b-47a6-b60d-4c1ec4b078fc/resourceGroups/drgr001appgatewaydevtest-au/providers/Microsoft.Network/applicationGateways/bo-appgw-waf-v2-entdev1/frontendPorts/frontendPorts and FrontendIpConfiguration /subscriptions/77585cb5-cc1b-47a6-b60d-4c1ec4b078fc/resourceGroups/drgr001appgatewaydevtest-au/providers/Microsoft.Network/applicationGateways/bo-appgw-waf-v2-entdev1/frontendIPConfigurations/PrivateFrontendIp.",\r\n "details": []\r\n }\r\n}"}]}
template code :
// Application Gateway
{
"name": "[parameters('applicationGatewayName')]",
"type": "Microsoft.Network/applicationGateways",
"apiVersion": "2020-03-01",
"location": "[parameters('location')]",
"zones": "[parameters('availabilityZones')]",
"properties": {
"sku": {
"name": "WAF_v2",
"tier": "WAF_v2",
"capacity": "[parameters('capacity')]"
},
"sslCertificates": [
{
"name": "[parameters('certName')]",
"properties": {
"data": "[parameters('certData')]",
"password": "[parameters('certPassword')]"
}
}
],
"gatewayIPConfigurations": [
{
"name": "gatewayIp",
"properties": {
"subnet": {
"id": "[variables('subnetRef')]"
}
}
}
],
"trustedRootCertificates": "[parameters('trustedRootCertificates')]",
"frontendIPConfigurations": [
{
"name": "PublicFrontendIp",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "[parameters('publicIpResourceId')]"
}
}
},
{
"name": "PrivateFrontendIp",
"properties": {
"privateIPAddress": "[parameters('privateIPAddress')]",
"privateIPAllocationMethod": "Static",
"subnet": {
"id": "[variables('subnetRef')]"
}
}
}
],
"frontendPorts": [
{
"name": "frontendPorts",
"properties": {
"Port": 443
}
}
],
"backendAddressPools": "[parameters('backendAddressPools')]",
"probes": "[parameters('probes')]",
"copy": [
{
"name": "backendHttpSettingsCollection",
"count": "[length(parameters('backendHttpSettings'))]",
"input": {
"name": "[parameters('backendHttpSettings')[copyIndex('backendHttpSettingsCollection')].name]",
"properties": {
"port": 443,
"pickHostNameFromBackendAddress": true,
"protocol": "Https",
"probeEnabled": "[parameters('backendHttpSettings')[copyIndex('backendHttpSettingsCollection')].probeEnabled]",
"probe": {
"id": "[resourceId('Microsoft.Network/applicationGateways/probes', parameters('applicationGatewayName'), parameters('backendHttpSettings')[copyIndex('backendHttpSettingsCollection')].probe)]"
}
}
}
},
{
"name": "httpListeners",
"count": "[length(parameters('httpListeners'))]",
"input": {
"name": "[parameters('httpListeners')[copyIndex('httpListeners')].name]",
"properties": {
"protocol": "Https",
// Set hostname if it exists
"hostName": "[if(contains(parameters('httpListeners')[copyIndex('httpListeners')], 'hostName'), parameters('httpListeners')[copyIndex('httpListeners')].hostName, '')]",
"sslCertificate": {
"id": "[concat(variables('applicationGatewayId'), '/sslCertificates/',parameters('httpListeners')[copyIndex('httpListeners')].sslCertificateName)]"
},
"frontendIPConfiguration": {
"id": "[concat(variables('applicationGatewayId'), '/frontendIPConfigurations/PrivateFrontendIp')]"
},
"frontendPort": {
"id": "[concat(variables('applicationGatewayId'), '/frontendPorts/frontendPorts')]"
}
}
}
},
{
"name": "requestRoutingRules",
"count": "[length(parameters('requestRoutingRules'))]",
"input": {
"name": "[parameters('requestRoutingRules')[copyIndex('requestRoutingRules')].name]",
"properties": {
"ruleType": "Basic",
"backendAddressPool": {
"id": "[concat(variables('applicationGatewayId'), '/backendAddressPools/',parameters('requestRoutingRules')[copyIndex('requestRoutingRules')].backendpoolName)]"
},
"backendHttpSettings": {
"id": "[concat(variables('applicationGatewayId'), '/backendHttpSettingsCollection/',parameters('requestRoutingRules')[copyIndex('requestRoutingRules')].backendHttpSetting)]"
},
"httpListener": {
"id": "[concat(variables('applicationGatewayId'), '/httpListeners/',parameters('requestRoutingRules')[copyIndex('requestRoutingRules')].httpListener)]"
}
}
}
}
],
"redirectConfigurations": "[parameters('redirectConfigurations')]",
"enableHttp2": "[parameters('enableHttp2')]",
"webApplicationFirewallConfiguration": "[variables('webApplicationFirewallConfiguration')]",
"urlPathMaps": "[parameters('urlPathMaps')]",
"authenticationCertificates": "[parameters('authenticationCertificates')]",
"sslPolicy": {
"policyType": "Predefined",
"policyName": "AppGwSslPolicy20170401S"
},
"rewriteRuleSets": "[parameters('rewriteRuleSets')]"
}
}
Parameter used :
"backendHttpSettings": {
"value": [
{
"name": "https-attachment",
"probeEnabled": true,
"probe": "attachment-probe"
},
{
"name": "https-journal",
"probeEnabled": true,
"probe": "journal-probe"
}
]
},
"backendAddressPools": {
"value": [
{
"name": "AttachmentServicePool",
"properties": {
"backendAddresses": [
{
"fqdn": "attachmentmgmt-svc-api-dev-euw.aseentdev.sys.dom"
}
]
}
},
{
"name": "journalServicePool",
"properties": {
"backendAddresses": [
{
"fqdn": "journalmgmt-svc-api-dev-euw.aseentdev.sys.dom"
}
]
}
}
]
},
"availabilityZones": {
"value": [
1,
2
]
},
"probes": {
"value": [
{
"name": "attachment-probe",
"properties": {
"protocol": "Https",
"PickHostNameFromBackendHttpSettings": true,
"path": "/index.htm",
"interval": 5,
"timeout": 10,
"match": {
"statusCodes": [
200
],
"body": "SUCCESS"
}
}
},
{
"name": "journal-probe",
"properties": {
"protocol": "Https",
"PickHostNameFromBackendHttpSettings": true,
"path": "/index.htm",
"interval": 5,
"timeout": 10,
"match": {
"statusCodes": [
200
],
"body": "SUCCESS"
}
}
}
]
},
"httpListeners": {
"value": [
{
"name": "attachmentmgmt-listner",
"sslCertificateName": "abc"
},
{
"name": "journal-listner",
"sslCertificateName": "abc"
}
]
},
"urlPathMaps": {
"value": []
},
"requestRoutingRules": {
"value": [
{
"name": "attachment-routing-rule",
"backendpoolName": "AttachmentServicePool",
"backendHttpSetting": "https-attachment",
"httpListener": "attachmentmgmt-listner"
},
{
"name": "journal-routing-rule",
"backendpoolName": "journalServicePool",
"backendHttpSetting": "https-journal",
"httpListener": "journal-listner"
}
]
},


You can't create two basic listeners on the same port. Either use different ports or two different hostnames with Multi site listener.


change in parameter file with passing host name for httplistner worked fine.
"httpListeners": {
"value": [
{
"name": "listner1",
"sslCertificateName": "ABC",
"hostName": "wb.abc.dom"
},
{
"name": "listner2",
"sslCertificateName": "ABC",
"hostName": "wb1.abc.dom"
}
]
}

Related

Application Gateway integration with Azure Key Vault issue

Hopefully someone can help there.
I am trying to integrate Azure Application Gateway with Key Vault using ARM template and getting an issue:
SecretIdSpecifiedIsInvalid: SecretId '==' specified in '/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/rg-ProjectX-dev-infra/providers/Microsoft.Network/applicationGateways/appgw-ProjectX-dev/sslCertificates/appGwSslCert' is invalid. []
User assigned managed identity of Application Gateway has proper permissions ('Get' and 'List' under secrets and certificates) in Azure Key Vault.
Certificate is self-signed and generated in Azure Key Vault. It works as expected if I add certificate using Azure portal but it fails to add using ARM template.
The following guides were used during deployment:
TLS termination with Key Vault certificates and Pass sensitive values
Parameters.json file:
"app-gateway-httpsvaultCert": {
"reference": {
"keyVault": {
"id": "/subscriptions/xxxx-xxxx-xxxx-xxxx-xxxx/resourceGroups/rg-projeX-dev-infra/providers/Microsoft.KeyVault/vaults/kv-ProjectX-dev"
},
"secretName": "zzz-zzz-zzz-zzz"
}
},
Defined parameter as secure string in the template file:
"app-gateway-httpsvaultCert": {
"type": "securestring",
"metadata": {
"description": "Secure access string from Azure Application Gateway to Key Vault."
}
},
Template.json file:
{
"type": "Microsoft.Network/applicationGateways",
"apiVersion": "2020-11-01",
"name": "[variables('app-gateway-name')]",
"location": "[parameters('location')]",
"tags": "[parameters('resource-Tags')]",
"dependsOn": [
"[resourceId('Microsoft.Insights/components', variables('app-insights-name'))]",
"[resourceId('Microsoft.Network/publicIPAddresses', variables('public-ip-name'))]",
"[resourceId('Microsoft.Network/virtualNetworks', variables('vnet-name'))]",
"[resourceId('Microsoft.KeyVault/vaults', variables('kv-name'))]"
],
"identity": {
"type": "UserAssigned",
"userAssignedIdentities": {
"[resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', variables('appgw-managed-id'))]": {
}
}
},
"properties": {
"sku": {
"name": "Standard_v2",
"tier": "Standard_v2",
"capacity": "[parameters('app-gateway-capacity')]"
},
"gatewayIPConfigurations": [
{
"name": "appGatewayIpConfig",
"properties": {
"subnet": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('vnet-name'), 'appgw-subnet')]"
}
}
}
],
"sslCertificates": [
{
"name": "appGwSslCert",
"properties": {
"keyVaultSecretId": "[parameters('app-gateway-httpsvaultCert')]"
}
}
],
"trustedRootCertificates": [],
"frontendIPConfigurations": [
{
"name": "appGwPublicFrontendIp",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses', variables('public-ip-name'))]"
}
}
}
],
"frontendPorts": [
{
"name": "port_443",
"properties": {
"port": 443
}
}
],
"backendAddressPools": [
{
"name": "gatewayBackEnd",
"properties": {
"backendAddresses": [
{
"fqdn": "[concat(variables('apim-name'), '.azure-api.net')]"
},
{
"fqdn": "[concat(variables('fr-name'), '.cognitiveservices.azure.com')]"
}
]
}
}
],
"backendHttpSettingsCollection": [
{
"name": "global-gateway-https-setting",
"properties": {
"port": 443,
"protocol": "Https",
"cookieBasedAffinity": "Disabled",
"pickHostNameFromBackendAddress": true,
"requestTimeout": 20,
"probe": {
"id": "[resourceId('Microsoft.Network/applicationGateways/probes', variables('app-gateway-name'), 'global-gateway-probe')]"
}
}
}
],
"httpListeners": [
{
"name": "global-listener-https",
"properties": {
"frontendIPConfiguration": {
"id": "[resourceId('Microsoft.Network/applicationGateways/frontEndIPConfigurations', variables('app-gateway-name'), 'appGwPublicFrontendIp')]"
},
"frontendPort": {
"id": "[resourceId('Microsoft.Network/applicationGateways/frontEndPorts', variables('app-gateway-name'), 'port_443')]"
},
"protocol": "Https",
"sslCertificate": {
"id": "[resourceId('Microsoft.Network/applicationGateways/sslCertificates', variables('app-gateway-name'), 'appGwSslCert')]"
},
"hostNames": [],
"requireServerNameIndication": false
}
}
],
"urlPathMaps": [],
"requestRoutingRules": [
{
"name": "global-routing-rule",
"properties": {
"ruleType": "Basic",
"httpListener": {
"id": "[resourceId('Microsoft.Network/applicationGateways/httpListeners', variables('app-gateway-name'), 'global-listener-https')]"
},
"backendAddressPool": {
"id": "[resourceId('Microsoft.Network/applicationGateways/backendAddressPools', variables('app-gateway-name'), 'gatewayBackEnd')]"
},
"backendHttpSettings": {
"id": "[resourceId('Microsoft.Network/applicationGateways/backendHttpSettingsCollection', variables('app-gateway-name'), 'global-gateway-https-setting')]"
}
}
}
],
"probes": [
{
"name": "global-gateway-probe",
"properties": {
"protocol": "Https",
"port": 443,
"path": "/status-0123456789abcdef",
"interval": 30,
"timeout": 30,
"unhealthyThreshold": 3,
"pickHostNameFromBackendHttpSettings": true,
"minServers": 0
}
}
],
"rewriteRuleSets": [],
"redirectConfigurations": [],
"privateLinkConfigurations": [],
"sslPolicy": {
"policyType": "Predefined",
"policyName": "AppGwSslPolicy20170401S"
},
"enableHttp2": true
}
},

An issue has been fixed changing template.json and parameters.json files accordingly:
Template.json:
"app-gateway-httpsvaultCert": {
"type": "String",
"defaultValue": "https://[KeyVaultName].vault.azure.net/secrets/[CertName]",
"metadata": {
"description": "The base-64 encoded SSL certificate PFX data. Must be supplied via a parameters file references to a Key Vault / Secret Name."
}
}
Parameters.json:
"app-gateway-httpsvaultCert": {
"value":
"https://[KeyVaultName].vault.azure.net/secrets/[CertName]"
}

Creating a internal standard load balancer with HA ports in Azure

I am trying to create a internal standard load balancer in Azure with HA ports using ARM template . I am getting below validation error.
{
"code": "InvalidTemplateDeployment",
"details": [
{
"code": "PortValueIsOutOfRange",
"message": "Resource DC10TESTCPW01 has invalid value of Port (0). The value must be between 1 and 65535.",
"details": []
}
],
"message": "The template deployment 'Microsoft.Template-20210524012843' is not valid according to the validation procedure. The tracking id is '585f5d57-4423-47a8-a45d-4a0e371b47c2'. See inner errors for details."
}

Sample:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"adminUsername": {
"type": "string",
"metadata": {
"description": "Admin username"
}
},
"adminPassword": {
"type": "securestring",
"metadata": {
"description": "Admin password"
}
},
"vmNamePrefix": {
"type": "string",
"defaultValue": "BackendVM",
"metadata": {
"description": "Prefix to use for VM names"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
},
"vmSize": {
"type": "string",
"defaultValue": "Standard_DS1_V2",
"metadata": {
"description": "Size of the virtual machines"
}
}
},
"variables": {
"availabilitySetName": "AvSet",
"storageAccountType": "Standard_LRS",
"storageAccountName": "[uniqueString(resourceGroup().id)]",
"virtualNetworkName": "vNet",
"subnetName": "backendSubnet",
"loadBalancerName": "ilb",
"networkInterfaceName": "nic",
"subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnetName'))]",
"numberOfInstances": 2
},
"resources": [
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2019-06-01",
"name": "[variables('storageAccountName')]",
"location": "[parameters('location')]",
"sku": {
"name": "[variables('storageAccountType')]"
},
"kind": "StorageV2"
},
{
"type": "Microsoft.Compute/availabilitySets",
"apiVersion": "2020-06-01",
"name": "[variables('availabilitySetName')]",
"location": "[parameters('location')]",
"sku": {
"name": "Aligned"
},
"properties": {
"PlatformUpdateDomainCount": 2,
"PlatformFaultDomainCount": 2
}
},
{
"type": "Microsoft.Network/virtualNetworks",
"apiVersion": "2020-06-01",
"name": "[variables('virtualNetworkName')]",
"location": "[parameters('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"10.0.0.0/16"
]
},
"subnets": [
{
"name": "[variables('subnetName')]",
"properties": {
"addressPrefix": "10.0.2.0/24"
}
}
]
}
},
{
"type": "Microsoft.Network/networkInterfaces",
"apiVersion": "2020-06-01",
"name": "[concat(variables('networkInterfaceName'), copyindex())]",
"location": "[parameters('location')]",
"copy": {
"name": "nicLoop",
"count": "[variables('numberOfInstances')]"
},
"dependsOn": [
"[variables('virtualNetworkName')]",
"[variables('loadBalancerName')]"
],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"subnet": {
"id": "[variables('subnetRef')]"
},
"loadBalancerBackendAddressPools": [
{
"id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', variables('loadBalancerName'), 'BackendPool1')]"
}
]
}
}
]
}
},
{
"type": "Microsoft.Network/loadBalancers",
"apiVersion": "2020-06-01",
"name": "[variables('loadBalancerName')]",
"location": "[parameters('location')]",
"sku": {
"name": "Standard"
},
"dependsOn": [
"[variables('virtualNetworkName')]"
],
"properties": {
"frontendIPConfigurations": [
{
"properties": {
"subnet": {
"id": "[variables('subnetRef')]"
},
"privateIPAddress": "10.0.2.6",
"privateIPAllocationMethod": "Static"
},
"name": "LoadBalancerFrontend"
}
],
"backendAddressPools": [
{
"name": "BackendPool1"
}
],
"loadBalancingRules": [
{
"properties": {
"frontendIPConfiguration": {
"id": "[resourceId('Microsoft.Network/loadBalancers/frontendIpConfigurations', variables('loadBalancerName'), 'LoadBalancerFrontend')]"
},
"backendAddressPool": {
"id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', variables('loadBalancerName'), 'BackendPool1')]"
},
"probe": {
"id": "[resourceId('Microsoft.Network/loadBalancers/probes', variables('loadBalancerName'), 'lbprobe')]"
},
"protocol": "Tcp",
"frontendPort": 80,
"backendPort": 80,
"idleTimeoutInMinutes": 15
},
"Name": "lbrule"
}
],
"probes": [
{
"properties": {
"protocol": "Tcp",
"port": 80,
"intervalInSeconds": 15,
"numberOfProbes": 2
},
"name": "lbprobe"
}
]
}
},
{
"type": "Microsoft.Compute/virtualMachines",
"apiVersion": "2020-06-01",
"name": "[concat(parameters('vmNamePrefix'), copyindex())]",
"location": "[parameters('location')]",
"copy": {
"name": "virtualMachineLoop",
"count": "[variables('numberOfInstances')]"
},
"dependsOn": [
"[variables('storageAccountName')]",
"nicLoop",
"[variables('availabilitySetName')]"
],
"properties": {
"availabilitySet": {
"id": "[resourceId('Microsoft.Compute/availabilitySets',variables('availabilitySetName'))]"
},
"hardwareProfile": {
"vmSize": "[parameters('vmSize')]"
},
"osProfile": {
"computerName": "[concat(parameters('vmNamePrefix'), copyIndex())]",
"adminUsername": "[parameters('adminUsername')]",
"adminPassword": "[parameters('adminPassword')]"
},
"storageProfile": {
"imageReference": {
"publisher": "MicrosoftWindowsServer",
"offer": "WindowsServer",
"sku": "2019-Datacenter",
"version": "latest"
},
"osDisk": {
"createOption": "FromImage"
}
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces', concat(variables('networkInterfaceName'), copyindex()))]"
}
]
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": true,
"storageUri": "[reference(variables('storageAccountName')).primaryEndpoints.blob]"
}
}
}
}
]
}
Update with HA:
Configure more than one front-end private IP address for a single
internal Standard Load Balancer resource.
Configure multipleload-balancing rules, where each rule has a single unique front-end IP address selected.
Select the HA ports option, and then set Floating IP to Enabled for all the load-balancing rules.
JSON View:
{
"name": "ilb1",
"id": "/subscriptions/<SubscriptionId>/resourceGroups/<RG>/providers/Microsoft.Network/loadBalancers/ilb1",
"etag": "W/\"<ETAG>\"",
"type": "Microsoft.Network/loadBalancers",
"location": "westeurope",
"tags": {},
"properties": {
"provisioningState": "Succeeded",
"resourceGuid": "<ResourceGuid>",
"frontendIPConfigurations": [
{
"name": "LoadBalancerFrontEnd",
"id": "/subscriptions/<SubscriptionId>/resourceGroups/<RG>/providers/Microsoft.Network/loadBalancers/ilb1/frontendIPConfigurations/LoadBalancerFrontEnd",
"etag": "W/\"<ETAG>\"",
"type": "Microsoft.Network/loadBalancers/frontendIPConfigurations",
"properties": {
"provisioningState": "Succeeded",
"privateIPAddress": "10.0.0.6",
"privateIPAllocationMethod": "Static",
"subnet": {
"id": "/subscriptions/<SubscriptionId>/resourceGroups/<RG>/providers/Microsoft.Network/virtualNetworks/<RG>-vnet/subnets/default"
},
"loadBalancingRules": [
{
"id": "/subscriptions/<SubscriptionId>/resourceGroups/<RG>/providers/Microsoft.Network/loadBalancers/ilb1/loadBalancingRules/rule1"
}
]
}
},
{
"name": "ilbIP2",
"id": "/subscriptions/<SubscriptionId>/resourceGroups/<RG>/providers/Microsoft.Network/loadBalancers/ilb1/frontendIPConfigurations/ilbIP2",
"etag": "W/\"<ETAG>\"",
"type": "Microsoft.Network/loadBalancers/frontendIPConfigurations",
"properties": {
"provisioningState": "Succeeded",
"privateIPAddress": "10.0.0.7",
"privateIPAllocationMethod": "Static",
"subnet": {
"id": "/subscriptions/<SubscriptionId>/resourceGroups/<RG>/providers/Microsoft.Network/virtualNetworks/<RG>-vnet/subnets/default"
},
"loadBalancingRules": [
{
"id": "/subscriptions/<SubscriptionId>/resourceGroups/<RG>/providers/Microsoft.Network/loadBalancers/ilb1/loadBalancingRules/rule2"
}
]
}
}
],
"backendAddressPools": [
{
"name": "poolbackend1",
"id": "/subscriptions/<SubscriptionId>/resourceGroups/<RG>/providers/Microsoft.Network/loadBalancers/ilb1/backendAddressPools/poolbackend1",
"etag": "W/\"<ETAG>\"",
"properties": {
"provisioningState": "Succeeded",
"loadBalancingRules": [
{
"id": "/subscriptions/<SubscriptionId>/resourceGroups/<RG>/providers/Microsoft.Network/loadBalancers/ilb1/loadBalancingRules/rule1"
},
{
"id": "/subscriptions/<SubscriptionId>/resourceGroups/<RG>/providers/Microsoft.Network/loadBalancers/ilb1/loadBalancingRules/rule2"
}
]
},
"type": "Microsoft.Network/loadBalancers/backendAddressPools"
}
],
"loadBalancingRules": [
{
"name": "rule1",
"id": "/subscriptions/<SubscriptionId>/resourceGroups/<RG>/providers/Microsoft.Network/loadBalancers/ilb1/loadBalancingRules/rule1",
"etag": "W/\"<ETAG>\"",
"type": "Microsoft.Network/loadBalancers/loadBalancingRules",
"properties": {
"provisioningState": "Succeeded",
"frontendIPConfiguration": {
"id": "/subscriptions/<SubscriptionId>/resourceGroups/<RG>/providers/Microsoft.Network/loadBalancers/ilb1/frontendIPConfigurations/LoadBalancerFrontEnd"
},
"frontendPort": 0,
"backendPort": 0,
"enableFloatingIP": true,
"idleTimeoutInMinutes": 4,
"protocol": "All",
"loadDistribution": "SourceIP",
"disableOutboundSnat": true,
"backendAddressPool": {
"id": "/subscriptions/<SubscriptionId>/resourceGroups/<RG>/providers/Microsoft.Network/loadBalancers/ilb1/backendAddressPools/poolbackend1"
},
"probe": {
"id": "/subscriptions/<SubscriptionId>/resourceGroups/<RG>/providers/Microsoft.Network/loadBalancers/ilb1/probes/Hprobe1"
}
}
},
{
"name": "rule2",
"id": "/subscriptions/<SubscriptionId>/resourceGroups/<RG>/providers/Microsoft.Network/loadBalancers/ilb1/loadBalancingRules/rule2",
"etag": "W/\"<ETAG>\"",
"type": "Microsoft.Network/loadBalancers/loadBalancingRules",
"properties": {
"provisioningState": "Succeeded",
"frontendIPConfiguration": {
"id": "/subscriptions/<SubscriptionId>/resourceGroups/<RG>/providers/Microsoft.Network/loadBalancers/ilb1/frontendIPConfigurations/ilbIP2"
},
"frontendPort": 0,
"backendPort": 0,
"enableFloatingIP": true,
"idleTimeoutInMinutes": 4,
"protocol": "All",
"loadDistribution": "SourceIP",
"disableOutboundSnat": true,
"backendAddressPool": {
"id": "/subscriptions/<SubscriptionId>/resourceGroups/<RG>/providers/Microsoft.Network/loadBalancers/ilb1/backendAddressPools/poolbackend1"
},
"probe": {
"id": "/subscriptions/<SubscriptionId>/resourceGroups/<RG>/providers/Microsoft.Network/loadBalancers/ilb1/probes/Hprobe1"
}
}
}
],
"probes": [
{
"name": "Hprobe1",
"id": "/subscriptions/<SubscriptionId>/resourceGroups/<RG>/providers/Microsoft.Network/loadBalancers/ilb1/probes/Hprobe1",
"etag": "W/\"<ETAG>\"",
"properties": {
"provisioningState": "Succeeded",
"protocol": "Tcp",
"port": 80,
"intervalInSeconds": 5,
"numberOfProbes": 2,
"loadBalancingRules": [
{
"id": "/subscriptions/<SubscriptionId>/resourceGroups/<RG>/providers/Microsoft.Network/loadBalancers/ilb1/loadBalancingRules/rule1"
},
{
"id": "/subscriptions/<SubscriptionId>/resourceGroups/<RG>/providers/Microsoft.Network/loadBalancers/ilb1/loadBalancingRules/rule2"
}
]
},
"type": "Microsoft.Network/loadBalancers/probes"
}
],
"inboundNatRules": [],
"inboundNatPools": []
},
"sku": {
"name": "Standard"
}
}
ILB HA Template:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"loadBalancers_ilb1_name": {
"defaultValue": "ilb1",
"type": "String"
},
"virtualNetworks_<RG>_vnet_externalid": {
"defaultValue": "/subscriptions/<subscriptionId>/resourceGroups/<RG>/providers/Microsoft.Network/virtualNetworks/<RG>-vnet",
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Network/loadBalancers",
"apiVersion": "2020-11-01",
"name": "[parameters('loadBalancers_ilb1_name')]",
"location": "westeurope",
"dependsOn": [
"[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', parameters('loadBalancers_ilb1_name'), 'poolbackend1')]"
],
"sku": {
"name": "Standard",
"tier": "Regional"
},
"properties": {
"frontendIPConfigurations": [
{
"name": "LoadBalancerFrontEnd",
"properties": {
"privateIPAddress": "10.0.0.6",
"privateIPAllocationMethod": "Static",
"subnet": {
"id": "[concat(parameters('virtualNetworks_<RG>_vnet_externalid'), '/subnets/default')]"
},
"privateIPAddressVersion": "IPv4"
},
"zones": [
"1",
"2",
"3"
]
},
{
"name": "ilbIP2",
"properties": {
"privateIPAddress": "10.0.0.7",
"privateIPAllocationMethod": "Static",
"subnet": {
"id": "[concat(parameters('virtualNetworks_<RG>_vnet_externalid'), '/subnets/default')]"
},
"privateIPAddressVersion": "IPv4"
},
"zones": [
"1",
"2",
"3"
]
}
],
"backendAddressPools": [
{
"name": "poolbackend1",
"properties": {
"loadBalancerBackendAddresses": [
{
"name": "1a959793-169e-4e7f-8711-128f237dbf67",
"properties": {
"ipAddress": "10.0.0.9",
"virtualNetwork": {
"id": "[parameters('virtualNetworks_<RG>_vnet_externalid')]"
}
}
}
]
}
}
],
"loadBalancingRules": [
{
"name": "rule1",
"properties": {
"frontendIPConfiguration": {
"id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('loadBalancers_ilb1_name')), '/frontendIPConfigurations/LoadBalancerFrontEnd')]"
},
"frontendPort": 0,
"backendPort": 0,
"enableFloatingIP": true,
"idleTimeoutInMinutes": 4,
"protocol": "All",
"enableTcpReset": false,
"loadDistribution": "SourceIP",
"disableOutboundSnat": true,
"backendAddressPool": {
"id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', parameters('loadBalancers_ilb1_name'), 'poolbackend1')]"
},
"probe": {
"id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('loadBalancers_ilb1_name')), '/probes/Hprobe1')]"
}
}
},
{
"name": "rule2",
"properties": {
"frontendIPConfiguration": {
"id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('loadBalancers_ilb1_name')), '/frontendIPConfigurations/ilbIP2')]"
},
"frontendPort": 0,
"backendPort": 0,
"enableFloatingIP": true,
"idleTimeoutInMinutes": 4,
"protocol": "All",
"enableTcpReset": false,
"loadDistribution": "SourceIP",
"disableOutboundSnat": true,
"backendAddressPool": {
"id": "[resourceId('Microsoft.Network/loadBalancers/backendAddressPools', parameters('loadBalancers_ilb1_name'), 'poolbackend1')]"
},
"probe": {
"id": "[concat(resourceId('Microsoft.Network/loadBalancers', parameters('loadBalancers_ilb1_name')), '/probes/Hprobe1')]"
}
}
}
],
"probes": [
{
"name": "Hprobe1",
"properties": {
"protocol": "Tcp",
"port": 80,
"intervalInSeconds": 5,
"numberOfProbes": 2
}
}
],
"inboundNatRules": [],
"outboundRules": [],
"inboundNatPools": []
}
},
{
"type": "Microsoft.Network/loadBalancers/backendAddressPools",
"apiVersion": "2020-11-01",
"name": "[concat(parameters('loadBalancers_ilb1_name'), '/poolbackend1')]",
"dependsOn": [
"[resourceId('Microsoft.Network/loadBalancers', parameters('loadBalancers_ilb1_name'))]"
],
"properties": {
"loadBalancerBackendAddresses": [
{
"name": "1a959793-169e-4e7f-8711-128f237dbf67",
"properties": {
"ipAddress": "10.0.0.9",
"virtualNetwork": {
"id": "[parameters('virtualNetworks_<RG>_vnet_externalid')]"
}
}
}
]
}
}
]
}

How to Add Blob lifecycle rule to ARM template

I have an already created ARM template based on my existing resource group,
recently I added a new configuration to my blob storage in my account storage, I needed to manage its life cycle, which was fortunately available on the azure portal by adding a rule :
or by adding this json code:
{
"rules": [
{
"name": "ruleFoo",
"enabled": true,
"type": "Lifecycle",
"definition": {
"filters": {
"blobTypes": [ "blockBlob" ],
"prefixMatch": [ "container1/foo" ]
},
"actions": {
"baseBlob": {
"tierToCool": { "daysAfterModificationGreaterThan": 30 },
"tierToArchive": { "daysAfterModificationGreaterThan": 90 },
"delete": { "daysAfterModificationGreaterThan": 2555 }
},
"snapshot": {
"delete": { "daysAfterCreationGreaterThan": 90 }
}
}
}
}
]
}
but what's not clear to me is in which part of my blob service section
{
"type": "Microsoft.Storage/storageAccounts/blobServices",
"apiVersion": "[variables('storageAccount_version')]",
"name": "[concat(variables('storageAccount_name'), '/default')]",
"tags": {
"displayName": "Storage Account - Blob Service"
},
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts', variables('storageAccount_name'))]"
],
"properties": {
"cors": {
"corsRules": []
},
"deleteRetentionPolicy": {
"enabled": false
}
}
},
I would appreciate any help! thanks !

The following template creates storage account and it's blob lifecycle.
The key is to name the lifecycle resource with storage account name prefix and add
the dependsOn section.
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"storageAccountName": {
"type": "string",
"defaultValue": "ajstoragetest444"
}
},
"resources": [
{
"name": "[parameters('storageAccountName')]",
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2019-06-01",
"location": "westeurope",
"sku": {
"name": "Standard_LRS",
"tier": "Standard"
},
"kind": "StorageV2",
"properties": {
}
},
{
"name": "[concat(parameters('storageAccountName'), '/default')]",
"type": "Microsoft.Storage/storageAccounts/managementPolicies",
"apiVersion": "2019-06-01",
"dependsOn": [
"[concat('Microsoft.Storage/storageAccounts/', parameters('storageAccountName'))]"
],
"properties": {
"policy": {
"rules": [
{
"name": "ruleFoo",
"enabled": true,
"type": "Lifecycle",
"definition": {
"filters": {
"blobTypes": [
"blockBlob"
],
"prefixMatch": [
"container1/foo"
]
},
"actions": {
"baseBlob": {
"tierToCool": {
"daysAfterModificationGreaterThan": 30
},
"tierToArchive": {
"daysAfterModificationGreaterThan": 90
},
"delete": {
"daysAfterModificationGreaterThan": 2555
}
},
"snapshot": {
"delete": {
"daysAfterCreationGreaterThan": 90
}
}
}
}
}
]
}
}
}
]
}

Please take a look at this article, and note the name: default in the example below, this is the ONLY allowed name for storageAccounts/managementPolicies:
{
"name": "default",
"type": "Microsoft.Storage/storageAccounts/managementPolicies",
"apiVersion": "2019-04-01",
"properties": {
"policy": {
"rules": [
{
"enabled": "boolean",
"name": "string",
"type": "Lifecycle",
"definition": {
"actions": {
"baseBlob": {
"tierToCool": {
"daysAfterModificationGreaterThan": "number"
},
"tierToArchive": {
"daysAfterModificationGreaterThan": "number"
},
"delete": {
"daysAfterModificationGreaterThan": "number"
}
},
"snapshot": {
"delete": {
"daysAfterCreationGreaterThan": "number"
}
}
},
"filters": {
"prefixMatch": [
"string"
],
"blobTypes": [
"string"
]
}
}
}
]
}
}
}

Azure Application Gateway DNS returning 307 to backend pool

I am trying to configure Azure Application Gateway with Basic Rule. For my Frontend IP, I have created set DNS name to whatever.canadacentral.cloudapp.azure.com and uploaded a self-signed certificate. When I hit https:// everything works correctly however when I go to https://whatever.canadacentral.cloudapp.azure.com it returns 307 redirecting me to my backend pool https://whatever.azurewebsites.net/
Is this something to do with canadacentral.cloudapp.azure.com and I need to provide custom DNS?
Here's my template for Application Gateway:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"applicationGateways_ExampleDev_name": {
"defaultValue": "ExampleDev",
"type": "String"
},
"virtualNetworks_Ex_DEV_externalid": {
"defaultValue": "/subscriptions/xxx/resourceGroups/Example-Ex-DEV/providers/Microsoft.Network/virtualNetworks/Ex-DEV",
"type": "String"
},
"publicIPAddresses_ExampleDevIP_externalid": {
"defaultValue": "/subscriptions/xxx/resourceGroups/Example-Ex-DEV/providers/Microsoft.Network/publicIPAddresses/ExampleDevIP",
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Network/applicationGateways",
"apiVersion": "2019-09-01",
"name": "[parameters('applicationGateways_ExampleDev_name')]",
"location": "canadacentral",
"properties": {
"sku": {
"name": "WAF_v2",
"tier": "WAF_v2"
},
"gatewayIPConfigurations": [
{
"name": "appGatewayIpConfig",
"properties": {
"subnet": {
"id": "[concat(parameters('virtualNetworks_Ex_DEV_externalid'), '/subnets/default')]"
}
}
}
],
"sslCertificates": [
{
"name": "ApplicationGateway",
"properties": {}
}
],
"trustedRootCertificates": [],
"frontendIPConfigurations": [
{
"name": "appGwPublicFrontendIp",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "[parameters('publicIPAddresses_ExampleDevIP_externalid')]"
}
}
}
],
"frontendPorts": [
{
"name": "port_80",
"properties": {
"port": 80
}
},
{
"name": "port_443",
"properties": {
"port": 443
}
}
],
"backendAddressPools": [
{
"name": "ExampleApiDev",
"properties": {
"backendAddresses": [
{
"fqdn": "Exampleapi-dev.azurewebsites.net"
}
]
}
},
{
"name": "ExampleAuthDev",
"properties": {
"backendAddresses": [
{
"fqdn": "Exampleauth-dev.azurewebsites.net"
}
]
}
},
{
"name": "ExampleAppDev",
"properties": {
"backendAddresses": [
{
"fqdn": "Exampleapp-dev.azurewebsites.net"
}
]
}
}
],
"backendHttpSettingsCollection": [
{
"name": "default",
"properties": {
"port": 80,
"protocol": "Http",
"cookieBasedAffinity": "Disabled",
"pickHostNameFromBackendAddress": true,
"affinityCookieName": "ApplicationGatewayAffinity",
"requestTimeout": 20,
"probe": {
"id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateways_ExampleDev_name')), '/probes/defaultxxx')]"
}
}
}
],
"httpListeners": [
{
"name": "public-https",
"properties": {
"frontendIPConfiguration": {
"id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateways_ExampleDev_name')), '/frontendIPConfigurations/appGwPublicFrontendIp')]"
},
"frontendPort": {
"id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateways_ExampleDev_name')), '/frontendPorts/port_443')]"
},
"protocol": "Https",
"sslCertificate": {
"id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateways_ExampleDev_name')), '/sslCertificates/ApplicationGateway')]"
},
"hostNames": [],
"requireServerNameIndication": false
}
}
],
"urlPathMaps": [],
"requestRoutingRules": [
{
"name": "basic",
"properties": {
"ruleType": "Basic",
"httpListener": {
"id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateways_ExampleDev_name')), '/httpListeners/public-https')]"
},
"backendAddressPool": {
"id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateways_ExampleDev_name')), '/backendAddressPools/ExampleApiDev')]"
},
"backendHttpSettings": {
"id": "[concat(resourceId('Microsoft.Network/applicationGateways', parameters('applicationGateways_ExampleDev_name')), '/backendHttpSettingsCollection/default')]"
}
}
}
],
"probes": [
{
"name": "default07a3e3ac-3c07-40f6-ad80-837f4cdd1009",
"properties": {
"protocol": "Http",
"path": "/swagger/index.html",
"interval": 30,
"timeout": 30,
"unhealthyThreshold": 3,
"pickHostNameFromBackendHttpSettings": true,
"minServers": 0,
"match": {
"statusCodes": [
"200-399"
]
}
}
}
],
"rewriteRuleSets": [],
"redirectConfigurations": [],
"webApplicationFirewallConfiguration": {
"enabled": true,
"firewallMode": "Prevention",
"ruleSetType": "OWASP",
"ruleSetVersion": "3.0",
"disabledRuleGroups": [],
"exclusions": [],
"requestBodyCheck": true,
"maxRequestBodySizeInKb": 128,
"fileUploadLimitInMb": 50
},
"enableHttp2": false,
"autoscaleConfiguration": {
"minCapacity": 0,
"maxCapacity": 2
}
}
}
]
}

In this case, for application gateway V2, you have two solutions from this document.
Rewrite the location header
Set the host name in the location header to the application gateway's
domain name. To do this, create a rewrite rule with a condition that
evaluates if the location header in the response contains
azurewebsites.net. It must also perform an action to rewrite the
location header to have the application gateway's host name.
Use a custom domain name
In this way, you must own a custom domain and add custom domain in app servvice, see Map an existing custom DNS name to Azure App Service. You could follow this process:

Failing ARM Template Deployment for Azure Load Balancer - Jenkins Giving No Error

I'm currently attempting to deploy an Azure Load Balancer instance to provide load balanced access to two firewalls. This is to provide a pseudo-HA configuration.
However, when I try to deploy this template using Jenkins, it gives me the following unhelpful response (even with the --debug command):
DEBUG: attempting to read file Test/deployment/azuredeploy.json as utf-8-sig
DEBUG: attempting to read file Test/parameters/deploymentParameters.json as utf-8-sig
DEBUG: No tty
available.
ERROR:
So it's saying there's an error but can't tell me what the error is.
I have two requests:
Can anybody tell me how I can find out what is causing this error? Any commands or tools I am unaware of?
If anybody is skilled with the Azure Load Balancer syntax for ARM then can you eyeball my deployment template and let me know if it has any immediate flaws. Code is below.
code:
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"virtualNetworkName": {
"type": "string",
"metadata": {
"description": "vnet name"
}
},
"subnet1Name": {
"type": "string",
"metadata": {
"description": "Subnet 1 name"
}
},
"subnet2Name": {
"type": "string",
"metadata": {
"description": "Subnet 2 name"
}
},
"loadBalancerName": {
"type": "string",
"metadata": {
"description": "name of the load balancer instance"
}
},
"nicName1": {
"type": "string",
"metadata": {
"description": "name of NIC 1"
}
},
"nicName2": {
"type": "string",
"metadata": {
"description": "name of NIC 2"
}
},
"nicName3": {
"type": "string",
"metadata": {
"description": "name of NIC 3"
}
},
"nicName4": {
"type": "string",
"metadata": {
"description": "name of NIC 4"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Location for all resources."
}
}
},
"variables": {
"virtualNetworkName": "[parameters('virtualNetworkName')]",
"subnet1Name": "[parameters('subnet1Name')]",
"subnet2Name": "[parameters('subnet2Name')]",
"loadBalancerName": "[parameters('loadBalancerName')]",
"nicName1": "[parameters('nicName1')]",
"nicName2": "[parameters('nicName2')]",
"nicName3": "[parameters('nicName3')]",
"nicName4": "[parameters('nicName4')]",
"subnetRef1": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnet1Name'))]",
"subnetRef2": "[resourceId('Microsoft.Network/virtualNetworks/subnets', variables('virtualNetworkName'), variables('subnet2Name'))]"
},
"resources": [
{
"apiVersion": "2018-08-01",
"type": "Microsoft.Network/networkInterfaces",
"name": "[variables('nicName1')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat('Microsoft.Network/loadBalancers/', variables('loadBalancerName'))]"
],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig-firewallBE",
"properties": {
"subnet": {
"id": "[variables('subnetRef1')]"
},
"loadBalancerBackendAddressPools": [
{
"id": "[concat(resourceId('Microsoft.Network/loadBalancers', variables('loadBalancerName')),'/backendAddressPools/firewallBE-subnet-pool')]"
}
]
}
}
]
}
},
{
"apiVersion": "2018-08-01",
"type": "Microsoft.Network/networkInterfaces",
"name": "[variables('nicName2')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat('Microsoft.Network/loadBalancers/', variables('loadBalancerName'))]"
],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig-firewallBE",
"properties": {
"subnet": {
"id": "[variables('subnetRef1')]"
},
"loadBalancerBackendAddressPools": [
{
"id": "[concat(resourceId('Microsoft.Network/loadBalancers', variables('loadBalancerName')),'/backendAddressPools/firewallBE-subnet-pool')]"
}
]
}
}
]
}
},
{
"apiVersion": "2018-08-01",
"type": "Microsoft.Network/networkInterfaces",
"name": "[variables('nicName3')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat('Microsoft.Network/loadBalancers/', variables('loadBalancerName'))]"
],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig-firewallFE",
"properties": {
"subnet": {
"id": "[variables('subnetRef2')]"
},
"loadBalancerBackendAddressPools": [
{
"id": "[concat(resourceId('Microsoft.Network/loadBalancers', variables('loadBalancerName')),'/backendAddressPools/firewallFE-subnet-pool')]"
}
]
}
}
]
}
},
{
"apiVersion": "2018-08-01",
"type": "Microsoft.Network/networkInterfaces",
"name": "[variables('nicName4')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat('Microsoft.Network/loadBalancers/', variables('loadBalancerName'))]"
],
"properties": {
"ipConfigurations": [
{
"name": "ipconfig-firewallFE",
"properties": {
"subnet": {
"id": "[variables('subnetRef2')]"
},
"loadBalancerBackendAddressPools": [
{
"id": "[concat(resourceId('Microsoft.Network/loadBalancers', variables('loadBalancerName')),'/backendAddressPools/firewallFE-subnet-pool')]"
}
]
}
}
]
}
},
{
"apiVersion": "2017-08-01",
"name": "[variables('loadBalancerName')]",
"type": "Microsoft.Network/loadBalancers",
"location": "[parameters('location')]",
"sku": {
"name": "Standard"
},
"properties": {
"frontendIPConfigurations": [
{
"name": "firewallBE-FrontEnd",
"properties": {
"subnet": {
"id": "[variables('subnetRef1')]"
}
}
},
{
"name": "firewallFE-FrontEnd",
"properties": {
"subnet": {
"id": "[variables('subnetRef2')]"
}
}
}
],
"backendAddressPools": [
{
"name": "firewallBE-subnet-pool"
},
{
"name": "firewallFE-subnet-pool"
}
],
"loadBalancingRules": [
{
"properties": {
"frontendIPConfiguration": {
"id": "[concat(resourceId('Microsoft.Network/loadBalancers', variables('loadBalancerName')), '/frontendIpConfigurations/firewallBE-FrontEnd')]"
},
"backendAddressPool": {
"id": "[concat(resourceId('Microsoft.Network/loadBalancers', variables('loadBalancerName')), '/backendAddressPools/firewallBE-subnet-pool')]"
},
"probe": {
"id": "[concat(resourceId('Microsoft.Network/loadBalancers', variables('loadBalancerName')), '/probes/firewall-lb-probe')]"
},
"protocol": "All",
"frontendPort": 0,
"backendPort": 0
},
"name": "firewallBE-subnet-rule"
},
{
"properties": {
"frontendIPConfiguration": {
"id": "[concat(resourceId('Microsoft.Network/loadBalancers', variables('loadBalancerName')), '/frontendIpConfigurations/firewallFE-FrontEnd')]"
},
"backendAddressPool": {
"id": "[concat(resourceId('Microsoft.Network/loadBalancers', variables('loadBalancerName')), '/backendAddressPools/firewallFE-subnet-pool')]"
},
"probe": {
"id": "[concat(resourceId('Microsoft.Network/loadBalancers', variables('loadBalancerName')), '/probes/firewall-lb-probe')]"
},
"protocol": "All",
"frontendPort": 0,
"backendPort": 0
},
"name": "firewallFE-subnet-rule"
}
],
"probes": [
{
"properties": {
"protocol": "Tcp",
"port": 0,
"intervalInSeconds": 15,
"numberOfProbes": 2
},
"name": "firewall-lb-probe"
}
]
}
}
]
}

in this case the error was due to a missing parameter that needed to be passed to the template

Resources