I'm trying to deploy a Application Gateway that has a reference to a subnet which is residing in a different subscription than where I want deploy the Application Gateway.
The deployment script looks something like this (rest of file omitted to reduce complexity):
Variable:
"variables": {
"virtualNetworksExternalId": "[resourceId('<another-subscription-id>','<resource-group-name>','Microsoft.Network/virtualNetworks/subnets', '<resource-name>', '<subnet-name>')]"
},
Gateway ressource
{
"type": "Microsoft.Network/applicationGateways",
"apiVersion": "2020-05-01",
"name": "[parameters('applicationGatewayName')]",
"location": "westeurope",
"properties": {
"gatewayIPConfigurations": [
{
"name": "appGatewayIpConfig",
"properties": {
"subnet": {
"id": "[variables('virtualNetworksExternalId')]"
}
}
}
]
}
}
However, when I deploy the template, I get the following error from Azure:
Exception Details:
Error Code: ResourceReferenceUsesWrongSubscriptionId
Message: Property subnet of resource /subscriptions/<current-subscription-id>/resourceGroups/<name-of-rg>/providers/Microsoft.Network/applicationGateways/<name-of-appliationgateway> can only reference resources in subscription(s) <current-subscription-id>. Value /subscriptions/<another-subscription-id>/resourceGroups/<name-of-network>/providers/Microsoft.Network/virtualNetworks/<name-of-net>/subnets/<name-of-subnet> references wrong subscription.
Is it not possible to reference a resource from another subscription via ARM or am I doing something else wrong?
The problem is not the use of ARM template but how application gateway works.
"Application Gateway is a dedicated deployment in your virtual network." Therefore, it cannot be used cross subscriptions.
https://learn.microsoft.com/en-us/azure/application-gateway/application-gateway-faq