Having trouble creating a Azure Front Door instance with Terraform. The setup should be pretty basic, but can not find out what is wrong.
Here is the terraform script
resource "azurerm_frontdoor" "b2cfrontdoor" {
name = "fd-adpb2c-westeurope-dev"
resource_group_name = azurerm_resource_group.b2c.name
enforce_backend_pools_certificate_name_check = true
routing_rule {
name = "routingrule"
accepted_protocols = ["Http", "Https"]
patterns_to_match = ["/*"]
frontend_endpoints = ["b2c-frontdoor-endpoint-dev"]
forwarding_configuration {
forwarding_protocol = "MatchRequest"
backend_pool_name = "b2-backend-pool-dev"
}
}
backend_pool_load_balancing {
name = "loadbalancingsettings"
}
backend_pool_health_probe {
name = "healthprobesettings"
enabled = false
probe_method = "HEAD"
}
backend_pool {
name = "b2-backend-pool-dev"
backend {
host_header = "xyz.b2clogin.com"
address = "xyz.b2clogin.com"
http_port = 80
https_port = 443
}
load_balancing_name = "loadbalancingsettings"
health_probe_name = "healthprobesettings"
}
frontend_endpoint {
name = "b2c-frontdoor-endpoint-dev"
host_name = "b2c-frontdoor-endpoint-dev.azurefd.net"
session_affinity_enabled = false
session_affinity_ttl_seconds = 0
}
}
The error message returned is
Error: creating Front Door "fd-adpb2c-westeurope-dev" (Resource Group "rg-adpb2c-westeurope-dev"): frontdoor.FrontDoorsClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="BadRequest" Message="The frontend endpoint zone \"\" must only be used in the default CNAME entry."
on resource_frontdoor.tf line 1, in resource "azurerm_frontdoor" "b2cfrontdoor":
1: resource "azurerm_frontdoor" "b2cfrontdoor" {
Did some sniffing on the request sende to Azure and found a PUT request to
with this payload
{
"location": "Global",
"properties": {
"backendPools": [
{
"id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/backendPools/b2-backend-pool-dev",
"name": "b2-backend-pool-dev",
"properties": {
"backends": [
{
"address": "xyz.b2clogin.com",
"backendHostHeader": "xyz.b2clogin.com",
"enabledState": "Enabled",
"httpPort": 80,
"httpsPort": 443,
"priority": 1,
"weight": 50
}
],
"loadBalancingSettings": {
"id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/loadBalancingSettings/loadbalancingsettings"
},
"healthProbeSettings": {
"id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/healthProbeSettings/healthprobesettings"
}
}
}
],
"backendPoolsSettings": {
"enforceCertificateNameCheck": "Disabled",
"sendRecvTimeoutSeconds": 60
},
"enabledState": "Enabled",
"friendlyName": "",
"frontendEndpoints": [
{
"id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/frontendEndpoints/b2-frontdoor-endpoint-dev",
"name": "b2-frontdoor-endpoint-dev",
"properties": {
"hostName": "b2-frontdoor-endpoint-dev.azurefd.net",
"sessionAffinityEnabledState": "Disabled",
"sessionAffinityTtlSeconds": 0
}
}
],
"healthProbeSettings": [
{
"id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/healthProbeSettings/healthprobesettings",
"name": "healthprobesettings",
"properties": {
"path": "/",
"protocol": "Http",
"intervalInSeconds": 120,
"healthProbeMethod": "GET",
"enabledState": "Disabled"
}
}
],
"loadBalancingSettings": [
{
"id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/loadBalancingSettings/loadbalancingsettings",
"name": "loadbalancingsettings",
"properties": {
"sampleSize": 4,
"successfulSamplesRequired": 2,
"additionalLatencyMilliseconds": 0
}
}
],
"routingRules": [
{
"id": "",
"name": "routingrule",
"properties": {
"frontendEndpoints": [
{
"id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/frontendEndpoints/b2-frontdoor-endpoint-dev"
}
],
"acceptedProtocols": [
"Http",
"Https"
],
"patternsToMatch": [
"/*"
],
"enabledState": "Enabled",
"routeConfiguration": {
"@odata.type": "#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration",
"backendPool": {
"id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/backendPools/b2-backend-pool-dev"
},
"forwardingProtocol": "MatchRequest"
}
}
}
]
},
"tags": {}
}
and the response is
{
"error": {
"code": "BadRequest",
"message": "The frontend endpoint zone \"\" must only be used in the default CNAME entry."
}
}
The TerraForm version is 0.14.10 and the azurerm version is v2.56.0
Anyone knows about this problem?
Thanks
Found out what was wrong (also indicated by Jim Xu). The name of the resource ("azurerm_frontdoor" "b2cfrontdoor") and the name of the frontend_endpoint must be the same. When createing a Front Door instance in the Azure Portal you are not asked for name, The Front Door instance get it's name from the name of the frontend.
resource "azurerm_frontdoor" "b2cfrontdoor" {
name = "b2c-frontdoor-endpoint-dev"
resource_group_name = azurerm_resource_group.b2c.name
enforce_backend_pools_certificate_name_check = true
routing_rule {
name = "routingrule"
accepted_protocols = ["Http", "Https"]
patterns_to_match = ["/*"]
frontend_endpoints = ["b2c-frontdoor-endpoint-dev"]
forwarding_configuration {
forwarding_protocol = "MatchRequest"
backend_pool_name = "b2-backend-pool-dev"
}
}
backend_pool_load_balancing {
name = "loadbalancingsettings"
}
backend_pool_health_probe {
name = "healthprobesettings"
enabled = false
probe_method = "HEAD"
}
backend_pool {
name = "b2-backend-pool-dev"
backend {
host_header = "xyz.b2clogin.com"
address = "xyz.b2clogin.com"
http_port = 80
https_port = 443
}
load_balancing_name = "loadbalancingsettings"
health_probe_name = "healthprobesettings"
}
frontend_endpoint {
name = "b2c-frontdoor-endpoint-dev"
host_name = "b2c-frontdoor-endpoint-dev.azurefd.net"
session_affinity_enabled = false
session_affinity_ttl_seconds = 0
}
}