Dynamic IP Restriction to add ip addresses, vnet and service tag terraform azure
So far with a help on previous topics I was able to deploy App service with IP Restriction with the following code:
Variable
locals {
ip_address_list2 = [ {
ip_add : "20.20.20.3/32",
subnet_id = null,
service_tag = null,
prior : "140",
name = "test1"
},
{
ip_add : "10.10.10.2/32",
subnet_id = null,
service_tag = null,
prior : "141",
name = "test2"
},
{
ip_add : "0.0.0.0/0",
subnet_id = null,
service_tag = "AppService"
prior : "142",
name = "Service_Tag"
}]}
App Service:
site_config {
dynamic "ip_restriction" {
for_each = local.ip_address_list2
content {
ip_address = ip_restriction.value["ip_add"]
action = "Allow"
priority = ip_restriction.value["prior"]
virtual_network_subnet_id = ip_restriction.value["subnet_id"]
service_tag = ip_restriction.value["service_tag"]
name = ip_restriction.value["name"]
}}}
But if I add the following variable for the subnet I receive error:
{
ip_add : "0.0.0.0/0",
subnet_id = azurerm_subnet.subnet.id,
service_tag = null
prior : "143",
name = "VirtualNetwork"
}
Error: creating App Service "hook-service" (Resource Group "RG-DEV-TEST"): web.AppsClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="BadRequest" Message="IpSecurityRestriction is invalid. Only IpAddress or VnetSubnetResourceId property must be specified." Details=[{"Message":"IpSecurityRestriction is invalid. Only IpAddress or VnetSubnetResourceId property must be specified."},{"Code":"BadRequest"},{"ErrorEntity":{"Code":"BadRequest","ExtendedCode":"51021","Message":"IpSecurityRestriction is invalid. Only IpAddress or VnetSubnetResourceId property must be specified.","MessageTemplate":"{0} is invalid. {1}","Parameters":["IpSecurityRestriction","Only IpAddress or VnetSubnetResourceId property must be specified."]}}] │ │ with azurerm_app_service.hook-service, │ on main.tf line 474, in resource "azurerm_app_service" "hook-service": │ 474: resource "azurerm_app_service" "hook-service" {
NOTE: validation with only terraform plan can be completed without error. The error is observed only after terraform apply
Thank you
You should use something like below:
locals {
ip_address_list = [ {
ip_add : "20.20.20.3/32",
prior : "140",
name = "test1"
},
{
ip_add : "10.10.10.2/32",
prior : "141",
name = "test2"
}
]
ip_address_list2=[ {
subnet = "${data.azurerm_subnet.name.id}" ,
name = "test3"
prior ="143"
}]
}
Then you can use :
site_config {
dynamic "ip_restriction"{
for_each=local.ip_address_list
content{
ip_address = ip_restriction.value["ip_add"]
action = "Allow"
priority = ip_restriction.value["prior"]
name = ip_restriction.value["name"]
}
}
dynamic "ip_restriction" {
for_each = local.ip_address_list2
content{
name = ip_restriction.value["name"]
virtual_network_subnet_id = ip_restriction.value["subnet"]
priority = ip_restriction.value["prior"]
}
}
}
Output:
Note: For IP_address restriction you have to provide ip_add , Prior and name. But for subnet restriction you have to give only subnet_id, prior and name. With providing service_tag it will error out with same error.
- You need to ensure that WebApp1 uses the ASP.NET v4.7 runtime stack
- AKV10032: Invalid issuer error when connecting to Azure Key Vault from App Service
- Azure Service Plan - Convert Consumption App to Premium App
- Azure App Service Autoscale Fails to Scale In
- Azure Scale Out on Memory keeps flapping (not scaling in)
- Setting a server minimum for Azure Web App when using automatic scaling, from Bicep
- Azure App Service Custom Backup to Firewall Enabled Storage Account not working as expected
- Failed to deploy path that does not exist
- what URL should Kestrel listen to in a docker container on Azure App Service
- Native Node.js Metrics in Application Insights
- is it posible to access Azure App Configuration via URL or conected some how as enviroment setting of App Service?
- How can I install packages using the startup command in Azure App Service?
- Override an array in azure app service application settings
- .Net API Azure App Service hangs on startup when under load
- How to get associated AppServicePlan associated with AppService (WebJob) using PowerShell
- Application Error when deploying python EchoBot to the Azure App Service via VS Code. Module not found
- How do I change from Bring Your Own Certificate to Azure Managed for an App Service?
- Attempting to use the Azure Web App 'Identity provider' feature with a web app that uses the Python Azure SDK (azure.identity)
- Disable TipMix and x-ms-routing-name cookie from website
- Issue with webapp or Azure?: This region has quota of 0 PremiumV2 cores for your subscription. Try selecting different region or SKU
- Deploy an ASP.net MVC website to a subfolder of an Azure website?
- Trouble configuring Azure app service from publish in Visual Studio, can't access endpoints
- Azure web app not updating after successful deployment
- Cancellation behavior of .NET 6 API endpoint differs between local and Azure App Service Linux hosting
- Linux azure web app can't find assets files, React app
- App Service Status Running with failed startup
- Azure App Service Plan Consumes 70% of Memory Without Deploying Any Code
- Trying to use WEBSITE_RUN_FROM_PACKAGE = 1 but ZipDeploy failed with [IOException]: The user name or password is incorrect
- Deployment start up file to App Service doesn't work
- Azure Monitoring Diagnostic Settings AppServiceConsoleLogs not showing all console.log lines