Search code examples
azureterraformterraform-provider-azure

Creating subnet in Azure resources group but it is erroring out (you cannot delete it)

I have a virtual network called vNetVPN-Dev and in that virtual network I have some other subnets

And now I want to create another subnet in the same virtual network vNetVPN-Dev.

Virtual network

resource "azurerm_virtual_network" "virtual_network" {
  name                = "vNetVPN-Dev"
  location            = var.resource_group_location_north_europe
  resource_group_name = var.resource_group_name
  address_space       = ["10.1.16.0/23", "10.2.0.0/16", "172.16.100.0/24"]

  subnet {
    name           = "snet-vgp-dev"
    address_prefix = "10.2.1.0/24"
  }

  tags = {
    environment = var.tag_dev
  }
}

this is the subnet I want to provision

resource "azurerm_subnet" "subnet_internal" {
  name                 = "snet-internal-vm"
  resource_group_name  = var.resource_group_name
  virtual_network_name = azurerm_virtual_network.virtual_network.name
  address_prefixes     = ["10.2.10.0/24"]
}

and when I run the terraform apply command, it errors out that GatewaySubnet is in use.

creating/updating Virtual Network: (Name "vNetVPN-Dev" / Resource Group "rg-03-data-dev"): network.VirtualNetworksClient#CreateOrUpdate: 
Failure sending request: StatusCode=400 -- 
Original Error: Code="InUseSubnetCannotBeDeleted" 
Message="Subnet GatewaySubnet is in use by /subscriptions/XXXXXXXXXXXXXXX/resourceGroups/rg-03-data-dev/providers/Microsoft.Network/virtualNetworkGateways/vgw-vgp-dev/ipConfigurations/vpn_public_ip_address_vgtw and cannot be deleted. 
In order to delete the subnet, delete all the resources within the subnet. See aka.ms/deletesubnet."

There is no way that I can stop the GatewaySubnet.

GatewaySubnet is for vpn. Do I need to remove the GatewaySubnet in order to provision my other resources?

Solution

  • You can't use inline subnet of the azurerm_virtual_network and azurerm_subnet resource to declare subnets for the same vnet.

    https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/virtual_network

    https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/subnet

    To prevent terraform from trying to delete the gateway subnet which is already deployed, you should use only the in-line declaration

    resource "azurerm_virtual_network" "virtual_network" {
  name                = "vNetVPN-Dev"
  location            = var.resource_group_location_north_europe
  resource_group_name = var.resource_group_name
  address_space       = ["10.1.16.0/23", "10.2.0.0/16", "172.16.100.0/24"]

  subnet {
    name           = "snet-vgp-dev"
    address_prefix = "10.2.1.0/24"
  }

  subnet {
    name           = "snet-internal-vm"
    address_prefix = "10.2.10.0/24"
  }

  tags = {
    environment = var.tag_dev
  }
}