I have below Terraform code. I need to identify which value to be given for a specific subresource_names in private end point connection for logic app workflow. I am new to Terraform.
locals {
app_service_name = "appserviceswathi"
sku_sizes = {
small = "WS1"
medium = "WS2"
premium = "WS3"
}
}
data "azurerm_resource_group" "rg1" {
name = var.resource_group_name
}
data "azurerm_resource_group" "rg2" {
name = var.vnet_rg
}
data "azurerm_subnet" "integration_subnet_name" {
name = var.subnet_name
resource_group_name = data.azurerm_resource_group.rg2.name
virtual_network_name = var.vnet_name
}
data "azurerm_subnet" "private_endpoint_subnet_name" {
name = var.app_service_private_endpoint_subnet_name
resource_group_name = data.azurerm_resource_group.rg2.name
virtual_network_name = var.vnet_name
}
data "azurerm_storage_account" "storage_account" {
name = var.storage_account_name
resource_group_name = data.azurerm_resource_group.rg1.name
}
resource "azurerm_app_service_plan" "service_plan" {
count = var.app_service_plan_name == "" ? 1 : 0
name = "${local.app_service_name}asp"
location = var.location
resource_group_name = data.azurerm_resource_group.rg1.name
kind = "elastic"
sku {
tier = "WorkflowStandard"
size = local.sku_sizes[var.size]
}
}
module "storage_account" {
source = "./dfs_storage"
count = var.storage_account_name == "" ? 1 : 0
key_vault_is_required = false
lock_resource = false
fileshare_is_required = true
queue_is_required = true
table_is_required = true
dfs_subnet = var.subnet_name
hns = false
network_rules_default_action = "Deny"
}
resource "azurerm_storage_share" "logicApp" {
name = "${local.app_service_name}-content"
storage_account_name = var.storage_account_name
quota = 1024
depends_on = [
data.azurerm_storage_account.storage_account
]
}
resource "azurerm_logic_app_workflow" "logic_app" {
name = local.app_service_name
location = var.location
resource_group_name = data.azurerm_resource_group.rg1.name
identity {
type = "SystemAssigned"
}
}
resource "azurerm_private_endpoint" "endpoint" {
name = "${local.app_service_name}pe"
location = var.location
resource_group_name = var.resource_group_name
subnet_id = data.azurerm_subnet.private_endpoint_subnet_name.id
tags = {}
private_service_connection {
name = "${local.app_service_name}psc"
is_manual_connection = false
private_connection_resource_id = azurerm_logic_app_workflow.logic_app.id
subresource_names = ["workflow"]
}
lifecycle {
ignore_changes = [
network_interface,
subnet_id,
]
}
}
Error:
Error: creating Private Endpoint (Subscription: "" │ Resource Group Name: "" │ Private Endpoint Name: ""): performing CreateOrUpdate: unexpected status 400 with error: InvalidPrivateLinkServiceIdType: Private link service Id /subscriptions//resourceGroups//providers/Microsoft.Logic/workflows/ has an invalid resource type. Permitted type(s): Microsoft.DocumentDB/databaseAccounts, Microsoft.Sql/servers, Microsoft.Network/privateLinkServices, Microsoft.Web/sites, Microsoft.Web/hostingEnvironments, Microsoft.Storage/storageAccounts, Microsoft.DBforPostgreSQL/servers, Microsoft.DBforMySQL/servers, Microsoft.DBforMariaDB/servers, Microsoft.KeyVault/vaults, Microsoft.Synapse/workspaces, Microsoft.AppConfiguration/configurationStores, Microsoft.Search/searchServices, Microsoft.ContainerService/managedClusters, Microsoft.Attestation/attestationProviders, Microsoft.Devices/IotHubs, Microsoft.Cache/Redis, Microsoft.SignalRService/SignalR, Microsoft.MachineLearningServices/workspaces, Microsoft.Batch/batchAccounts, Microsoft.ContainerRegistry/registries, Microsoft.RecoveryServices/vaults, Microsoft.EventGrid/topics, Microsoft.EventGrid/domains, Microsoft.EventHub/namespaces, Microsoft.ServiceBus/namespaces, Microsoft.Relay/namespaces, Microsoft.StorageSync/storageSyncServices, Microsoft.HealthcareApis/services, Microsoft.Automation/automationAccounts, Microsoft.Insights/privateLinkScopes, Microsoft.CognitiveServices/accounts, Microsoft.Compute/diskAccesses, Microsoft.Network/applicationgateways, Microsoft.Media/mediaservices, Microsoft.Databricks/workspaces, Microsoft.Sql/managedInstances, Microsoft.Migrate/assessmentProjects, Microsoft.Migrate/migrateProjects, Microsoft.DataFactory/factories, Microsoft.Authorization/resourceManagementPrivateLinks, Microsoft.Devices/ProvisioningServices, Microsoft.Synapse/privateLinkHubs, Microsoft.PowerBI/privateLinkServicesForPowerBI, Microsoft.Cache/redisEnterprise, Microsoft.HybridCompute/privateLinkScopes, Microsoft.OffAzure/mastersites, Microsoft.TimeSeriesInsights/environments, Microsoft.DigitalTwins/digitalTwinsInstances, Microsoft.Keyvault/managedHSMs, Microsoft.Kusto/clusters, Microsoft.Purview/accounts, Microsoft.Web/staticSites, Microsoft.SignalRService/webPubSub, Microsoft.DeviceUpdate/accounts, Microsoft.DBforPostgreSQL/serverGroupsv2, Microsoft.HealthcareApis/workspaces, Microsoft.ApiManagement/service, Microsoft.HDInsight/clusters, Microsoft.DesktopVirtualization/hostpools, Microsoft.DesktopVirtualization/workspaces, Microsoft.Media/videoanalyzers, Microsoft.IoTCentral/IoTApps, Microsoft.EventGrid/partnerNamespaces, Microsoft.BotService/botServices, Microsoft.AgFoodPlatform/farmBeats, Microsoft.OpenEnergyPlatform/energyServices, Microsoft.Dashboard/grafana, Microsoft.DBforMySQL/flexibleServers, Microsoft.MachineLearningServices/registries, Microsoft.DBforPostgreSQL/flexibleServers, Microsoft.HardwareSecurityModules/cloudHsmClusters, Microsoft.Monitor/accounts, Microsoft.EventGrid/namespaces, Microsoft.ElasticSan/elasticSans.
This is resolved. The error you're encountering suggests that the provided private_connection_resource_id for your Logic App workflow is not of a valid resource type for a private link service. The permitted resource types for private link services do not include Logic App workflows according to the error message.
In your case, you've specified the subresource name as "workflow" in the subresource_names parameter, but it seems that Logic App workflows are not supported as private link services.