Virtual network peering and service endpoints - how to allow two Azure app services to communicate

Question

I need some help in setting up some Azure infrastructure in Terraform. I have app service A which is in vnetA in subnetA, and app service B in vnetB and subnetB. AppA, vnetA, and subnetA were created manually a long time ago, and B resources I have created myself in Terraform. I have added a virtual network peering between the two vnets, but when calling appB from appA I still get 403.

resource "azurerm_subnet" "subnetB" {
  name                 = "subnetB"
  resource_group_name  = "rgB"
  virtual_network_name = "vnetB"
  address_prefixes     = [cidrsubnet(azurerm_virtual_network.vnetB.address_space[0], 2, 1)]

  delegation {
    name = "appServiceDelegation"
    service_delegation {
        name    = "Microsoft.Web/serverFarms"
        actions = ["Microsoft.Network/virtualNetworks/subnets/action"]
    }
  }  

  service_endpoints =  ["Microsoft.Web"]
}

What am I missing?

I have gone through similar questions, in subnetB I have added both app service delegation and service endpoints as was advised (here) but this did not fix the issue.

Update: I have verified that the address spaces of these vnets do not overlap (as this is one of the possible reasons for the failure to establish vnet peering).

Answer 1

After a lot of tweaking of my Terraform code for service B (thank you Vinay B) I have found the reason I was getting 403. When I went to the Networking section of function B and looked into Inbound traffic configuration, in the list of Site access and rules, I saw this warning

and when hovering over the warning sign, I was getting this: So, it turns out that the subnet A (which I didn't manage via Terraform) did not have Microsoft.Web endpoint set up. When I added the endpoint manually, I finally started getting 200 responses.