Terraform-Azure-Unable to create Private IP configuration for application Gateway StandardV2

Question

I'm trying to create an application gateway (Standard V2) with both public IP and private IP configuration, but upon creation only public IP is being created and private IP configuration is nowhere to be found. I don't see any mistake in my terraform code at all. I'm not sure where I'm missing things.Below is my terraform code.

provider "azurerm" {
  version = "=1.44"
}
provider "null" {
  version = "=2.1"
}

resource "azurerm_public_ip" "appgwip" {
  name                = "appgwtestpip"
  location            = "Southeast Asia"
  resource_group_name = "myrgname"
  allocation_method   = "Static"
  sku  = "Standard"
}

resource "azurerm_application_gateway" "appgw" {
    depends_on  = [azurerm_public_ip.appgwip]
    name = "testappgw-sea"
    resource_group_name = "myrgname"
    location  = "Southeast Asia"
    sku {
        name = "Standard_v2"
        tier = "Standard_v2"
        capacity = 2
    }
    gateway_ip_configuration {
        name = "APPGW-IPCONFIG-test"
        subnet_id = "mysubnetid"
    }
    frontend_port {
        name = "Httpport"
        port = 80
    }
    frontend_ip_configuration {
        name = "AppgwPIPConfig"
        public_ip_address_id = azurerm_public_ip.appgwip.id
        private_ip_address   = "An IP address within the subnet range"
        private_ip_address_allocation  = "Static"
    }
    backend_address_pool {
        name = "test-bp"
 {
         name = "test-listener-80"
         frontend_ip_configuration_name = "AppgwPIPConfig"
         frontend_port_name = "Httpport"
         protocol = "Http"
     }
     request_routing_rule {
         name = "test-rule01"
         rule_type = "Basic"
         http_listener_name = "test-listener-80"
         backend_address_pool_name = "test-bp"
         backend_http_settings_name = "test-http"
     }

}

@NancyXiong Haven't tried out yet. Will Accept if it works. – vishal Jun 08 '20 at 07:44 — vishal, Jun 08 '20 at 07:44

score 6 · Accepted Answer · answered Jun 08 '20 at 02:21

You should define two frontend_ip_configuration blocks, one is used for public IP configuration, another is used for private IP configuration.

Here is a working example for your reference.

 # since these variables are re-used - a locals block makes this more maintainable
locals {
  backend_address_pool_name      = "${azurerm_virtual_network.test.name}-beap"
  frontend_port_name             = "${azurerm_virtual_network.test.name}-feport"
  frontend_ip_configuration_name = "${azurerm_virtual_network.test.name}-feip"
  http_setting_name              = "${azurerm_virtual_network.test.name}-be-htst"
  listener_name                  = "${azurerm_virtual_network.test.name}-httplstn"
  request_routing_rule_name      = "${azurerm_virtual_network.test.name}-rqrt"
  redirect_configuration_name    = "${azurerm_virtual_network.test.name}-rdrcfg"
}




resource "azurerm_application_gateway" "network" {
  name                = "example-appgateway"
  resource_group_name = "${azurerm_resource_group.test.name}"
  location            = "${azurerm_resource_group.test.location}"

  sku {
    name     = "WAF_v2"
    tier     = "WAF_v2"
    capacity = 2
  }

  gateway_ip_configuration {
    name      = "my-gateway-ip-configuration"
    subnet_id = "${azurerm_subnet.frontend.id}"
  }


  frontend_port {
    name = "${local.frontend_port_name}"
    port = 80
  }

  frontend_ip_configuration {
    name                 = "${local.frontend_ip_configuration_name}"
    public_ip_address_id = "${azurerm_public_ip.test.id}"
  }


 frontend_ip_configuration {
    name                 = "${local.frontend_ip_configuration_name}-private"
    subnet_id = "${azurerm_subnet.frontend.id}"
    private_ip_address_allocation = "Static"
    private_ip_address = "10.254.0.10"
  }



  backend_address_pool {
    name = "${local.backend_address_pool_name}"
  }

  backend_http_settings {
    name                  = "${local.http_setting_name}"
    cookie_based_affinity = "Disabled"
    path                  = "/path1/"
    port                  = 80
    protocol              = "Http"
    request_timeout       = 1
  }

  http_listener {
    name                           = "${local.listener_name}"
    frontend_ip_configuration_name = "${local.frontend_ip_configuration_name}"
    frontend_port_name             = "${local.frontend_port_name}"
    protocol                       = "Http"
  }

  request_routing_rule {
    name                       = "${local.request_routing_rule_name}"
    rule_type                  = "Basic"
    http_listener_name         = "${local.listener_name}"
    backend_address_pool_name  = "${local.backend_address_pool_name}"
    backend_http_settings_name = "${local.http_setting_name}"
  }
}

This worked, Accepted the answer. However I don't see this two front-end IP config things explained anywhere in the doc https://www.terraform.io/docs/providers/azurerm/r/application_gateway.html#frontend_ip_configuration-1. Also I can see they have mentioned "subnet_id" as required field. but as you can see in the my question I did not mention subnet_id at all and still I was able to create appgw successfully. Guess there is a lot of groom for improvement in their docs. — vishal, Jun 09 '20 at 06:27

Terraform-Azure-Unable to create Private IP configuration for application Gateway StandardV2

1 Answers1