0

I am trying to create Logic App using ARM Template with existing Vnet and Subnet, but not able to do show, I am getting below error, I am new to ARM templates:

I am also sure whatever, I am doing is the correct way of doing it.

Error : "code":"PrivateEndpointCreationNotAllowedAsSubnetIsDelegated","message":"Private endpoint /subscriptions/f3ffdd01-4400-4ebe-8761-59ecebeba1a2/resourceGroups/logicapp-test-abhishek/providers/Microsoft.Network/privateEndpoints/name cannot be created as subnet /subscriptions/f3ffdd01-4400-4ebe-8761-123abdhuue/resourceGroups/my-rg/providers/Microsoft.Network/virtualNetworks/vnet-dev-eastus-edw/subnets/my-vnet is delegated."}]}

Here is my code :

    {
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "logicAppFEname": {
      "type": "String"
    },
    "appInsightName": {
      "type": "String"
    },
    "privateEndpointName": {
      "type": "string"
    },
    "vnetName": {
      "type": "string"
    },
    "vnetRg": {
      "type": "string"
    },
    "subNetName": {
      "type": "string"
    },
    "use32BitWorkerProcess": {
      "type": "Bool"
    },
    "location": {
      "defaultValue": "[resourceGroup().location]",
      "type": "String",
      "metadata": {
        "description": "Location to deploy resources to."
      }
    },
    "hostingPlanFEName": {
      "type": "String"
    },
    "contentStorageAccountName": {
      "type": "String"
    },
    "sku": {
      "type": "String"
    },
    "skuCode": {
      "type": "String"
    },
    "workerSize": {
      "type": "String"
    },
    "workerSizeId": {
      "type": "String"
    },
    "numberOfWorkers": {
      "type": "String"
    }
  },
  "variables": {
    "fileShareName": "[concat(toLower(parameters('logicAppFEname')), 'b86e')]"
  },
  "resources": [
    {
      "type": "Microsoft.Storage/storageAccounts",
      "apiVersion": "2021-04-01",
      "name": "[parameters('contentStorageAccountName')]",
      "location": "[resourceGroup().location]",
      "dependsOn": [],
      "sku": {
        "name": "Standard_LRS",
        "tier": "Standard"
      },
      "kind": "StorageV2",
      "properties": {
        "mode": "Incremental",
        "networkAcls": {
          "bypass": "AzureServices",
          "defaultAction": "Allow"
        },
        "supportsHttpsTrafficOnly": true,
        "encryption": {
          "services": {
            "file": {
              "keyType": "Account",
              "enabled": true
            },
            "blob": {
              "keyType": "Account",
              "enabled": true
            }
          },
          "keySource": "Microsoft.Storage"
        }
      }
    },
    {
      "type": "Microsoft.Storage/storageAccounts/fileServices/shares",
      "apiVersion": "2021-04-01",
      "name": "[concat(parameters('contentStorageAccountName'), '/default/', variables('fileShareName'))]",
      "dependsOn": [
        "[parameters('contentStorageAccountName')]"
      ]
    },
    {
      "type": "Microsoft.Web/sites",
      "apiVersion": "2021-03-01",
      "name": "[parameters('vnetName')]",
      "location": "[resourceGroup().location]",
      "dependsOn": [
        "[resourceId('Microsoft.Web/sites/', parameters('logicAppFEname'))]"
      ],
      "properties": {
        "subnetRef": "[resourceId('Microsoft.Network/virtualNetworks/subnets',parameters('vnetName'), parameters('subnetName'))]",
        "isSwift": true
      }
    },
    {
      "type": "Microsoft.Network/privateEndpoints",
      "apiVersion": "2021-03-01",
      "name": "[parameters('privateEndpointName')]",
      "location": "[parameters('location')]",
      "tags": {},
      "dependsOn": [
        "[resourceId('Microsoft.Web/sites', parameters('logicAppFEname'))]"
      ],
      "properties": {
        "subnet": {
          "id": "[resourceId(parameters('vnetRg'), 'Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('subNetName'))]"
        },
        "privateLinkServiceConnections": [
          {
            "name": "[parameters('privateEndpointName')]",
            "properties": {
              "privateLinkServiceId": "[resourceId('Microsoft.Web/sites',parameters('logicAppFEname'))]",
              "groupIds": [
                "Web/sites"
              ]
            }
          }
        ]
      }
    },
    {
      "type": "Microsoft.Insights/components",
      "apiVersion": "2020-02-02",
      "name": "[parameters('appInsightName')]",
      "location": "[resourceGroup().location]",
      "kind": "web",
      "properties": {
        "mode": "Incremental",
        "Application_Type": "web"
      }
    },
    {
      "type": "Microsoft.Web/sites",
      "apiVersion": "2018-11-01",
      "name": "[parameters('logicAppFEname')]",
      "location": "[resourceGroup().location]",
      "dependsOn": [
        "[concat('Microsoft.Web/serverfarms/', parameters('hostingPlanFEName'))]"
      ],
      "tags": {},
      "kind": "functionapp,workflowapp",
      "identity": {
        "type": "SystemAssigned"
      },
      "properties": {
        "mode": "Incremental",
        "name": "[parameters('logicAppFEname')]",
        "siteConfig": {
          "appSettings": [
            {
              "name": "FUNCTIONS_EXTENSION_VERSION",
              "value": "~3"
            },
            {
              "name": "FUNCTIONS_WORKER_RUNTIME",
              "value": "node"
            },
            {
              "name": "APPINSIGHTS_INSTRUMENTATIONKEY",
              "value": "[reference(resourceId('Microsoft.Insights/components', parameters('appInsightName')), '2015-05-01').InstrumentationKey]"
            },
            {
              "name": "APPLICATIONINSIGHTS_CONNECTION_STRING",
              "value": "[reference(resourceId('Microsoft.Insights/components', parameters('appInsightName')), '2015-05-01').ConnectionString]"
            },
            {
              "name": "AzureWebJobsStorage",
              "value": "[concat('DefaultEndpointsProtocol=https;AccountName=',parameters('contentStorageAccountName'),';AccountKey=',listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('contentStorageAccountName')), '2019-06-01').keys[0].value,';EndpointSuffix=','core.windows.net')]"
            },
            {
              "name": "WEBSITE_CONTENTAZUREFILECONNECTIONSTRING",
              "value": "[concat('DefaultEndpointsProtocol=https;AccountName=',parameters('contentStorageAccountName'),';AccountKey=',listKeys(resourceId('Microsoft.Storage/storageAccounts', parameters('contentStorageAccountName')), '2019-06-01').keys[0].value,';EndpointSuffix=','core.windows.net')]"
            },
            {
              "name": "WEBSITE_CONTENTSHARE",
              "value": "[variables('fileShareName')]"
            },
            {
              "name": "APP_KIND",
              "value": "workflowApp"
            },
            {
              "name": "WEBSITE_DNS_SERVER",
              "value": "168.63.129.16"
            },
            {
              "name": "AzureFunctionsJobHost__extensionBundle__id",
              "value": "Microsoft.Azure.Functions.ExtensionBundle.Workflows",
              "slotSetting": false
            },
            {
              "name": "AzureFunctionsJobHost__extensionBundle__version",
              "value": "[1.*, 2.0.0)",
              "slotSetting": false
            },
            {
              "name": "WEBSITE_CONTENTOVERVNET",
              "value": "1",
              "slotSetting": false
            },
            {
              "name": "WEBSITE_VNET_ROUTE_ALL",
              "value": "1"
            }
          ],
          "use32BitWorkerProcess": "[parameters('use32BitWorkerProcess')]",
          "cors": {
            "allowedOrigins": [
              "https://afd.hosting.portal.azure.net",
              "https://afd.hosting-ms.portal.azure.net",
              "https://hosting.portal.azure.net",
              "https://ms.hosting.portal.azure.net",
              "https://ema-ms.hosting.portal.azure.net",
              "https://ema.hosting.portal.azure.net",
              "https://ema.hosting.portal.azure.net"
            ]
          }
        },
        "serverFarmId": "[resourceId('Microsoft.Web/serverfarms/', parameters('hostingPlanFEName'))]",
        "clientAffinityEnabled": true
      },
      "resources": []
    },
    {
      "type": "Microsoft.Web/serverfarms",
      "apiVersion": "2018-11-01",
      "name": "[parameters('hostingPlanFEName')]",
      "location": "[resourceGroup().location]",
      "dependsOn": [],
      "tags": {},
      "sku": {
        "Tier": "[parameters('sku')]",
        "Name": "[parameters('skuCode')]"
      },
      "kind": "",
      "properties": {
        "mode": "Incremental",
        "name": "[parameters('hostingPlanFEName')]",
        "workerSize": "[parameters('workerSize')]",
        "workerSizeId": "[parameters('workerSizeId')]",
        "numberOfWorkers": "[parameters('numberOfWorkers')]",
        "maximumElasticWorkerCount": "20"
      }
    }
  ]
}
Thomas
  • 24,234
  • 6
  • 81
  • 125
Abhishek Singh
  • 42
  • 2
  • 11
  • According to the error you received, the subnet is delegated. Delegated subnets do not allow creation of private endpoints. See here for more information: https://learn.microsoft.com/en-us/azure/virtual-network/subnet-delegation-overview#impact-of-subnet-delegation-on-your-subnet – Michi Werner Jun 17 '22 at 22:06
  • Solution : I have used different subnet in the same vnet which is not delegated – Abhishek Singh Jan 12 '23 at 14:27

1 Answers1

1

For AppService the networking is different for inbound and outbound directions.

The template has the outbound set on Vnet subnet, and that subnet will have been delegated to the AppService. (A normal requirement with other AppService SKUs too).

You need to use a different subnet for inbound traffic to your privatelink connection, or look at other options like service endpoint if the sources are in Azure rather on-premises hybrid.

Craig McGregor
  • 51
  • 2