Closed nad-au closed 3 months ago
Hi. If I understand correctly, the problem is not the SP, but networking. When you deploy something through GitHub Actions, the GitHub Action Runners (GitHub-hosted runners) are located outside your private Virtual Network. In that case they cannot access any private service, such as Azure Key Vault with Private endpoint.
What you can alternatively do is to create a self hosted runner inside the Private Network where you plan to host Application Gateway, key vault or any other private resource.
I'm running scenario with App Gateway as an alternative to Front Door because of separate issue https://github.com/Azure/aca-landing-zone-accelerator/issues/114
When creating a cert in KV I'm getting an access issue:
I'm confused with the docs:
I'm trying to run Terraform in a GitHub Actions workflow and the Service Principal has owner role with subscription scope. It mentions commenting out the App Gateway module. Do you really mean this? You can't create App GW with SP?