cbellee / azure-iac-examples

Azure Infrastructure as Code examples
GNU General Public License v3.0
1 stars 2 forks source link

aca-internal-front-door-integration deployment issue #1

Open MohamedElso opened 6 months ago

MohamedElso commented 6 months ago

Hello @cbellee, Firstly, I would like to thank you for providing the repository. However, upon deploying the “aca-internal-front-door-integration” solution, I encountered an error. Could you please assist me in resolving this issue? module-afd colour5-afd-lcgyrlz6xch4o/secret-1 Secret BadReques { "status": "Failed", "error": { "code": "BadRequest", "message": "The Key Vault resource uri is not valid." } }

i suspect that the issue may reside within this segment of the code : resource wildcardCertificate 'Microsoft.Cdn/profiles/secrets@2022-11-01-preview' = { parent: frontDoor name: 'test-com' properties: { parameters: { type: 'CustomerCertificate' secretSource: { id: resourceId('Microsoft.KeyVault/vaults/secrets', keyVault.name, secretName) } useLatestVersion: true subjectAlternativeNames: [ '.${publicDomainName}' '.internal.${publicDomainName}' ] } } dependsOn: [ keyVaultRbac ] }

the cert import is successful and i see it under certificates section of key vault , could you please help identifying the issue ? Thanks

MohamedElso commented 6 months ago

Additionally, I am uncertain about the functionality of this parameter. Could you please provide more context or details? : param externalDomainResourceGroupName string = 'external-dns-zones-rg'

resource dnsZone 'Microsoft.Network/dnsZones@2023-07-01-preview' existing = { name: dnsZoneName scope: resourceGroup(externalDomainResourceGroupName) } resource keyVault 'Microsoft.KeyVault/vaults@2023-07-01' existing = { name: keyVaultName scope: resourceGroup(externalDomainResourceGroupName) } i don't see any resource group get created with this name ?? Thanks

cbellee commented 6 months ago

HI @MohamedElso, Thanks for reaching out! I haven't deployed this in a while, so will need to try it myself and get back to you.

For your second question, I have an Azure public DNS zone with the same name as the TLS certificate domain. I must have forgotten to remove the default value of external-dns-zones-rg from it, but you'd need to override it with the name of your own resource group containing the DNS zone.

MohamedElso commented 6 months ago

@cbellee thank you for your answer, waiting for your response about the mentioned issue.