Closed mitchellkingsley closed 1 year ago
I was facing the same issue. In my case, it was related to not whitelisting application gateway subnet on allowed KeyVault virtual network subnets. There was no descriptive error and it took me like 2 days to figure out what is going on.
I was facing the same issue. In my case, it was related to not whitelisting application gateway subnet on allowed KeyVault virtual network subnets. There was no descriptive error and it took me like 2 days to figure out what is going on.
Thanks!!!!!!
Similar issue to @naimadswdn, but although the app gateway subnet was allowed in keyvault, the logs showed requests coming from the public ip address of the gateway which also needed to be whitelisted(?!). Recommend anyone deploying app gateway and keyvault and experiencing issues uses the logging described here https://docs.microsoft.com/en-us/azure/key-vault/general/logging?tabs=Vault.
Thanks for opening this issue. This was a problem in the 2.x version of the provider which is no longer actively maintained. If this is still an issue with the 3.x version of the provider please do let us know by opening a new issue, thanks!
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Terraform (and AzureRM Provider) Version
Terraform v1.0.1 on linux_amd64
Affected Resource(s)
azurerm_application_gateway
Expected Behaviour
When creating an
application gateway
with SSL termination, if there are insufficient access permissions to thekey vault
containing a targetcertificate
then theapplication gateway
creation fails promptly with a descriptive error.Actual Behaviour
When creating an
application gateway
with SSL termination, when there are insufficient access permissions to akey vault
that contains a targetcertificate
creation fails with the following error after 25-30 minutes:I assume that the "insufficient access permissions" in my case is that my host IP is being blocked by the
Key Vault
even though it is specified as an exception in thenetwork_acls
block. See the Workaround section below for more detail.The config for the example
Key Vault
andAccess Policy
:The config for the example
Application Gateway
:Steps to Reproduce and Workaround
In my specific case, with the above configurations, the noted error occurred after a
terraform apply
.My workaround was to temporarily set the
network_acls
block in theazurerm_key_vault
to adefaut_action
ofAllow
during creation:Making this change allowed the
terraform apply
to complete successfully, removing the error quoted above. This indicates that the source of the failure arises from the allowedip_rules
I've specified. While the failure itself isn't the bug that I am looking to report (the lack of an appropriate error message is), any comments that shed light on why this failure occurs would be greatly appreciated.Community Note