search

hashicorp / terraform-provider-azurerm

Terraform provider for Azure Resource Manager
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs
Mozilla Public License 2.0
4.58k stars 4.62k forks source link

Feature request : get azurerm_app_service custom domains ip address for azurerm_dns_a_record #14642

Open dpa456 opened 2 years ago

dpa456 commented 2 years ago

Community Note

Description

Hello, I'm trying to reflect records in the azure_dns_a_record, and I need the inbound ip address of the azure app service.

Can you add or import the code for that part?

In ms, you can get it as inbound ip. (https://docs.microsoft.com/en-us/azure/app-service/overview-inbound-outbound-ips)

New or Affected Resource(s)

Potential Terraform Configuration

resource "azurerm_dns_a_record" "dns_a" {
  ...
  target_resource_id  = azurerm_app_service.target_app_service.custom_domain_ip
  or
  target_resource_id  = azurerm_app_service.target_app_service.inbound_ip_address
}

image

References

https://docs.microsoft.com/en-us/azure/dns/dns-web-sites-custom-domain https://docs.microsoft.com/en-us/azure/app-service/overview-inbound-outbound-ips

When I looked it up, it looked like the issue. It's okay if you connect or merge it with that content.

https://github.com/hashicorp/terraform-provider-azurerm/issues/14385

mateusz-opoka commented 2 years ago

Hi! I've just found a workaround.

You can use hashicorp/dns provider to get this IP address by default hostname.

For example:

resource "azurerm_linux_web_app" "example" {
  name                = "example"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_service_plan.example.location
  service_plan_id     = azurerm_service_plan.example.id

  site_config {}
}

data "dns_a_record_set" "app_ip_address" {
  host = azurerm_linux_web_app.example.default_hostname
}

resource "azurerm_dns_a_record" "dns_a" {
  # ...
  target_resource_id  = data.dns_a_record_set.app_ip_address.addrs[0]
}
dpa456 commented 2 years ago

Hi! I've just found a workaround.

You can use hashicorp/dns provider to get this IP address by default hostname.

For example:

resource "azurerm_linux_web_app" "example" {
  name                = "example"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_service_plan.example.location
  service_plan_id     = azurerm_service_plan.example.id

  site_config {}
}

data "dns_a_record_set" "app_ip_address" {
  host = azurerm_linux_web_app.example.default_hostname
}

resource "azurerm_dns_a_record" "dns_a" {
  # ...
  target_resource_id  = data.dns_a_record_set.app_ip_address.addrs[0]
}

Thank you for your answer. Oh, that's a good suggestion. I will test it soon and share the results.

PurkkaKoodari commented 2 years ago

+1. We are in the process of transferring an existing service, hosted at an apex domain (like contoso.com) to Azure, where we can't use a CNAME and thus need the IP address. We'd prefer not to resort to the DNS workaround.

It seems to me that this was already discussed in #5333, which was closed incorrectly. Unless using IP-based SSL, which comes with a significant additional cost, virtual_ip cannot be used for this purpose.

dpa456 commented 2 years ago

@mateusz-opoka Hello, I'm sorry for the delay in sharing.

I tested it, and I can get it from a single test well. However, sometimes for a record, if you get it as 'each.key', you can't get it due to deployment timing.

And from my service point of view, I couldn't support azurem_linux_web_app due to version. I'm still using the last argument of azurerm_app_service outbound_ip_address, and I hope to get inbound_ip_address from app_service.

If azurerm_linux_web_app using cannot process my suggestion direction is as follows.

resource "azurerm_dns_a_record" "xtrm_dns_a" {
...
records = [element(split(",", "${azurerm_app_service.your_service_name.outbound_ip_addresses"), length(split(",", "$(azurerm_app_service.your_service_name.outbound_ip_addresses}")) -1)]
...
}
dpa456 commented 2 years ago

+1. We are in the process of transferring an existing service, hosted at an apex domain (like contoso.com) to Azure, where we can't use a CNAME and thus need the IP address. We'd prefer not to resort to the DNS workaround.

It seems to me that this was already discussed in #5333, which was closed incorrectly. Unless using IP-based SSL, which comes with a significant additional cost, virtual_ip cannot be used for this purpose.

right, that part is # 14385 specified here. Please refer to the link above

xiaxyi commented 9 months ago

Hi All, terraform currently is not able to support this property until it got exposed by azure rest api. The issue is tracked via:https://github.com/Azure/azure-rest-api-specs/issues/27377