Is there an existing issue for this?

[X] I have searched the existing issues

Community Note

Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

3.35 tried using 3.64 as well

AzureRM Provider Version

3.35

Affected Resource(s)/Data Source(s)

azurerm_lb.tf-ilb

Terraform Configuration Files

######################################################################
# Internal Load Balancer Info
######################################################################

  internal_load_balancers = {
  VES-ILB-zUC1-INT-UNIT-SS-APP-001 = {
    rg_name  = "VES-RG-zUC1-NPROD-SS-NETWORK-001"
    location = "centralus"
    frontend_ips = {

      "voyamdmcloud.zuc1.unit.gluedomain.io" = { 
        subnet_name        = "VES-SUBNET-zUC1-INT-UNIT-SS-APP-VIP"
        vnet_name          = "VES-vNET-zUC1-INT-UNIT-SS"
        rg_name            = "VES-RG-zUC1-NPROD-SS-NETWORK-001"
        private_ip_address = "10.151.224.200"
        zones              = ["1", "2", "3"]
      }, 
       "snaplogic.unit.gluedomain.io" = { 
        subnet_name        = "VES-SUBNET-zUC1-INT-UNIT-SS-APP-VIP"
        vnet_name          = "VES-vNET-zUC1-INT-UNIT-SS"
        rg_name            = "VES-RG-zUC1-NPROD-SS-NETWORK-001"
        private_ip_address = "10.151.224.201"
        zones              = ["1", "2", "3"]
      }, 

    }
    tags = {AppSupportGroup = "NA",ApplicationName = "NA"}
  },

}

######################################################################
# ILB Backend Address Pool Info
######################################################################

lb_backend_pools = {
 VES-LBPool-zUC1-INT-UNIT-SS-APP-001 = {
  lb_name = "VES-ILB-zUC1-INT-UNIT-SS-APP-001"
    lb_rg_name = "VES-RG-zUC1-NPROD-SS-NETWORK-001"
    pool_members = {
      uuc1lmdm9000 = {
        ip_address   = "10.151.224.9"
        vnet_name    = "VES-vNET-zUC1-INT-UNIT-SS"
        vnet_rg_name = "VES-RG-zUC1-NPROD-SS-NETWORK-001"
      },
     }
 }, 
 VES-BEP-zUC1-INT-UNIT-SS-APP-SNAP-001 = {
  lb_name = "VES-ILB-zUC1-INT-UNIT-SS-APP-001"
    lb_rg_name = "VES-RG-zUC1-NPROD-SS-NETWORK-001"
    pool_members = {
      uuc1ledp9001 = {
        ip_address   = "10.151.224.58"
        vnet_name    = "VES-vNET-zUC1-INT-UNIT-SS"
        vnet_rg_name = "VES-RG-zUC1-NPROD-SS-NETWORK-001"
      },
     }
}, 
}

######################################################################
# ILB Rule Info 
######################################################################

lb_rules = {
 VES-LBRule-zUC1-INT-UNIT-SS-APP-001 = {
    lb_name                   = "VES-ILB-zUC1-INT-UNIT-SS-APP-001"
    lb_rg_name                = "VES-RG-zUC1-NPROD-SS-NETWORK-001"
    frontend_ip_config_name   = "voyamdmcloud.zuc1.unit.gluedomain.io"
    protocol                  = "Tcp"
    frontend_port             = 443
    backend_port              = 9003
    backend_address_pool_name = "VES-LBPool-zUC1-INT-UNIT-SS-APP-001"
    probe_name                = "MDM-Probe-001"
    enable_floating_ip        = false
    idle_timeout_minutes      = 4
    load_distribution         = ""
    disable_outbound_snat     = false
    enable_tcp_reset          = false
  }, 
  VES-BER-zUC1-INT-UNIT-SS-APP-SNAP-001 = {
    lb_name                   = "VES-ILB-zUC1-INT-UNIT-SS-APP-001"
    lb_rg_name                = "VES-RG-zUC1-NPROD-SS-NETWORK-001"
    frontend_ip_config_name   = "snaplogic.unit.gluedomain.io"
    protocol                  = "Tcp"
    frontend_port             = 8081
    backend_port              = 8081
    backend_address_pool_name = "VES-BEP-zUC1-INT-UNIT-SS-APP-SNAP-001"
    probe_name                = "VES-BHP-zUC1-INT-UNIT-SS-APP-SNAP-001"
    enable_floating_ip        = false
    idle_timeout_minutes      = 4
    load_distribution         = ""
    disable_outbound_snat     = false
    enable_tcp_reset          = false
  }, 

}

######################################################################
# ILB Probe Info 
######################################################################

lb_probes = {
 MDM-Probe-001 = {
    lb_name                      = "VES-ILB-zUC1-INT-UNIT-SS-APP-001"
    lb_rg_name                   = "VES-RG-zUC1-NPROD-SS-NETWORK-001"
    protocol                     = "Https"
    port                         = 9003
    request_path                 = "/voyamdm/mdmstat/health"
    interval_in_seconds          = 5
    number_of_probes             = 2
  },  
   VES-BHP-zUC1-INT-UNIT-SS-APP-SNAP-001 = {
    lb_name                      = "VES-ILB-zUC1-INT-UNIT-SS-APP-SNAP-001"
    lb_rg_name                   = "VES-RG-zUC1-NPROD-SS-NETWORK-001"
    protocol                     = "Https"
    port                         = 8081
    request_path                 = "/"
    interval_in_seconds          = 5
    number_of_probes             = 2
  },   

}

Debug Output/Panic Output

if you run the above code you see the following output 

Terraform will perform the following actions:

  # module.ilb["VES-ILB-zUC1-INT-UNIT-SS-APP-001"].azurerm_lb.tf-ilb will be updated in-place
  ~ resource "azurerm_lb" "tf-ilb" {
        id                   = "/subscriptions/8964a126-b57d-470d-9f43-73df029f50ba/resourceGroups/VES-RG-zUC1-NPROD-SS-NETWORK-001/providers/Microsoft.Network/loadBalancers/VES-ILB-zUC1-INT-UNIT-SS-APP-001"
        name                 = "VES-ILB-zUC1-INT-UNIT-SS-APP-001"
        tags                 = {
            "AppSupportGroup"   = "NA"
            "ApplicationName"   = "NA"
            "CloudRegion"       = "centralus"
            "InfraSupportGroup" = "X_NETWORK_CLOUD"
            "SDLCRegion"        = "UNIT"
            "ServiceType"       = "Network"
            "SupportGroup"      = "networkers@list.voya.com"
        }
        # (6 unchanged attributes hidden)

      ~ frontend_ip_configuration {
            id                            = "/subscriptions/8964a126-b57d-470d-9f43-73df029f50ba/resourceGroups/VES-RG-zUC1-NPROD-SS-NETWORK-001/providers/Microsoft.Network/loadBalancers/VES-ILB-zUC1-INT-UNIT-SS-APP-001/frontendIPConfigurations/voyamdmcloud.zuc1.unit.gluedomain.io"
          ~ name                          = "voyamdmcloud.zuc1.unit.gluedomain.io" -> "snaplogic.unit.gluedomain.io"
          ~ private_ip_address            = "10.151.224.200" -> "10.151.224.201"
            # (7 unchanged attributes hidden)
        }
      + frontend_ip_configuration {
          + inbound_nat_rules             = (known after apply)
          + load_balancer_rules           = (known after apply)
          + name                          = "voyamdmcloud.zuc1.unit.gluedomain.io"
          + outbound_rules                = (known after apply)
          + private_ip_address            = "10.151.224.200"
          + private_ip_address_allocation = "static"
          + private_ip_address_version    = "IPv4"
          + subnet_id                     = "/subscriptions/8964a126-b57d-470d-9f43-73df029f50ba/resourceGroups/VES-RG-zUC1-NPROD-SS-NETWORK-001/providers/Microsoft.Network/virtualNetworks/VES-vNET-zUC1-INT-UNIT-SS/subnets/VES-SUBNET-zUC1-INT-UNIT-SS-APP-VIP"
          + zones                         = [
              + "1",
              + "2",
              + "3",
            ]
        }
    }

  # module.lb_backend_pool["VES-BEP-zUC1-INT-UNIT-SS-APP-SNAP-001"].azurerm_lb_backend_address_pool.tf_backend_pool will be created
  + resource "azurerm_lb_backend_address_pool" "tf_backend_pool" {
      + backend_ip_configurations = (known after apply)
      + id                        = (known after apply)
      + inbound_nat_rules         = (known after apply)
      + load_balancing_rules      = (known after apply)
      + loadbalancer_id           = "/subscriptions/8964a126-b57d-470d-9f43-73df029f50ba/resourceGroups/VES-RG-zUC1-NPROD-SS-NETWORK-001/providers/Microsoft.Network/loadBalancers/VES-ILB-zUC1-INT-UNIT-SS-APP-001"
      + name                      = "VES-BEP-zUC1-INT-UNIT-SS-APP-SNAP-001"
      + outbound_rules            = (known after apply)
    }

  # module.lb_backend_pool["VES-BEP-zUC1-INT-UNIT-SS-APP-SNAP-001"].azurerm_lb_backend_address_pool_address.tf_backend_pool_member["uuc1ledp9001"] will be created
  + resource "azurerm_lb_backend_address_pool_address" "tf_backend_pool_member" {
      + backend_address_pool_id       = (known after apply)
      + id                            = (known after apply)
      + inbound_nat_rule_port_mapping = (known after apply)
      + ip_address                    = "10.151.224.58"
      + name                          = "uuc1ledp9001"
      + virtual_network_id            = "/subscriptions/8964a126-b57d-470d-9f43-73df029f50ba/resourceGroups/VES-RG-zUC1-NPROD-SS-NETWORK-001/providers/Microsoft.Network/virtualNetworks/VES-vNET-zUC1-INT-UNIT-SS"
    }

  # module.lb_probe["VES-BHP-zUC1-INT-UNIT-SS-APP-SNAP-001"].azurerm_lb_probe.tf_lbprobe will be created
  + resource "azurerm_lb_probe" "tf_lbprobe" {
      + id                  = (known after apply)
      + interval_in_seconds = 5
      + load_balancer_rules = (known after apply)
      + loadbalancer_id     = "/subscriptions/8964a126-b57d-470d-9f43-73df029f50ba/resourceGroups/VES-RG-zUC1-NPROD-SS-NETWORK-001/providers/Microsoft.Network/loadBalancers/VES-ILB-zUC1-INT-UNIT-SS-APP-SNAP-001"
      + name                = "VES-BHP-zUC1-INT-UNIT-SS-APP-SNAP-001"
      + number_of_probes    = 2
      + port                = 8081
      + probe_threshold     = 1
      + protocol            = "Https"
      + request_path        = "/"
    }

  # module.lb_rule["VES-BER-zUC1-INT-UNIT-SS-APP-SNAP-001"].azurerm_lb_rule.tf_lbrule will be created
  + resource "azurerm_lb_rule" "tf_lbrule" {
      + backend_address_pool_ids       = (known after apply)
      + backend_port                   = 8081
      + disable_outbound_snat          = false
      + enable_floating_ip             = false
      + enable_tcp_reset               = false
      + frontend_ip_configuration_id   = (known after apply)
      + frontend_ip_configuration_name = "snaplogic.unit.gluedomain.io"
      + frontend_port                  = 8081
      + id                             = (known after apply)
      + idle_timeout_in_minutes        = 4
      + load_distribution              = (known after apply)
      + loadbalancer_id                = "/subscriptions/8964a126-b57d-470d-9f43-73df029f50ba/resourceGroups/VES-RG-zUC1-NPROD-SS-NETWORK-001/providers/Microsoft.Network/loadBalancers/VES-ILB-zUC1-INT-UNIT-SS-APP-001"
      + name                           = "VES-BER-zUC1-INT-UNIT-SS-APP-SNAP-001"
      + probe_id                       = (known after apply)
      + protocol                       = "Tcp"
    }

Expected Behaviour

it would add the new front end IP without recreating the one that is there

Actual Behaviour

it trys to change the configuration of the current frontend IP then tries to add the original frontend ip that was there

when you change the name of the frontend ip to become alphabetically equal alphabetically after it functions as expected

Steps to Reproduce

run the included code or any update that adds a frontend ip to a load balancer that name is alphabetically before the current one

example adding a frontend ip address "alpha" when "beta" already exists

Important Factoids

if you change the name of the frontend IP to be alphabetically the same or after the current frontend IP will not have the issue

References

the name should not affect the the behavior of the code

hi @nvolonakis49 thanks for filing this issue. could you please share the configuration of the azurerm_lb before and after the updation, especially the frontend_ip_configuration blocks. because I did not repro the issue with local configuration update:

from:

resource "azurerm_lb" "test" {
  name                = "x-loadbalancer-xx"
  location            = azurerm_resource_group.test.location
  resource_group_name = azurerm_resource_group.test.name

  frontend_ip_configuration {
    name                 = "one-230712172023606699"
    public_ip_address_id = azurerm_public_ip.test.id
  }
}

to:

resource "azurerm_lb" "test" {
  name                = "x-loadbalancer-xx"
  location            = azurerm_resource_group.test.location
  resource_group_name = azurerm_resource_group.test.name

  frontend_ip_configuration {
    name                 = "one-230712172023606699"
    public_ip_address_id = azurerm_public_ip.test.id
  }

  frontend_ip_configuration {
    name                 = "awo-230712172023606699"
    public_ip_address_id = azurerm_public_ip.test1.id
  }
}

terraform plan gives below output as expected:

internal_load_balancers = { ############## this is for internal load balancer ################# VES-ILB-zUC1-INT-UNIT-SS-APP-001 = { rg_name = "VES-RG-zUC1-NPROD-SS-NETWORK-001" location = "centralus" frontend_ips = {

  "voyamdmcloud.zuc1.unit.gluedomain.io" = { 
    subnet_name        = "VES-SUBNET-zUC1-INT-UNIT-SS-APP-VIP"
    vnet_name          = "VES-vNET-zUC1-INT-UNIT-SS"
    rg_name            = "VES-RG-zUC1-NPROD-SS-NETWORK-001"
    private_ip_address = "10.151.224.200"
    zones              = ["1", "2", "3"]
  },# adding new loadbalancer front end IP here }
   "snaplogic.unit.gluedomain.io" = { 
    subnet_name        = "VES-SUBNET-zUC1-INT-UNIT-SS-APP-VIP"
    vnet_name          = "VES-vNET-zUC1-INT-UNIT-SS"
    rg_name            = "VES-RG-zUC1-NPROD-SS-NETWORK-001"
    private_ip_address = "10.151.224.201"
    zones              = ["1", "2", "3"]
  }, 

}
tags = {AppSupportGroup = "NA",ApplicationName = "NA"}

}

When i try to run the code above to add the new frontend ip it does want to do an update in place but the message i get from terraform is it wants to change the current front end IP and re add the original #################################### in your example it looks like you are working on a EXTERNAL balancer which is different from an INTERNAL load balancer #############################

############################################################################################################

MESSAGE from TERRAFORM

Terraform will perform the following actions:

module.ilb["VES-ILB-zUC1-INT-UNIT-SS-APP-001"].azurerm_lb.tf-ilb will be updated in-place

~ resource "azurerm_lb" "tf-ilb" { id = "/subscriptions/8964a126-b57d-470d-9f43-73df029f50ba/resourceGroups/VES-RG-zUC1-NPROD-SS-NETWORK-001/providers/Microsoft.Network/loadBalancers/VES-ILB-zUC1-INT-UNIT-SS-APP-001" name = "VES-ILB-zUC1-INT-UNIT-SS-APP-001" tags = { "AppSupportGroup" = "NA" "ApplicationName" = "NA" "CloudRegion" = "centralus" "InfraSupportGroup" = "X_NETWORK_CLOUD" "SDLCRegion" = "UNIT" "ServiceType" = "Network" "SupportGroup" = "networkers@list.voya.com" }

(6 unchanged attributes hidden)

  ~ frontend_ip_configuration {
        id                            = "/subscriptions/8964a126-b57d-470d-9f43-73df029f50ba/resourceGroups/VES-RG-zUC1-NPROD-SS-NETWORK-001/providers/Microsoft.Network/loadBalancers/VES-ILB-zUC1-INT-UNIT-SS-APP-001/frontendIPConfigurations/voyamdmcloud.zuc1.unit.gluedomain.io"
      ~ name                          = "voyamdmcloud.zuc1.unit.gluedomain.io" -> "snaplogic.unit.gluedomain.io"
      ~ private_ip_address            = "10.151.224.200" -> "10.151.224.201"    ###right here it is changing the current *****
        # (7 unchanged attributes hidden)
    }
  + frontend_ip_configuration {
      + inbound_nat_rules             = (known after apply)
      + load_balancer_rules           = (known after apply)
      + name                          = "voyamdmcloud.zuc1.unit.gluedomain.io"
      + outbound_rules                = (known after apply)
      + private_ip_address            = "10.151.224.200"
      + private_ip_address_allocation = "static"
      + private_ip_address_version    = "IPv4"
      + subnet_id                     = "/subscriptions/8964a126-b57d-470d-9f43-73df029f50ba/resourceGroups/VES-RG-zUC1-NPROD-SS-NETWORK-001/providers/Microsoft.Network/virtualNetworks/VES-vNET-zUC1-INT-UNIT-SS/subnets/VES-SUBNET-zUC1-INT-UNIT-SS-APP-VIP"
      + zones                         = [
          + "1",
          + "2",
          + "3",
        ]
    }
}

################################################################################################END of message from terraform ###########################################################################

When we change the code to be alphatetically eqaul with first letter

internal_load_balancers = { VES-ILB-zUC1-INT-UNIT-SS-APP-001 = { rg_name = "VES-RG-zUC1-NPROD-SS-NETWORK-001" location = "centralus" frontend_ips = {

  "voyamdmcloud.zuc1.unit.gluedomain.io" = { 
    subnet_name        = "VES-SUBNET-zUC1-INT-UNIT-SS-APP-VIP"
    vnet_name          = "VES-vNET-zUC1-INT-UNIT-SS"
    rg_name            = "VES-RG-zUC1-NPROD-SS-NETWORK-001"
    private_ip_address = "10.151.224.200"
    zones              = ["1", "2", "3"]
  }, 
   "vsnaplogic.unit.gluedomain.io" = {    #####  on this line put a v at the beginning of snap logic ###
    subnet_name        = "VES-SUBNET-zUC1-INT-UNIT-SS-APP-VIP"
    vnet_name          = "VES-vNET-zUC1-INT-UNIT-SS"
    rg_name            = "VES-RG-zUC1-NPROD-SS-NETWORK-001"
    private_ip_address = "10.151.224.201"
    zones              = ["1", "2", "3"]
  }, 

}
tags = {AppSupportGroup = "NA",ApplicationName = "NA"}

}

######################################################################################### once we put a v on to the name of the front end IP it just wanted to add it

I also tried tried changing to a Z and it wanted to change the current then re add it as well Unfortunately i did not save the output from terraform

@nvolonakis49 It seems that you are using a terrafrom module. could you please share the module with me? the azurerm_lb resource would honor the order of frontend_ip_configuration of your config file. but the output looks like the frontend_ip_configuration blocks have been reordered by alphabetic. would your module cause such modification?

#####################################################

sorry I misunderstood

############## here is LB we are also seeing this in the external lb code is pretty much the same

Create Internal Load Balancer

resource "azurerm_lb" "tf-ilb" { name = var.ilb_name resource_group_name = var.rg_name location = var.location sku = "Standard" tags = var.tags

dynamic "frontend_ip_configuration" { for_each = var.frontend_ips

content {
  name                          = frontend_ip_configuration.key
  zones                         = frontend_ip_configuration.value.zones
  subnet_id                     = var.subscription_id == null ? data.azurerm_subnet.tf-subnet[frontend_ip_configuration.key].id : "/subscriptions/${var.subscription_id}/resourceGroups/${frontend_ip_configuration.value.rg_name}/providers/Microsoft.Network/virtualNetworks/${frontend_ip_configuration.value.vnet_name}/subnets/${frontend_ip_configuration.value.subnet_name}"
  private_ip_address            = frontend_ip_configuration.value.private_ip_address
  private_ip_address_allocation = "Static"
  private_ip_address_version    = "IPv4"
}

}

#############################################################

i found another instance of this issue i can share as well if you need it

@nvolonakis49 thanks. please share me with your another instance. and could you please make your syntax right so github render the content correctly. it's hard to read for the previous content in this thread.

##################################################################################### external_load_balancers = { VES-ELB-zUC1-001 = { rg_name = "VES-RG-zUC1-NetworkServices-001" location = "centralus" frontend_ips = { VES-PIP-ELB-zUC1-001 = { rg_name = "VES-RG-zUC1-NetworkServices-001" public_ip_name = "VES-PIP-ELB-zUC1-001" public_ip_rg_name = "VES-RG-zUC1-NetworkServices-001" }, ADC5-VIP-001 = { public_ip_name = "VES-PIP-ELB-zUC1-ADC5-VIP-001" public_ip_rg_name = "VES-RG-zUC1-NetworkServices-001" }, ADC5-VIP-002 = { public_ip_name = "VES-PIP-ELB-zUC1-ADC5-VIP-002" public_ip_rg_name = "VES-RG-zUC1-NetworkServices-001" }, ADC6-VIP-001 = { public_ip_name = "VES-PIP-ELB-zUC1-ADC6-VIP-001" public_ip_rg_name = "VES-RG-zUC1-NetworkServices-001" }, ADC6-VIP-002 = { public_ip_name = "VES-PIP-ELB-zUC1-ADC6-VIP-002" public_ip_rg_name = "VES-RG-zUC1-NetworkServices-001" }, VoyaNQ-PROD-VIP-001 = { public_ip_name = "VES-PIP-ELB-zUC1-VoyaNQ-PROD-VIP-001" public_ip_rg_name = "VES-RG-zUC1-NetworkServices-001" }, vns-pip-elb-zuc1-transit-untrust-prod-exc-vip-001 = { public_ip_name = "vns-pip-elb-zuc1-transit-untrust-prod-exc-vip-001" public_ip_rg_name = "VES-RG-zUC1-NetworkServices-001"
}, vns-pip-elb-zuc1-transit-untrust-prod-faxw-001 = { public_ip_name = "vns-pip-elb-zuc1-transit-untrust-prod-axw-001"
public_ip_rg_name = "VES-RG-zUC1-NetworkServices-001" }, } tags = {} }, ############################################################################### front end IP vns-pip-elb-zuc1-transit-untrust-prod-axw-001 had to be renamed to vns-pip-elb-zuc1-transit-untrust-prod-faxw-001

in order to not update vns-pip-elb-zuc1-transit-untrust-prod-exc-vip-001 then redo it

you understand it creates the frontend ip we want but in the process it updates an existing one and then recreates the one it over writes #################################################################

log from the plan \

  ~ frontend_ip_configuration {
        id                            = "/subscriptions/93e7b616-e6d3-46ce-b6cb-7e70296c7437/resourceGroups/VES-RG-zUC1-NetworkServices-001/providers/Microsoft.Network/loadBalancers/VES-ELB-zUC1-001/frontendIPConfigurations/vns-pip-elb-zuc1-transit-untrust-prod-exc-vip-001"
      ~ name                          = "vns-pip-elb-zuc1-transit-untrust-prod-exc-vip-001" -> "vns-pip-elb-zuc1-transit-untrust-prod-axw-001"
      ~ public_ip_address_id          = "/subscriptions/93e7b616-e6d3-46ce-b6cb-7e70296c7437/resourceGroups/VES-RG-zUC1-NetworkServices-001/providers/Microsoft.Network/publicIPAddresses/vns-pip-elb-zuc1-transit-untrust-prod-exc-vip-001" -> "/subscriptions/93e7b616-e6d3-46ce-b6cb-7e70296c7437/resourceGroups/VES-RG-zUC1-NetworkServices-001/providers/Microsoft.Network/publicIPAddresses/vns-pip-elb-zuc1-transit-untrust-prod-axw-001"
        # (5 unchanged attributes hidden)
    }
  ~ frontend_ip_configuration {
        id                            = "/subscriptions/93e7b616-e6d3-46ce-b6cb-7e70296c7437/resourceGroups/VES-RG-zUC1-NetworkServices-001/providers/Microsoft.Network/loadBalancers/VES-ELB-zUC1-001/frontendIPConfigurations/vns-pip-elb-zuc1-transit-untrust-prod-faxw-001"
      ~ name                          = "vns-pip-elb-zuc1-transit-untrust-prod-faxw-001" -> "vns-pip-elb-zuc1-transit-untrust-prod-exc-vip-001"
      ~ public_ip_address_id          = "/subscriptions/93e7b616-e6d3-46ce-b6cb-7e70296c7437/resourceGroups/VES-RG-zUC1-NetworkServices-001/providers/Microsoft.Network/publicIPAddresses/vns-pip-elb-zuc1-transit-untrust-prod-axw-001" -> "/subscriptions/93e7b616-e6d3-46ce-b6cb-7e70296c7437/resourceGroups/VES-RG-zUC1-NetworkServices-001/providers/Microsoft.Network/publicIPAddresses/vns-pip-elb-zuc1-transit-untrust-prod-exc-vip-001"
        # (5 unchanged attributes hidden)
    }
    # (6 unchanged blocks hidden)
}

data "azurerm_public_ip" "tf-elbip" { for_each = var.frontend_ips

name = each.value.public_ip_name resource_group_name = each.value.public_ip_rg_name }

Create External Load Balancer

resource "azurerm_lb" "tf-elb" { name = var.elb_name resource_group_name = var.rg_name location = var.location sku = "Standard" tags = var.tags