azurerm_virtual_network_peering issue with vnet

Is there an existing issue for this?

[X] I have searched the existing issues

Community Note

Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.2.2

AzureRM Provider Version

3.69.0

Affected Resource(s)/Data Source(s)

azurerm_virtual_network_peering

Terraform Configuration Files

# RESOURCE GROUP #
resource "azurerm_resource_group" "test" {
  name     = "${var.user_name}-${var.prefix}"
  location = var.location
  tags = {
    RunStatus = "NOSTOP"
    NOSTOP_REASON = "Autoscale_automation"
    NOSTOP_EXPECTED_END_DATE  = "12/31/2020"
    StoreStatus = "DND"
    Office = "HQ"
    UserID = var.user_name
    CreateDate = timestamp()
  }
}

# VIRTUAL NET #
resource "azurerm_virtual_network" "hubVnet1" {
  name                = "hubVnet1-${var.user_name}-${var.prefix}"
  address_space       = ["10.0.0.0/16"]
  location            = var.location
  resource_group_name = azurerm_resource_group.test.name
}

# VIRTUAL NET #
resource "azurerm_virtual_network" "Spoke1vnet" {
  name                = "Spoke1vnet-${var.user_name}-${var.prefix}"
  address_space       = ["10.2.0.0/16"]
  location            = var.location
  resource_group_name = azurerm_resource_group.test.name
}

# VIRTUAL NET #
resource "azurerm_virtual_network" "Spoke2vnet" {
  name                = "Spoke2vnet-${var.user_name}-${var.prefix}"
  address_space       = ["10.3.0.0/16"]
  location            = var.location
  resource_group_name = azurerm_resource_group.test.name
}

# VIRTUAL NET FOR INBOUND #
resource "azurerm_virtual_network" "Spoke3vnet" {
  name                = "Spoke3vnet-${var.user_name}-${var.prefix}"
  address_space       = ["10.4.0.0/16"]
  location            = var.location
  resource_group_name = azurerm_resource_group.test.name
}

# VIRTUAL NET FOR NON-RFC #
resource "azurerm_virtual_network" "non-rfc-vnet" {
  count               = var.non_rfc ? 1 : 0
  name                = "non-rfc-vnet-${var.user_name}-${var.prefix}"
  address_space       = ["30.0.0.0/16"]
  location            = var.location
  resource_group_name = azurerm_resource_group.test.name
}

resource "azurerm_subnet" "subnet1" {
  name                 = "subnet1-hubVnet1-${var.user_name}-${var.prefix}"
  resource_group_name  = azurerm_resource_group.test.name
  virtual_network_name = azurerm_virtual_network.hubVnet1.name
  address_prefixes      = ["10.0.0.0/24"]
  delegation {
    name = "subnet1"
    service_delegation {
      name = "PaloAltoNetworks.Cloudngfw/firewalls"
      actions = [
        "Microsoft.Network/virtualNetworks/subnets/join/action",
      ]
    }
  }
}

# SUBNETS #
resource "azurerm_subnet" "subnet2" {
  name                 = "subnet2-hubVnet1-${var.user_name}-${var.prefix}"
  resource_group_name  = azurerm_resource_group.test.name
  virtual_network_name = azurerm_virtual_network.hubVnet1.name
  address_prefixes      = ["10.0.1.0/24"]
  delegation {
    name = "subnet2"
    service_delegation {
      name = "PaloAltoNetworks.Cloudngfw/firewalls"
      actions = [
        "Microsoft.Network/virtualNetworks/subnets/join/action",
      ]
    }
  }
}

resource "azurerm_subnet" "spoke1" {
  name                 = "spoke1-Spoke1vnet-${var.user_name}-${var.prefix}"
  resource_group_name  = azurerm_resource_group.test.name
  virtual_network_name = azurerm_virtual_network.Spoke1vnet.name
  address_prefixes      = ["10.2.0.0/24"]
}

resource "azurerm_subnet" "spoke2" {
  name                 = "spoke2-Spoke2vnet-${var.user_name}-${var.prefix}"
  resource_group_name  = azurerm_resource_group.test.name
  virtual_network_name = azurerm_virtual_network.Spoke2vnet.name
  address_prefixes      = ["10.3.0.0/24"]
}

resource "azurerm_subnet" "spoke3" {
  name                 = "spoke3-Spoke3vnet-${var.user_name}-${var.prefix}"
  resource_group_name  = azurerm_resource_group.test.name
  virtual_network_name = azurerm_virtual_network.Spoke3vnet.name
  address_prefixes      = ["10.4.0.0/24"]
}

resource "azurerm_subnet" "non-rfc" {
  count               = var.non_rfc ? 1 : 0
  name                 = "non-rfc-subnet-${var.user_name}-${var.prefix}"
  resource_group_name  = azurerm_resource_group.test.name
  virtual_network_name = azurerm_virtual_network.non-rfc-vnet[count.index].name
  address_prefixes      = ["30.0.0.0/24"]
}

# PUBLIC IPs #
resource "azurerm_public_ip" "Spoke1PublicIP" {
  count               = var.traffic_instances_per_spoke_vnet
  name                = "Spoke1PublicIP-${var.user_name}-${var.prefix}-${count.index}"
  location            = var.location
  resource_group_name = azurerm_resource_group.test.name
  allocation_method   = "Static"
  domain_name_label   = "spoke1publicip-${var.user_name}-${var.prefix}-${count.index}"
}

# PUBLIC IPs #
resource "azurerm_public_ip" "Spoke2PublicIP" {
  count               = var.traffic_instances_per_spoke_vnet
  name                = "Spoke2PublicIP-${var.user_name}-${var.prefix}-${count.index}"
  location            = var.location
  resource_group_name = azurerm_resource_group.test.name
  allocation_method   = "Static"
  domain_name_label   = "spoke2publicip-${var.user_name}-${var.prefix}-${count.index}"
}

# PUBLIC IPs #
resource "azurerm_public_ip" "Spoke3PublicIP" {
  count               = 1
  name                = "Spoke3PublicIP-${var.user_name}-${var.prefix}-${count.index}"
  location            = var.location
  resource_group_name = azurerm_resource_group.test.name
  allocation_method   = "Static"
  domain_name_label   = "spoke3publicip-${var.user_name}-${var.prefix}-${count.index}"
}

# PUBLIC IPs #
resource "azurerm_public_ip" "non-rfc-PublicIP" {
  count               = var.non_rfc ? 1 : 0
  name                = "non-rfc-PublicIP-${var.user_name}-${var.prefix}-${count.index}"
  location            = var.location
  resource_group_name = azurerm_resource_group.test.name
  allocation_method   = "Static"
  domain_name_label   = "non-rfc-publicip-${var.user_name}-${var.prefix}-${count.index}"
}

# PUBLIC IPs #
resource "azurerm_public_ip" "publicip" {
  count               = var.hub_public_ip_count
  name                = "publicip-${var.user_name}-${var.prefix}-${count.index}"
  location            = var.location
  resource_group_name = azurerm_resource_group.test.name
  allocation_method   = "Static"
  sku                 = "Standard"
  domain_name_label   = "publicip-${var.user_name}-${var.prefix}-${count.index}"
}

# Create INTERFACES #
resource "azurerm_network_interface" "Spoke1StandardNic" {
  count                     = var.traffic_instances_per_spoke_vnet
  name                      = "Spoke1StandardNic-${var.user_name}-${var.prefix}-${count.index}"
  location                  = var.location
  resource_group_name       = azurerm_resource_group.test.name
  depends_on = [
    azurerm_virtual_network.Spoke1vnet,
    azurerm_public_ip.Spoke1PublicIP,
  ]
  ip_configuration {
    name                          = "ipConfig1-${var.user_name}-${var.prefix}-${count.index}"
    subnet_id                     = azurerm_subnet.spoke1.id
    private_ip_address_allocation = "Dynamic"
    #private_ip_address            = "10.2.0.4"
    public_ip_address_id          = azurerm_public_ip.Spoke1PublicIP[count.index].id
  }
}

# Create INTERFACES #
resource "azurerm_network_interface" "Spoke2StandardNic" {
  count                     = var.traffic_instances_per_spoke_vnet
  name                      = "Spoke2StandardNic-${var.user_name}-${var.prefix}-${count.index}"
  location                  = var.location
  resource_group_name       = azurerm_resource_group.test.name
  depends_on = [
    azurerm_virtual_network.Spoke2vnet,
    azurerm_public_ip.Spoke2PublicIP,
  ]
  ip_configuration {
    name                          = "ipConfig2-${var.user_name}-${var.prefix}-${count.index}"
    subnet_id                     = azurerm_subnet.spoke2.id
    private_ip_address_allocation = "Dynamic"
    #private_ip_address           = "10.3.0.4"
    public_ip_address_id          = azurerm_public_ip.Spoke2PublicIP[count.index].id
  }
}

# Create INTERFACES #
resource "azurerm_network_interface" "Spoke3StandardNic" {
  count                     = 1
  name                      = "Spoke3StandardNic-${var.user_name}-${var.prefix}-${count.index}"
  location                  = var.location
  resource_group_name       = azurerm_resource_group.test.name
  depends_on = [
    azurerm_virtual_network.Spoke3vnet,
    azurerm_public_ip.Spoke3PublicIP,
  ]
  ip_configuration {
    name                          = "ipConfig3-${var.user_name}-${var.prefix}-${count.index}"
    subnet_id                     = azurerm_subnet.spoke3.id
    private_ip_address_allocation = "Dynamic"
    #private_ip_address           = "10.4.0.4"
    public_ip_address_id          = azurerm_public_ip.Spoke3PublicIP[count.index].id
  }
}

# Create INTERFACES #
resource "azurerm_network_interface" "NonRFCNic" {
  count                     = var.non_rfc ? 1 : 0
  name                      = "NonRFCNic-${var.user_name}-${var.prefix}-${count.index}"
  location                  = var.location
  resource_group_name       = azurerm_resource_group.test.name
  depends_on = [
    azurerm_virtual_network.non-rfc-vnet,
    azurerm_public_ip.non-rfc-PublicIP,
  ]
  ip_configuration {
    name                          = "nonrfcipConfig-${var.user_name}-${var.prefix}-${count.index}"
    subnet_id                     = azurerm_subnet.non-rfc[count.index].id
    private_ip_address_allocation = "Dynamic"
    #private_ip_address           = "10.4.0.4"
    public_ip_address_id          = azurerm_public_ip.non-rfc-PublicIP[count.index].id
  }
}

resource "azurerm_subnet_network_security_group_association" "spoke1" {
  subnet_id                 = azurerm_subnet.spoke1.id
  network_security_group_id = azurerm_network_security_group.nsg1.id
}

resource "azurerm_subnet_network_security_group_association" "spoke2" {
  subnet_id                 = azurerm_subnet.spoke2.id
  network_security_group_id = azurerm_network_security_group.nsg1.id
}

resource "azurerm_subnet_network_security_group_association" "spoke3" {
  subnet_id                 = azurerm_subnet.spoke3.id
  network_security_group_id = azurerm_network_security_group.nsg1.id
}

resource "azurerm_subnet_network_security_group_association" "non-rfc" {
  count                     = var.non_rfc ? 1 : 0
  subnet_id                 = azurerm_subnet.non-rfc[count.index].id
  network_security_group_id = azurerm_network_security_group.nsg1.id
}

resource "azurerm_subnet_network_security_group_association" "hub_trust" {
  subnet_id                 = azurerm_subnet.subnet2.id
  network_security_group_id = azurerm_network_security_group.hub_trust_nsg.id
}

resource "azurerm_subnet_network_security_group_association" "hub_untrust" {
  subnet_id                 = azurerm_subnet.subnet1.id
  network_security_group_id = azurerm_network_security_group.hub_untrust_nsg.id
}

resource "azurerm_route_table" "hub-trust-rtb" {
  name                          = "hub-trust-rtb-${var.user_name}-${var.prefix}"
  location                      = azurerm_resource_group.test.location
  resource_group_name           = azurerm_resource_group.test.name
  disable_bgp_route_propagation = false
  tags = {
    environment = "Production"
  }
}

resource "azurerm_subnet_route_table_association" "hub-trust-rtb" {
  subnet_id      = azurerm_subnet.subnet2.id
  route_table_id = azurerm_route_table.hub-trust-rtb.id
}

resource "azurerm_route_table" "spoke1-rtb" {
  name                          = "spoke1-rtb-${var.user_name}-${var.prefix}"
  location                      = azurerm_resource_group.test.location
  resource_group_name           = azurerm_resource_group.test.name
  disable_bgp_route_propagation = false
  tags = {
    environment = "Production"
  }
}

resource "azurerm_subnet_route_table_association" "spoke1-rtb" {
  subnet_id      = azurerm_subnet.spoke1.id
  route_table_id = azurerm_route_table.spoke1-rtb.id
}

resource "azurerm_route_table" "spoke2-rtb" {
  name                          = "spoke2-rtb-${var.user_name}-${var.prefix}"
  location                      = azurerm_resource_group.test.location
  resource_group_name           = azurerm_resource_group.test.name
  disable_bgp_route_propagation = false
  tags = {
    environment = "Production"
  }
}
resource "azurerm_subnet_route_table_association" "spoke2-rtb" {
  subnet_id      = azurerm_subnet.spoke2.id
  route_table_id = azurerm_route_table.spoke2-rtb.id
}

resource "azurerm_route_table" "spoke3-rtb" {
  name                          = "spoke3-rtb-${var.user_name}-${var.prefix}"
  location                      = azurerm_resource_group.test.location
  resource_group_name           = azurerm_resource_group.test.name
  disable_bgp_route_propagation = false
  tags = {
    environment = "Production"
  }
}
resource "azurerm_subnet_route_table_association" "spoke3-rtb" {
  subnet_id      = azurerm_subnet.spoke3.id
  route_table_id = azurerm_route_table.spoke3-rtb.id
}

resource "azurerm_route_table" "non-rfc-rtb" {
  count                         = var.non_rfc ? 1 : 0
  name                          = "non-rfc-rtb-${var.user_name}-${var.prefix}"
  location                      = azurerm_resource_group.test.location
  resource_group_name           = azurerm_resource_group.test.name
  disable_bgp_route_propagation = false
  tags = {
    environment = "Production"
  }
}
resource "azurerm_subnet_route_table_association" "non-rfc-rtb" {
  count          = var.non_rfc ? 1 : 0
  subnet_id      = azurerm_subnet.non-rfc[count.index].id
  route_table_id = azurerm_route_table.non-rfc-rtb[count.index].id
}

# Azure Virtual Network peering between Virtual Network Hub and Spoke1
resource "azurerm_virtual_network_peering" "Hub_to_spoke1" {
  name                         = "peer-vnet-Hub-with-spoke1-${var.user_name}-${var.prefix}"
  resource_group_name          = azurerm_resource_group.test.name
  virtual_network_name         = azurerm_virtual_network.hubVnet1.name
  remote_virtual_network_id    = azurerm_virtual_network.Spoke1vnet.id
  allow_virtual_network_access = true
  allow_forwarded_traffic = true
  allow_gateway_transit =  false
  use_remote_gateways = false
}

# Azure Virtual Network peering between Virtual Network Hub and Spoke2
resource "azurerm_virtual_network_peering" "Hub_to_spoke2" {
  name                         = "peer-vnet-Hub-with-spoke2-${var.user_name}-${var.prefix}"
  resource_group_name          = azurerm_resource_group.test.name
  virtual_network_name         = azurerm_virtual_network.hubVnet1.name
  remote_virtual_network_id    = azurerm_virtual_network.Spoke2vnet.id
  allow_virtual_network_access = true
  allow_forwarded_traffic = true
  allow_gateway_transit =  false
  use_remote_gateways = false
}

# Azure Virtual Network peering between Virtual Network Spoke2 and Hub
resource "azurerm_virtual_network_peering" "spoke2_to_hub" {
  name                         = "peer-vnet-spoke2-with-hub-${var.user_name}-${var.prefix}"
  resource_group_name          = azurerm_resource_group.test.name
  virtual_network_name         = azurerm_virtual_network.Spoke2vnet.name
  remote_virtual_network_id    = azurerm_virtual_network.hubVnet1.id
  allow_virtual_network_access = true
  allow_forwarded_traffic = true
  allow_gateway_transit =  false
  use_remote_gateways = false
}

# Azure Virtual Network peering between Virtual Network Spoke1 and Hub
resource "azurerm_virtual_network_peering" "spoke1_to_hub" {
  name                         = "peer-vnet-spoke1-with-hub-${var.user_name}-${var.prefix}"
  resource_group_name          = azurerm_resource_group.test.name
  virtual_network_name         = azurerm_virtual_network.Spoke1vnet.name
  remote_virtual_network_id    = azurerm_virtual_network.hubVnet1.id
  allow_virtual_network_access = true
  allow_forwarded_traffic = true
  allow_gateway_transit =  false
  use_remote_gateways = false
}

# Azure Virtual Network Peering between Virtual Network Hub and non-rfc
resource "azurerm_virtual_network_peering" "Hub_to_non-rfc" {
  count                         = var.non_rfc ? 1 : 0
  name                         = "peer-vnet-Hub-with-non-rfc-${var.user_name}-${var.prefix}"
  resource_group_name          = azurerm_resource_group.test.name
  virtual_network_name         = azurerm_virtual_network.hubVnet1.name
  remote_virtual_network_id    = azurerm_virtual_network.non-rfc-vnet[count.index].id
  allow_virtual_network_access = true
  allow_forwarded_traffic = true
  allow_gateway_transit =  false
  use_remote_gateways = false
}

# Azure Virtual Network peering between Virtual Network Spoke1 and Hub
resource "azurerm_virtual_network_peering" "non-rfc_to_hub" {
  count                         = var.non_rfc ? 1 : 0
  name                         = "peer-vnet-non-rfc-with-hub-${var.user_name}-${var.prefix}"
  resource_group_name          = azurerm_resource_group.test.name
  virtual_network_name         = azurerm_virtual_network.non-rfc-vnet[count.index].name
  remote_virtual_network_id    = azurerm_virtual_network.hubVnet1.id
  allow_virtual_network_access = true
  allow_forwarded_traffic = true
  allow_gateway_transit =  false
  use_remote_gateways = false
}

Debug Output/Panic Output

https://gist.github.com/shankar-bala/186fee5ba056e736ca454d3e3d11a1bd

Expected Behaviour

vnet peering should get created successfully

Actual Behaviour

vnet peering failing because the vnet is reported as not in succeeded state

Steps to Reproduce

terraform plan terraform apply

Important Factoids

No response

References