Azure application Gateway terraform

0
votes

I have a big question that I cannot find solution or explanation to it.

I found this diagram online regarding the implementation of an application gateway.

so I tried to make a replica of it using terraform, but than something hit me up and start raising questions and I couldn't find solution to it.

this is the diagramenter image description here

with terraform I have no problem to create the MainRG the VNET and GWSubnet but I was wondering, how is possible that inside the MainRG there is the AZSubnet which contains another RG this makes it a nested RG inside the MainRG. Is this an error?

Another question and problem I came across, is how to I assign a app service to a subnet?

here is the code I implemented so far:

app.tf

resource "azurerm_app_service_plan" "ASP-hri-prd-app-service" {
  location            = var.app-service-loc
  name                = "ASP-hri-prd-app-service"
  resource_group_name = azurerm_resource_group.rg-hri-eur-app-service.name
  sku {
    size = "S1"
    tier = "Standard"
  }
}

resource "azurerm_app_service" "hri-prd-eur-app-testing" {
  app_service_plan_id = azurerm_app_service_plan.ASP-hri-prd-app-service.id
  location            = var.app-service-loc
  name                = "hri-prd-eur-app-testing"
  resource_group_name = azurerm_resource_group.rg-hri-eur-app-service.name
}

applicationGateway.tf

resource "azurerm_resource_group" "rg-hri-prd-eur-app-gate" {
  location = var.location
  name     = "rg-hri-prd-eur-app-gate"
}

resource "azurerm_resource_group" "rg-hri-eur-app-service" {
  location = var.app-service-loc
  name     = "app-service-testing"
}

locals {
  backend_address_pool_name      = "${azurerm_virtual_network.hri-prd-VNET.name}-beap"
  frontend_port_name             = "${azurerm_virtual_network.hri-prd-VNET.name}-feport"
  frontend_ip_configuration_name = "${azurerm_virtual_network.hri-prd-VNET.name}-feip"
  http_setting_name              = "${azurerm_virtual_network.hri-prd-VNET.name}-be-htst"
  listener_name                  = "${azurerm_virtual_network.hri-prd-VNET.name}-httplstn"
  request_routing_rule_name      = "${azurerm_virtual_network.hri-prd-VNET.name}-rqrt"
  redirect_configuration_name    = "${azurerm_virtual_network.hri-prd-VNET.name}-rdrcfg"
}

resource "azurerm_application_gateway" "network" {
  name                = "example-appgateway"
  resource_group_name = "${azurerm_resource_group.rg-hri-prd-eur-app-gate.name}"
  location            = "${azurerm_resource_group.rg-hri-prd-eur-app-gate.location}"

  sku {
    name     = "Standard_Small"
    tier     = "Standard"
    capacity = 2
  }

  gateway_ip_configuration {
    name      = "my-gateway-ip-configuration"
    subnet_id = "${azurerm_subnet.hri-prd-app-gate.id}"
  }

  frontend_port {
    name = "${local.frontend_port_name}"
    port = 80
  }

  frontend_ip_configuration {
    name                 = "${local.frontend_ip_configuration_name}"
    public_ip_address_id = "${azurerm_public_ip.hri-prd-gate-pip.id}"
  }

  backend_address_pool {
    name = "${local.backend_address_pool_name}"
  }

  backend_http_settings {
    name                  = "${local.http_setting_name}"
    cookie_based_affinity = "Disabled"
    path         = "/path1/"
    port                  = 80
    protocol              = "Http"
    request_timeout       = 1
  }

  http_listener {
    name                           = "${local.listener_name}"
    frontend_ip_configuration_name = "${local.frontend_ip_configuration_name}"
    frontend_port_name             = "${local.frontend_port_name}"
    protocol                       = "Http"
  }

  request_routing_rule {
    name                        = "${local.request_routing_rule_name}"
    rule_type                   = "Basic"
    http_listener_name          = "${local.listener_name}"
    backend_address_pool_name   = "${local.backend_address_pool_name}"
    backend_http_settings_name  = "${local.http_setting_name}"
  }
}

network.tf

resource "azurerm_virtual_network" "hri-prd-VNET" {
  address_space       = ["10.1.0.0/16"]
  location            = var.location
  name                = "hri-prd-VNET"
  resource_group_name = azurerm_resource_group.rg-hri-prd-eur-app-gate.name
}

resource "azurerm_subnet" "hri-prd-app-gate" {
  name                 = "hri-prd-app-gateway-subnet"
  resource_group_name  = azurerm_resource_group.rg-hri-prd-eur-app-gate.name
  virtual_network_name = azurerm_virtual_network.hri-prd-VNET.name
  address_prefixes     = ["10.1.0.0/24"]
}

resource "azurerm_public_ip" "hri-prd-gate-pip" {
  allocation_method   = "Dynamic"
  location            = var.location
  name                = "hri-prd-gate-pip"
  resource_group_name = azurerm_resource_group.rg-hri-prd-eur-app-gate.name
}

I have 2 resource groups, one for the application gateway and one for the app service.

But still I don't understand how to make the app service resource group in a subnet of the application gateway resource group.

1
azureterraformterraform-provider-azure

1 Answers

0
votes

You raised multiple questions.

  • It is not possible to have nested resource groups in Azure(RG inside the MainRG). It seems to be a misspelling in your picture

https://feedback.azure.com/forums/281804-azure-resource-manager/suggestions/8618338-nested-resource-groups

  • To assign app service to a subnet you should first create VNET with a subnet, then create App Service and attach it to subnet by using Terraform resource azurerm_app_service_virtual_network_swift_connection

https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service_virtual_network_swift_connection

resource "azurerm_resource_group" "example" {
  name     = "example-resources"
  location = "West Europe"
}

resource "azurerm_virtual_network" "example" {
  name                = "example-virtual-network"
  address_space       = ["10.0.0.0/16"]
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
}

resource "azurerm_subnet" "example" {
  name                 = "example-subnet"
  resource_group_name  = azurerm_resource_group.example.name
  virtual_network_name = azurerm_virtual_network.example.name
  address_prefixes     = ["10.0.1.0/24"]
  delegation {
    name = "example-delegation"
    service_delegation {
      name    = "Microsoft.Web/serverFarms"
      actions = ["Microsoft.Network/virtualNetworks/subnets/action"]
    }
  }
}

resource "azurerm_app_service_plan" "example" {
  name                = "example-app-service-plan"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  sku {
    tier = "Standard"
    size = "S1"
  }
}

resource "azurerm_app_service" "example" {
  name                = "example-app-service"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  app_service_plan_id = azurerm_app_service_plan.example.id
}

resource "azurerm_app_service_virtual_network_swift_connection" "example" {
  app_service_id = azurerm_app_service.example.id
  subnet_id      = azurerm_subnet.example.id
}