0

I'm trying to script creation of an Azure API Management having a Private Endpoint within a VNET Subnet.

I'm able to create it manually no problem in Azure Portal, but can't quite figure out the terraform script.

The VNET and Subnet are created in a separate process, so they are not in the Terraform script but for the API Management piece I have:

resource "azurerm_api_management" "app" {
  location = var.the_location
  resource_group_name = "${var.the_resource_group}"
  name = "${var.the_prefix}-api-mgmt"
  publisher_email = var.api_mgmt_publisher_email
  publisher_name = var.api_mgmt_publisher_name
  sku_name = "${var.api_mgmt_sku}_1"
  tags = var.resource_tags }

resource "azurerm_private_endpoint" "endpoint" {
 name                = "${var.the_prefix}-api-privateendpoint"
 location            = var.the_location
 resource_group_name = var.the_resource_group
 subnet_id           = var.subnetId
 tags = var.resource_tags

 private_service_connection {
    name                           = "api-privateserviceconnection"
    private_connection_resource_id = azurerm_api_management.app.id
    is_manual_connection           = false
    subresource_names              = [] }}

The var.subnetId is the full id of the subnet ie.

/subscriptions/{subscriptionId}/resourceGroups/OpenEHR/providers/Microsoft.Network/virtualNetworks/OpenEHR-VNET/subnets/API-Subnet

The error I get is

Error: creating Private Endpoint "i365sabppdsdevtb-api-privateendpoint" (Resource Group "i365-uks-ehsabppds-devtb-rg"): network.PrivateEndpointsClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="MissingParameterOnPrivateLinkServiceConnection" Message="Private link service connection /subscriptions/8cb2b2d3-9411-46e4-926d-22d6378349bc/resourceGroups/i365-uks-ehsabppds-devtb-rg/providers/Microsoft.Network/privateEndpoints/i365sabppdsdevtb-api-privateendpoint/privateLinkServiceConnections/api-privateserviceconnection is missing required parameter 'group Id'." Details=[]

I think the error is something to so with subresource_names but I can't work out what to put in there.

I tried [ "sites" ] but then I get the error:

│ Error: creating Private Endpoint "i365sabppdsdevtb-api-privateendpoint" (Resource Group "i365-uks-ehsabppds-devtb-rg"): network.PrivateEndpointsClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="PrivateEndpointBadRequest" Message="Call to Microsoft.ApiManagement/service failed. Error message: The Request has invalid groupId sites." Details=[]

Any ideas, much appreciated.

Thanks.

Improve this question
2
  • Try giving subresource_name as "sites" Commented Nov 16, 2022 at 19:08
  • I tried that I get this error: Error: creating Private Endpoint "i365sabppdsdevtb-api-privateendpoint" (Resource Group "i365-uks-ehsabppds-devtb-rg"): network.PrivateEndpointsClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="PrivateEndpointBadRequest" Message="Call to Microsoft.ApiManagement/service failed. Error message: The Request has invalid groupId sites." Details=[] Commented Nov 17, 2022 at 11:19

1 Answer 1

Reset to default
1

Issue was caused because of the private service connection resource id and sub resource names. Please use below configuration

private_connection_resource_id  =  azurerm_api_management.app.id
subresource_names  =  ["Gateway"]

Find below code snippets for references

Step1: Copy below code from main tf file.

provider "azurerm" {
 features {}
 }
variable "prefix" {
  default = "rg_swar"
}

resource "azurerm_resource_group" "example" {
  name     = "rg_swar-resources"
  location = "West Europe"
}

resource "azurerm_virtual_network" "example" {
  name                = "example-network"
  address_space       = ["10.0.0.0/16"]
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
}

resource "azurerm_subnet" "service" {
  name                 = "service"
  resource_group_name  = azurerm_resource_group.example.name
  virtual_network_name = azurerm_virtual_network.example.name
  address_prefixes     = ["10.0.1.0/24"]

  enforce_private_link_service_network_policies = true
}

resource "azurerm_subnet" "endpoint" {
  name                 = "endpoint"
  resource_group_name  = azurerm_resource_group.example.name
  virtual_network_name = azurerm_virtual_network.example.name
  address_prefixes     = ["10.0.2.0/24"]

  enforce_private_link_endpoint_network_policies = true
}

resource "azurerm_public_ip" "example" {
  name                = "example-pip"
  sku                 = "Standard"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  allocation_method   = "Static"
}

resource "azurerm_lb" "example" {
  name                = "example-lb"
  sku                 = "Standard"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name

  frontend_ip_configuration {
    name                 = azurerm_public_ip.example.name
    public_ip_address_id = azurerm_public_ip.example.id
  }
}

resource "azurerm_private_link_service" "example" {
  name                = "example-privatelink"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name

  nat_ip_configuration {
    name      = azurerm_public_ip.example.name
    primary   = true
    subnet_id = azurerm_subnet.service.id
  }

  load_balancer_frontend_ip_configuration_ids = [
    azurerm_lb.example.frontend_ip_configuration.0.id,
  ]
}

resource "azurerm_api_management" "app" {
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  name = "swar-api-mgmt"
  publisher_email = "[email protected]"
  publisher_name = "Swarna Demo"
  sku_name = "Developer_1"
  //tags = var.resource_tags 
  }
  resource "azurerm_private_endpoint" "example" {
  name                = "example-endpoint"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  subnet_id           = azurerm_subnet.endpoint.id

  private_service_connection {
    name                           = "example-privateserviceconnection"
   //private_connection_resource_id = azurerm_private_link_service.example.id
    private_connection_resource_id = azurerm_api_management.app.id
    subresource_names              = ["Gateway"]
    is_manual_connection           = false
  }
}

Step2: run below commands

terraform plan 
terraform apply -auto-approve

Review: Above code snippet will host the services into Azure Portal.

enter image description here

enter image description here

Hope this helps!

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.