1

I have below Terraform code. I need to identify which value to be given for a specific subresource_names in private end point connection for logic app workflow. I am new to Terraform.

locals {
  app_service_name = "appserviceswathi"
  sku_sizes = {
    small   = "WS1"
    medium  = "WS2"
    premium = "WS3"
  }
}
data "azurerm_resource_group" "rg1" {
  name = var.resource_group_name
}
data "azurerm_resource_group" "rg2" {
  name = var.vnet_rg
}

data "azurerm_subnet" "integration_subnet_name" {
  name                 = var.subnet_name
  resource_group_name  = data.azurerm_resource_group.rg2.name
  virtual_network_name = var.vnet_name
}

data "azurerm_subnet" "private_endpoint_subnet_name" {
  name                 = var.app_service_private_endpoint_subnet_name
  resource_group_name  = data.azurerm_resource_group.rg2.name
  virtual_network_name = var.vnet_name
}

data "azurerm_storage_account" "storage_account" {
   name                = var.storage_account_name
  resource_group_name = data.azurerm_resource_group.rg1.name
}
resource "azurerm_app_service_plan" "service_plan" {
  count               = var.app_service_plan_name == "" ? 1 : 0
  name                = "${local.app_service_name}asp"
  location            = var.location
  resource_group_name = data.azurerm_resource_group.rg1.name
  kind                = "elastic"
  sku {
    tier = "WorkflowStandard"
    size = local.sku_sizes[var.size]
  }
}
module "storage_account" {
  source = "./dfs_storage"
  count  = var.storage_account_name == "" ? 1 : 0
  key_vault_is_required        = false
  lock_resource                = false
  fileshare_is_required        = true
  queue_is_required            = true
  table_is_required            = true
  dfs_subnet                   = var.subnet_name
  hns                          = false
  network_rules_default_action = "Deny"

 }
 

resource "azurerm_storage_share" "logicApp" {
  name                 = "${local.app_service_name}-content"
  storage_account_name = var.storage_account_name

  quota = 1024

  depends_on = [
       data.azurerm_storage_account.storage_account
  ]
}

resource "azurerm_logic_app_workflow" "logic_app" {
  name                = local.app_service_name
  location            = var.location
  resource_group_name = data.azurerm_resource_group.rg1.name
  identity {
    type = "SystemAssigned"
  }
}

resource "azurerm_private_endpoint" "endpoint" {
  name                = "${local.app_service_name}pe"
  location            = var.location
  resource_group_name = var.resource_group_name
  subnet_id           = data.azurerm_subnet.private_endpoint_subnet_name.id
  tags                = {}
  private_service_connection {
    name                           = "${local.app_service_name}psc"
    is_manual_connection           = false
    private_connection_resource_id = azurerm_logic_app_workflow.logic_app.id
    subresource_names              = ["workflow"]
  }
   lifecycle {
    ignore_changes = [
      network_interface,
      subnet_id,
      
    ]
  }
}

Error:

Error: creating Private Endpoint (Subscription: "" │ Resource Group Name: "" │ Private Endpoint Name: ""): performing CreateOrUpdate: unexpected status 400 with error: InvalidPrivateLinkServiceIdType: Private link service Id /subscriptions//resourceGroups//providers/Microsoft.Logic/workflows/ has an invalid resource type. Permitted type(s): Microsoft.DocumentDB/databaseAccounts, Microsoft.Sql/servers, Microsoft.Network/privateLinkServices, Microsoft.Web/sites, Microsoft.Web/hostingEnvironments, Microsoft.Storage/storageAccounts, Microsoft.DBforPostgreSQL/servers, Microsoft.DBforMySQL/servers, Microsoft.DBforMariaDB/servers, Microsoft.KeyVault/vaults, Microsoft.Synapse/workspaces, Microsoft.AppConfiguration/configurationStores, Microsoft.Search/searchServices, Microsoft.ContainerService/managedClusters, Microsoft.Attestation/attestationProviders, Microsoft.Devices/IotHubs, Microsoft.Cache/Redis, Microsoft.SignalRService/SignalR, Microsoft.MachineLearningServices/workspaces, Microsoft.Batch/batchAccounts, Microsoft.ContainerRegistry/registries, Microsoft.RecoveryServices/vaults, Microsoft.EventGrid/topics, Microsoft.EventGrid/domains, Microsoft.EventHub/namespaces, Microsoft.ServiceBus/namespaces, Microsoft.Relay/namespaces, Microsoft.StorageSync/storageSyncServices, Microsoft.HealthcareApis/services, Microsoft.Automation/automationAccounts, Microsoft.Insights/privateLinkScopes, Microsoft.CognitiveServices/accounts, Microsoft.Compute/diskAccesses, Microsoft.Network/applicationgateways, Microsoft.Media/mediaservices, Microsoft.Databricks/workspaces, Microsoft.Sql/managedInstances, Microsoft.Migrate/assessmentProjects, Microsoft.Migrate/migrateProjects, Microsoft.DataFactory/factories, Microsoft.Authorization/resourceManagementPrivateLinks, Microsoft.Devices/ProvisioningServices, Microsoft.Synapse/privateLinkHubs, Microsoft.PowerBI/privateLinkServicesForPowerBI, Microsoft.Cache/redisEnterprise, Microsoft.HybridCompute/privateLinkScopes, Microsoft.OffAzure/mastersites, Microsoft.TimeSeriesInsights/environments, Microsoft.DigitalTwins/digitalTwinsInstances, Microsoft.Keyvault/managedHSMs, Microsoft.Kusto/clusters, Microsoft.Purview/accounts, Microsoft.Web/staticSites, Microsoft.SignalRService/webPubSub, Microsoft.DeviceUpdate/accounts, Microsoft.DBforPostgreSQL/serverGroupsv2, Microsoft.HealthcareApis/workspaces, Microsoft.ApiManagement/service, Microsoft.HDInsight/clusters, Microsoft.DesktopVirtualization/hostpools, Microsoft.DesktopVirtualization/workspaces, Microsoft.Media/videoanalyzers, Microsoft.IoTCentral/IoTApps, Microsoft.EventGrid/partnerNamespaces, Microsoft.BotService/botServices, Microsoft.AgFoodPlatform/farmBeats, Microsoft.OpenEnergyPlatform/energyServices, Microsoft.Dashboard/grafana, Microsoft.DBforMySQL/flexibleServers, Microsoft.MachineLearningServices/registries, Microsoft.DBforPostgreSQL/flexibleServers, Microsoft.HardwareSecurityModules/cloudHsmClusters, Microsoft.Monitor/accounts, Microsoft.EventGrid/namespaces, Microsoft.ElasticSan/elasticSans.

Improve this question

1 Answer 1

Reset to default
2

This is resolved. The error you're encountering suggests that the provided private_connection_resource_id for your Logic App workflow is not of a valid resource type for a private link service. The permitted resource types for private link services do not include Logic App workflows according to the error message.

In your case, you've specified the subresource name as "workflow" in the subresource_names parameter, but it seems that Logic App workflows are not supported as private link services.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.