0

I am trying to set up a custom domain for Azure front door. This is what I am doing:

  • I have an Azure DNS setup (sofad.com) for the domain (and already configured)
  • I have an instance of Azure Front Door (sofad-fd) created. I want to route all trafic coming to the Azure DNS for the apex domain sofad.com to be routed to Azure Front Door.

In the portal I am able to manually create an A (alias) record and select the Azure front door. But I want to do this via Azure cli running in an Azure DevOps pipeline.

I am running in two issues:

  1. The Azure CLI cannot find the Front Door
#1) ADDING A (ALIAS) TO AZUR DNS

echo "Retrieving Resource ID for Front Door: $FRONT_DOOR_NAME in resource group: $RESOURCE_GROUP..."
FRONT_DOOR_RESOURCE_ID=$(az network front-door show \
  --resource-group "$RESOURCE_GROUP" \
  --name "$FRONT_DOOR_NAME" \
  --query "id" -o tsv)

# Step 2: Check if Resource ID was retrieved successfully
if [ -z "$FRONT_DOOR_RESOURCE_ID" ]; then
  echo "Error: Could not retrieve Resource ID for Front Door: $FRONT_DOOR_NAME in resource group: $RESOURCE_GROUP."
  exit 1
fi

echo "Front Door Resource ID: $FRONT_DOOR_RESOURCE_ID"

az network dns record-set a create \
  --resource-group $RESOURCE_GROUP \
  --zone-name $APEX_DOMAIN \
  --name "@" \
  --target-resource-id $FRONT_DOOR_RESOURCE_ID \
  --ttl 3600

The command az network front-door show returns null

and 2) Even if I hardcode the resource id like this:

#1) ADDING A (ALIAS) TO AZURE DNS with hardcoded --target-resource-id
az network dns record-set a create \
  --resource-group $RESOURCE_GROUP \
  --zone-name $APEX_DOMAIN \
  --name "@" \
  --target-resource-id /subscriptions/<some subs id>/resourceGroups/dev-app1-rg/providers/Microsoft.Cdn/profiles/sofad-fd \
  --ttl 3600

With resource id that I pick up from the Azuer Portal, the command fails with ERROR: unrecognized arguments: --target-resource-id /subscriptions/...

I am a bit stuck and cannot move forward with my pipeline. Thanks

Improve this question

1 Answer 1

Reset to default
0

The --target-resourcevalue is expecting an AFD endpoint resource ID, not a Front Door and CDN profile resource ID.

The AFD endpoint resource ID should be in the following format:

"/subscriptions/sub_ID/resourceGroups/Venkat-RG/providers/Microsoft.Cdn/profiles/Venkat-RG/afdendpoints/venkat-FD"

enter image description here

You can obtain the AFD endpoint resource ID.

 az afd endpoint show -g "Venkat-RG" --profile-name "Venkat-RG"  --endpoint-name venkat-FD --query "id"  -o tsv

enter image description here

Here is the full script to create an A alias record in the DNS zone:

    #!/bin/bash
    RESOURCE_GROUP="Venkat-RG"
    PROFILE_NAME="Venkat-RG"
    ENDPOINT_NAME="venkat-FD"
    ZONE_NAME="sample.com"
    RECORD_NAME="@"
    TTL=60
    
    
    ENDPOINT_ID=$(az afd endpoint show \
      -g "$RESOURCE_GROUP" \
      --profile-name "$PROFILE_NAME" \
      --endpoint-name "$ENDPOINT_NAME" \
      --query "id" \
      -o tsv)
      
    if [ -z "$ENDPOINT_ID" ]; then
      echo "Error: Could not retrieve the Endpoint ID. Please check if the endpoint exists."
      exit 1
    fi
    echo "Retrieved Endpoint ID: $ENDPOINT_ID"
    
     az network dns record-set a create \
      --resource-group "$RESOURCE_GROUP" \
      --zone-name "$ZONE_NAME" \
      --name "$RECORD_NAME" \
      --ttl "$TTL" \
      --target-resource "$ENDPOINT_ID"
    
    echo "DNS A record has been created for $RECORD_NAME in $ZONE_NAME with target resource $ENDPOINT_ID"

Output

enter image description here

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I was to get this to work. However I have issues with domain dns validation fo the apex and routing. (stackoverflow.com/questions/79634309/…) Thanks

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.