Azure Question posted in
The official documentation to get you started can be found here.

Azure – Automate express route circuit gateway based on express route circuit provision status

I want to create express route gateway based on express route circuit provision status using terraform . When express route circuit is created initial provider status will be unprovisioned. once it is provisioined in equinix portal this status changes to provisioned.To change this status, it would take few days,till then express route gateway need not be created as it a bit expensive resource.when i run pipeline, initially express route circuit will be created and it’s status will be unprovisioned, now in this state express route gateway creation should be skipped. When the status is changed to provisioned, I will run the pipeline , here it has to check the provision status only when changed to provisioned, express route gateway should be created .

 resource "azurerm_resource_group" "example-express-rg" {
  name     = "example-vnet-rg"
  location = "West Europe"
}

resource "azurerm_virtual_network" "vnettest" {
  name                = "example-vnet"
  address_space       = ["10.0.0.0/16"]
  location            = azurerm_resource_group.example-express-rg.location
  resource_group_name = azurerm_resource_group.example-express-rg.name
}

resource "azurerm_subnet" "gateway_subnet" {
  name                 = "GatewaySubnet"
  resource_group_name  = azurerm_resource_group.example-express-rg.name
  virtual_network_name = azurerm_virtual_network.vnettest.name
  address_prefixes     = ["10.0.1.0/24"]
}

resource "azurerm_public_ip" "publicip" {
  name                = "example-public-ip"
  location            = azurerm_resource_group.example-express-rg.location
  resource_group_name = azurerm_resource_group.example-express-rg.name
  allocation_method   = "Static"
  sku                 = "Standard"

}

resource "azurerm_resource_group" "expressrg" {
  name     = "exprtTest"
  location = "West Europe"
}
resource "azurerm_express_route_circuit" "expressr" {
  name                  = "expressRoute1"
  resource_group_name   = azurerm_resource_group.expressrg.name
  location              = azurerm_resource_group.expressrg.location
  service_provider_name = "Equinix"
  peering_location      = "Singapore"
  bandwidth_in_mbps     = 1000

  sku {
    tier   = "Standard"
    family = "MeteredData"
  }

  tags = {
    Purpose = "Resource"
    ResorceOwner ="CCTeam"
  }
}

# Data Source to Check the Status of the ExpressRoute Circuit
data "azurerm_express_route_circuit" "expressr_status" {
  name                = azurerm_express_route_circuit.expressr.name
  resource_group_name = azurerm_resource_group.expressrg.name
}
# Virtual Network Gateway (Create Conditionally)

resource "azurerm_virtual_network_gateway" "example" {
  depends_on = [azurerm_express_route_circuit.expressr]
  count               =data.azurerm_express_route_circuit.expressr_status.service_provider_provisioning_state == "Provisioned" ? 1 : 0
  name                = "testgw"
  location            = azurerm_resource_group.example-express-rg.location
  resource_group_name = azurerm_resource_group.example-express-rg.name
  type     = "ExpressRoute"
  vpn_type = "PolicyBased"
  sku           = "Standard"

  ip_configuration {
    name                          = "vnetGatewayConfig"
    public_ip_address_id          = azurerm_public_ip.publicip.id
    private_ip_address_allocation = "Dynamic"
    subnet_id                     = azurerm_subnet.gateway_subnet.id
  }
  
  tags = {
    Purpose = "Resource"
    ResorceOwner ="CCTeam"
  }
}

I tried using data block and condition but it results with error

Error: Invalid count argument

│ on main.tf line 75, in resource "azurerm_virtual_network_gateway" "example":
│ 75: count =data.azurerm_express_route_circuit.expressr_status.service_provider_provisioning_state == "Provisioned" ? 1 : 0

│ The "count" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how
│ many instances will be created. To work around this, use the -target argument to first apply only the resources that the
│ count depends on.

Please suggest me on this .

Tags:

2

Answers


  1. Chosen as BEST ANSWER
    0 
        data "azurerm_express_route_circuit" "expressr" {
  name                = azurerm_express_route_circuit.expressr.name
  resource_group_name = azurerm_resource_group.expressrg.name
}

output "provisioning_state" { 
  value = data.azurerm_express_route_circuit.expressr.service_provider_provisioning_state 
} 


locals {
  express_route_exists = try(data.azurerm_express_route_circuit.expressr.name != "", false)
 
  actual_provisioned_state = local.express_route_exists && try(data.azurerm_express_route_circuit.expressr.service_provider_provisioning_state == "Provisioned")
 
  create_gateway = var.provisioned_state == "Provisioned" || local.actual_provisioned_state =="Provisioned"
}

#Virtual Network Gateway (Create Conditionally)
variable "provisioned_state" {
  default = "NotProvisioned"
}

resource "azurerm_virtual_network_gateway" "example" {
  count = local.create_gateway ? 1 : 0 
  name                = "testgw"
  location            = azurerm_resource_group.example-express-rg.location
  resource_group_name = azurerm_resource_group.example-express-rg.name
  type                = "ExpressRoute"
  vpn_type            = "PolicyBased"
  sku                 = "Standard"

    This worked out in this scenario


  2. 0

    Automating express route circuit gateway based on express route circuit provision status using terraform

    The configuration you shared checks with the availability of provision state in the virtual network gateway which results in error as in present inside the configuration we may need the local exec to validate the state of the express route

    Since it will take some days to provision, I just mentioned the structural changes as per the requirement

    Demo Configuration:

    resource "azurerm_express_route_circuit" "expressr" {
  name                  = var.express_route_name
  resource_group_name   = azurerm_resource_group.expressrg.name
  location              = azurerm_resource_group.expressrg.location
  service_provider_name = "Equinix"
  peering_location      = "Silicon Valley"
  bandwidth_in_mbps     = 50

  sku {
    tier   = "Standard"
    family = "MeteredData"
  }
}


data "azurerm_express_route_circuit" "expressr_status" {
  name                = azurerm_express_route_circuit.expressr.name
  resource_group_name = azurerm_resource_group.expressrg.name
}


resource "null_resource" "check_provision_status" {
  provisioner "local-exec" {
    interpreter = ["pwsh", "-Command"]
    command = <<EOT
$status = "${data.azurerm_express_route_circuit.expressr_status.service_provider_provisioning_state}"
if ($status -ne "Provisioned") {
    Write-Output "ExpressRoute circuit is not provisioned. Skipping gateway creation."
    exit 1
} else {
    Write-Output "ExpressRoute circuit is provisioned. Proceeding with gateway creation."
    exit 0
}
EOT
  }

  triggers = {
    status = data.azurerm_express_route_circuit.expressr_status.service_provider_provisioning_state
  }
}

resource "azurerm_virtual_network_gateway" "example" {
  depends_on          = [null_resource.check_provision_status]
  name                = "tesvksgw"
  location            = azurerm_resource_group.example-express-rg.location
  resource_group_name = azurerm_resource_group.example-express-rg.name
  type                = "ExpressRoute"
  vpn_type            = "PolicyBased"
  sku                 = "Standard"

  ip_configuration {
    name                          = "vnetvkGatewayConfig"
    public_ip_address_id          = azurerm_public_ip.publicip.id
    private_ip_address_allocation = "Dynamic"
    subnet_id                     = azurerm_subnet.gateway_subnet.id
  }
}

    After provisioning the configuration, the output might look like this

    Deployment:

    enter image description here

    Here state was still showing as not provisioned because it was recently created, and we need to wait for the provision state to change from provider end

    If the resource was already provisioned and then null resource will validate the status of the resources and continue with the rest of the configuration.

    refer:

    https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource

    https://build5nines.com/terraform-deploy-azure-expressroute-circuit-with-vnet-gateway/

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search