Azure - Terraform plan output shows recreating existing configuration / resources

SagarHiremath
February 2, 2023
185 views
0 votes
2 Answers

I’m currently getting a strange issue. I have a Application Gateway deployed via terraform. If I try to add port 443 in both front end and backend end, the terraform plan shows it will delete the frontend and backend for port 80 and then recreate port 80 again along with the addition of 443.

~ resource "azurerm_application_gateway" "xyz" {
        id                                = "xyz"
        name                              = "xyz"
        tags                              = {
            "BusinessUnit"   = "ehs"
            "LineOfBusiness" = "corp"
        }
        # (8 unchanged attributes hidden)

      - backend_http_settings {
          - cookie_based_affinity               = "Disabled" -> null
          - id                                  = "xyz" -> null
          - name                                = "xyz" -> null
          - path                                = "/path1/" -> null
          - pick_host_name_from_backend_address = false -> null
          - port                                = 80 -> null
          - protocol                            = "Http" -> null
          - request_timeout                     = 60 -> null
          - trusted_root_certificate_names      = [] -> null
        }
      + backend_http_settings {
          + cookie_based_affinity               = "Disabled"
          + host_name                           = "xyz"
          + id                                  = (known after apply)
          + name                                = "xyz"
          + path                                = "/path1/"
          + pick_host_name_from_backend_address = false
          + port                                = 443
          + probe_id                            = (known after apply)
          + protocol                            = "Https"
          + request_timeout                     = 60
          + trusted_root_certificate_names      = [
              + "irmscer",
            ]
        }
      + backend_http_settings {
          + cookie_based_affinity               = "Disabled"
          + id                                  = "xyz"
          + name                                = "xyz"
          + path                                = "/path1/"
          + pick_host_name_from_backend_address = false
          + port                                = 80
          + protocol                            = "Http"
          + request_timeout                     = 60
          + trusted_root_certificate_names      = []
        }

      + frontend_port {
          + id   = (known after apply)
          + name = "xyz"
          + port = 443
        }

How to get around this issue? I’m not pointing the terraform to use an specific version

This is the terraform backend

terraform {
  backend "azurerm" {
    storage_account_name = "xyz"
    resource_group_name  = "xyz"
    container_name       = "appgw"
    tenant_id            = "xyz"
    subscription_id      = "xyz"
    key                  = "xyz"
  }
}

provider "azurerm" {
  features {}
}

Answers

- sureshg
- February 2, 2023 at 8:54 am
- 0 votes
0
It is not re-creating entire application gateway. It is re-creating the settings with port 80 and 443 which is normal. This is normal behavior and not an issue. May be, the Terraform addresses these kind of issues in future versions.

Login or Signup to reply.

backend_http_settings protocol will not listen on port 443 and port doesn’t support for backend pools.

As a result, you cannot change the port for the backend, and the only supported one is 80.

And for front end configuration, if you want to add any existing listener port to the previous port 80, you must add one more frontend port block so that it will consider two ports and listen to the specific port that we provide.

Add frontend_port as shown:

 frontend_port{
    name = local.frontend_port_name_new
    port = 443
}

Firstly, Deployed application_gateway with listener Port 80:

I’ve written below script by following terraform registry template and made a few changes as per your requirement and was able to update the port changes successfully.

provider "azurerm"{
features{}
}

resource "azurerm_resource_group" "example" {
  name     = "xxxresources"
  location = "West Europe"
}

resource "azurerm_virtual_network" "example" {
  name                = "xxxnetwork"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
  address_space       = xxxx
}

resource "azurerm_subnet" "frontend" {
  name                 = "frontend"
  resource_group_name  = azurerm_resource_group.example.name
  virtual_network_name = azurerm_virtual_network.example.name
  address_prefixes     = xxxx
}

resource "azurerm_subnet" "backend" {
  name                 = "backend"
  resource_group_name  = azurerm_resource_group.example.name
  virtual_network_name = azurerm_virtual_network.example.name
  address_prefixes     = xxx
}

resource "azurerm_public_ip" "example" {
  name                = "xxxx"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location
  allocation_method   = "Dynamic"
}

# since these variables are re-used - a locals block makes this more maintainable
locals {
  backend_address_pool_name      = "${azurerm_virtual_network.example.name}-beapname"
  frontend_port_name             = "${azurerm_virtual_network.example.name}-fendport"
  frontend_port_name_new         = "${azurerm_virtual_network.example.name}-feportnew"
  frontend_ip_configuration_name = "${azurerm_virtual_network.example.name}-fconfig"
  http_setting_name              = "${azurerm_virtual_network.example.name}-htstname"
  listener_name                  = "${azurerm_virtual_network.example.name}-httplisten"
  request_routing_rule_name      = "${azurerm_virtual_network.example.name}-rt"
  redirect_configuration_name    = "${azurerm_virtual_network.example.name}-rcfg"
}

resource "azurerm_application_gateway" "network" {
  name                = "xxxxappgateway"
  resource_group_name = azurerm_resource_group.example.name
  location            = azurerm_resource_group.example.location

  sku {
    name     = "Standard_Small"
    tier     = "Standard"
    capacity = 2
  }

  gateway_ip_configuration {
    name      = "my-gateway-ip-configuration"
    subnet_id = azurerm_subnet.frontend.id
  }

  frontend_port {
    name = local.frontend_port_name
    port = 80
  }
  frontend_port{
    name = local.frontend_port_name_new
    port = 443
}

  frontend_ip_configuration {
    name                 = local.frontend_ip_configuration_name
    public_ip_address_id = azurerm_public_ip.example.id
  }

  backend_address_pool {
    name = local.backend_address_pool_name
  }

  backend_http_settings {
    name                  = local.http_setting_name
    cookie_based_affinity = "Disabled"
    path                  = "/path1/"
    port                  = 80
    protocol              = "Http"
    request_timeout       = 60
  }

  http_listener {
    name                           = local.listener_name
    frontend_ip_configuration_name = local.frontend_ip_configuration_name
    frontend_port_name             = local.frontend_port_name
    protocol                       = "Http"
  }

  request_routing_rule {
    name                       = local.request_routing_rule_name
    rule_type                  = "Basic"
    http_listener_name         = local.listener_name
    backend_address_pool_name  = local.backend_address_pool_name
    backend_http_settings_name = local.http_setting_name
  }
}

terraform init:

After updating the port terraform plan showed output as below:

terraform apply:

Changes deployed successfully and you can track the change analysisby going to the Activity Log under deployed application_gateway resource:

Please signup or login to give your own answer.

Click here to cancel reply.

Azure – Terraform plan output shows recreating existing configuration / resources

Answers