Bug Report : custom_settings_by_resource_type failling to apply with azurerm_public_ip-connectitity_vpn on second PIP (pip2) #940
Comments
|
Just to be complete, here is the error message you get in ukwest with pip SKU/Tier set to Standard/Regional and pip2 Basic/Regional. │ Error: Creating/Updating Virtual Network Gateway: (Name "alz-vpngw-ukwest" / Resource Group "alz-connectivity-ukwest"): network.VirtualNetworkGatewaysClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="ActiveActiveGatewayPublicIPAddressesDiffersInSkuOrZones" Message="Virtual network gateway /subscriptions/6e8f4ab8-cba8-411f-b72a-f6f15694690a/resourceGroups/alz-connectivity-ukwest/providers/Microsoft.Network/virtualNetworkGateways/alz-vpngw-ukwest in active active mode is using PublicIPAddresses either with different Skus or with different PublicIPAllocationMethod or from a different availability zones. Networking does not support using resources from multiple zones. Networking also does not support using both regional resources and zonal resources." Details=[] |
Community Note
Versions
terraform: 1.8.1
azure provider: 3.101.0
module: 5.2.1
Description
I apply successfully workaround for Basic SKU for public ip address deprecation for VPN gateway (#920) using custom settings shared below and I am now able to deploy vpngateway in uksouth in AZ enabled configuration successfully with zone enabled standard static IP for pip and pip2 on my vpngateway.
When I try to apply the same workaround to deploy vpngateay in ukwest (aka non zone enabled), the custom_settings_by_resource_type is applying the workaround only on the primary IP address (aka pip). The secondary IP address (pip2) remains configured with Basic SKU which result in a failed VPN deployment.
Describe the bug
ALZ custom_settings_by_resource_type configuration below fail to apply configuaration on second PIP when deploying VPN gateway in non zone enabled region. This results failed deployment of VPN Gateway in non zone enabled region.
advanced = {
custom_settings_by_resource_type = {
azurerm_public_ip = {
connectivity_vpn = {
ukwest = {
sku = "Standard"
allocation_method = "Static"
},
uksouth = {
sku = "Standard"
allocation_method = "Static"
}
}
}
}
Steps to Reproduce
Screenshots
Successful deployment of custom_settings_by_resource_type for pip used in VPN gateway in AZ enabled zone (uksouth)
module.enterprise_scale.azurerm_public_ip.connectivity["/subscriptions/6e8f4ab8-cba8-411f-b72a-f6f15694690a/resourceGroups/alz-connectivity-uksouth/providers/Microsoft.Network/publicIPAddresses/alz-vpngw-uksouth-pip"] will be created
}
]
}
module.enterprise_scale.azurerm_public_ip.connectivity["/subscriptions/6e8f4ab8-cba8-411f-b72a-f6f15694690a/resourceGroups/alz-connectivity-uksouth/providers/Microsoft.Network/publicIPAddresses/alz-vpngw-uksouth-pip2"] will be created
}
]
}
Failing deployment of custom_settings_by_resource_type for pip used in VPN gateway in a non AZ enabled zone (ukwest)
module.enterprise_scale.azurerm_public_ip.connectivity["/subscriptions/6e8f4ab8-cba8-411f-b72a-f6f15694690a/resourceGroups/alz-connectivity-ukwest/providers/Microsoft.Network/publicIPAddresses/alz-vpngw-ukwest-pip"] will be created
}
}
module.enterprise_scale.azurerm_public_ip.connectivity["/subscriptions/6e8f4ab8-cba8-411f-b72a-f6f15694690a/resourceGroups/alz-connectivity-ukwest/providers/Microsoft.Network/publicIPAddresses/alz-vpngw-ukwest-pip2"] will be created
+ sku = "Basic"
}
}
Additional context
The text was updated successfully, but these errors were encountered: