'Creating Azure Front Door instance with TerraForm
Having trouble creating a Azure Front Door instance with Terraform. The setup should be pretty basic, but can not find out what is wrong.
Here is the terraform script
resource "azurerm_frontdoor" "b2cfrontdoor" {
name = "fd-adpb2c-westeurope-dev"
resource_group_name = azurerm_resource_group.b2c.name
enforce_backend_pools_certificate_name_check = true
routing_rule {
name = "routingrule"
accepted_protocols = ["Http", "Https"]
patterns_to_match = ["/*"]
frontend_endpoints = ["b2c-frontdoor-endpoint-dev"]
forwarding_configuration {
forwarding_protocol = "MatchRequest"
backend_pool_name = "b2-backend-pool-dev"
}
}
backend_pool_load_balancing {
name = "loadbalancingsettings"
}
backend_pool_health_probe {
name = "healthprobesettings"
enabled = false
probe_method = "HEAD"
}
backend_pool {
name = "b2-backend-pool-dev"
backend {
host_header = "xyz.b2clogin.com"
address = "xyz.b2clogin.com"
http_port = 80
https_port = 443
}
load_balancing_name = "loadbalancingsettings"
health_probe_name = "healthprobesettings"
}
frontend_endpoint {
name = "b2c-frontdoor-endpoint-dev"
host_name = "b2c-frontdoor-endpoint-dev.azurefd.net"
session_affinity_enabled = false
session_affinity_ttl_seconds = 0
}
}
The error message returned is
Error: creating Front Door "fd-adpb2c-westeurope-dev" (Resource Group "rg-adpb2c-westeurope-dev"): frontdoor.FrontDoorsClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="BadRequest" Message="The frontend endpoint zone \"\" must only be used in the default CNAME entry."
on resource_frontdoor.tf line 1, in resource "azurerm_frontdoor" "b2cfrontdoor":
1: resource "azurerm_frontdoor" "b2cfrontdoor" {
Did some sniffing on the request sende to Azure and found a PUT request to
with this payload
{
"location": "Global",
"properties": {
"backendPools": [
{
"id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/backendPools/b2-backend-pool-dev",
"name": "b2-backend-pool-dev",
"properties": {
"backends": [
{
"address": "xyz.b2clogin.com",
"backendHostHeader": "xyz.b2clogin.com",
"enabledState": "Enabled",
"httpPort": 80,
"httpsPort": 443,
"priority": 1,
"weight": 50
}
],
"loadBalancingSettings": {
"id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/loadBalancingSettings/loadbalancingsettings"
},
"healthProbeSettings": {
"id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/healthProbeSettings/healthprobesettings"
}
}
}
],
"backendPoolsSettings": {
"enforceCertificateNameCheck": "Disabled",
"sendRecvTimeoutSeconds": 60
},
"enabledState": "Enabled",
"friendlyName": "",
"frontendEndpoints": [
{
"id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/frontendEndpoints/b2-frontdoor-endpoint-dev",
"name": "b2-frontdoor-endpoint-dev",
"properties": {
"hostName": "b2-frontdoor-endpoint-dev.azurefd.net",
"sessionAffinityEnabledState": "Disabled",
"sessionAffinityTtlSeconds": 0
}
}
],
"healthProbeSettings": [
{
"id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/healthProbeSettings/healthprobesettings",
"name": "healthprobesettings",
"properties": {
"path": "/",
"protocol": "Http",
"intervalInSeconds": 120,
"healthProbeMethod": "GET",
"enabledState": "Disabled"
}
}
],
"loadBalancingSettings": [
{
"id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/loadBalancingSettings/loadbalancingsettings",
"name": "loadbalancingsettings",
"properties": {
"sampleSize": 4,
"successfulSamplesRequired": 2,
"additionalLatencyMilliseconds": 0
}
}
],
"routingRules": [
{
"id": "",
"name": "routingrule",
"properties": {
"frontendEndpoints": [
{
"id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/frontendEndpoints/b2-frontdoor-endpoint-dev"
}
],
"acceptedProtocols": [
"Http",
"Https"
],
"patternsToMatch": [
"/*"
],
"enabledState": "Enabled",
"routeConfiguration": {
"@odata.type": "#Microsoft.Azure.FrontDoor.Models.FrontdoorForwardingConfiguration",
"backendPool": {
"id": "/subscriptions/*********************************/resourceGroups/rg-adpb2c-westeurope-dev/providers/Microsoft.Network/frontDoors/fd-adpb2c-westeurope-dev/backendPools/b2-backend-pool-dev"
},
"forwardingProtocol": "MatchRequest"
}
}
}
]
},
"tags": {}
}
and the response is
{
"error": {
"code": "BadRequest",
"message": "The frontend endpoint zone \"\" must only be used in the default CNAME entry."
}
}
The TerraForm version is 0.14.10 and the azurerm version is v2.56.0
Anyone knows about this problem?
Thanks
Solution 1:[1]
Found out what was wrong (also indicated by Jim Xu). The name of the resource ("azurerm_frontdoor" "b2cfrontdoor") and the name of the frontend_endpoint must be the same. When createing a Front Door instance in the Azure Portal you are not asked for name, The Front Door instance get it's name from the name of the frontend.
resource "azurerm_frontdoor" "b2cfrontdoor" {
name = "b2c-frontdoor-endpoint-dev"
resource_group_name = azurerm_resource_group.b2c.name
enforce_backend_pools_certificate_name_check = true
routing_rule {
name = "routingrule"
accepted_protocols = ["Http", "Https"]
patterns_to_match = ["/*"]
frontend_endpoints = ["b2c-frontdoor-endpoint-dev"]
forwarding_configuration {
forwarding_protocol = "MatchRequest"
backend_pool_name = "b2-backend-pool-dev"
}
}
backend_pool_load_balancing {
name = "loadbalancingsettings"
}
backend_pool_health_probe {
name = "healthprobesettings"
enabled = false
probe_method = "HEAD"
}
backend_pool {
name = "b2-backend-pool-dev"
backend {
host_header = "xyz.b2clogin.com"
address = "xyz.b2clogin.com"
http_port = 80
https_port = 443
}
load_balancing_name = "loadbalancingsettings"
health_probe_name = "healthprobesettings"
}
frontend_endpoint {
name = "b2c-frontdoor-endpoint-dev"
host_name = "b2c-frontdoor-endpoint-dev.azurefd.net"
session_affinity_enabled = false
session_affinity_ttl_seconds = 0
}
}
Solution 2:[2]
Regarding the issue, please refer to the following steps
resource "azurerm_frontdoor" "b2cfrontdoor" {
name = "b2c-frontdoor-endpoint-dev"
resource_group_name = azurerm_resource_group.b2c.name
enforce_backend_pools_certificate_name_check = true
routing_rule {
name = "routingrule"
accepted_protocols = ["Http", "Https"]
patterns_to_match = ["/*"]
frontend_endpoints = ["b2c-frontdoor-endpoint-dev"]
forwarding_configuration {
forwarding_protocol = "MatchRequest"
backend_pool_name = "b2-backend-pool-dev"
}
}
backend_pool_load_balancing {
name = "loadbalancingsettings"
}
backend_pool_health_probe {
name = "healthprobesettings"
}
backend_pool {
name = "b2-backend-pool-dev"
backend {
host_header = "test.b2clogin.com"
address = "test.b2clogin.com"
http_port = 80
https_port = 443
}
load_balancing_name = "loadbalancingsettings"
health_probe_name = "healthprobesettings"
}
frontend_endpoint {
name = "b2c-frontdoor-endpoint-dev"
host_name = "b2c-frontdoor-endpoint-dev.azurefd.net"
session_affinity_enabled = false
session_affinity_ttl_seconds = 0
}
}
Solution 3:[3]
The accepted answer is not quite correct. The actual requirement is that the subdomain of the frontend endpoint must match the name provided for the front door instance. The name of the frontend endpoint can be entirely unrelated to the name of the front door instance.
$frontDoorName = "matters"
$frontendEndpoint = New-AzFrontDoorFrontendEndpointObject -Name "irrelevant" -HostName "$frontDoorName.azurefd.net"
$frontDoor = New-AzFrontDoor `
-ResourceGroupName $resourceGroupName `
-Name $frontDoorName `
-RoutingRule $routingRule `
-FrontendEndpoint $frontendEndpoint `
-BackendPool $backendPool `
-LoadBalancingSetting $loadBalancingSetting `
-HealthProbeSetting $healthProbeSetting
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
| Solution | Source |
|---|---|
| Solution 1 | |
| Solution 2 | Jim Xu |
| Solution 3 | David Peden |