'Why does Azure Front Door route fail when deployed using ARM but works when created in portal?

When I create a route to an App Service in Azure Front Door using the portal it works fine. When I deploy the same route from an ARM template (using Bicep) it fails with the Our services aren't available right now - We're working to restore all services as soon as possible error. If I replace it manually in the portal, it works again. The exported template in both scenarios is identical:

{
    "type": "Microsoft.Cdn/profiles/afdEndpoints/routes",
    "apiVersion": "2021-06-01",
    "name": "[concat(parameters('profiles_xxxxxxxxx_dev_name'), '/api-dev-xxxxxxxxx-net/core-testingsvc')]",
    "dependsOn": [
        "[resourceId('Microsoft.Cdn/profiles/afdEndpoints', parameters('profiles_xxxxxxxxx_dev_name'), 'api-dev-xxxxxxxxx-net')]",
        "[resourceId('Microsoft.Cdn/profiles', parameters('profiles_xxxxxxxxx_dev_name'))]",
        "[resourceId('Microsoft.Cdn/profiles/customdomains', parameters('profiles_xxxxxxxxx_dev_name'), 'api-dev-xxxxxxxxx-net')]",
        "[resourceId('Microsoft.Cdn/profiles/originGroups', parameters('profiles_xxxxxxxxx_dev_name'), 'core-testingsvc-westeurope')]"
    ],
    "properties": {
        "customDomains": [
            {
                "id": "[resourceId('Microsoft.Cdn/profiles/customdomains', parameters('profiles_xxxxxxxxx_dev_name'), 'api-dev-xxxxxxxxx-net')]"
            }
        ],
        "originGroup": {
            "id": "[resourceId('Microsoft.Cdn/profiles/originGroups', parameters('profiles_xxxxxxxxx_dev_name'), 'core-testingsvc-westeurope')]"
        },
        "ruleSets": [],
        "supportedProtocols": [
            "Http",
            "Https"
        ],
        "patternsToMatch": [
            "/testing",
            "/testing/",
            "/testing/*"
        ],
        "forwardingProtocol": "MatchRequest",
        "linkToDefaultDomain": "Disabled",
        "httpsRedirect": "Enabled",
        "enabledState": "Enabled"
    }
}

When the Front Door route fails, the app service is working when using the default URL, so it's not a problem with the app service. What's going on?

The Bicep module is here:

resource route  'Microsoft.Cdn/profiles/afdEndpoints/routes@2021-06-01' = {
  name: '${stackName}-${serviceName}'
  parent: endpoint
  properties: {
    customDomains: [
      {
        id: customDomain.id
      }
    ]
    originGroup: {
      id: originGroupId
    }
    ruleSets: []
    supportedProtocols: [
      'Http'
      'Https'
    ]
    patternsToMatch: patternsToMatch
    forwardingProtocol: 'MatchRequest'
    linkToDefaultDomain: 'Disabled'
    httpsRedirect: 'Enabled'
    enabledState: 'Enabled'
  }
}

Update 2022-03-21
The template-created route starts working by simply disabling and re-enabling it manually in the portal.

azurearm-templateazure-front-doorazure-bicep


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions