0

I have a big question that I cannot find solution or explanation to it.

I found this diagram online regarding the implementation of an application gateway.

so I tried to make a replica of it using terraform, but than something hit me up and start raising questions and I couldn't find solution to it.

this is the diagramenter image description here

with terraform I have no problem to create the MainRG the VNET and GWSubnet but I was wondering, how is possible that inside the MainRG there is the AZSubnet which contains another RG this makes it a nested RG inside the MainRG. Is this an error?

Another question and problem I came across, is how to I assign a app service to a subnet?

here is the code I implemented so far:

app.tf

resource "azurerm_app_service_plan" "ASP-hri-prd-app-service" {
  location            = var.app-service-loc
  name                = "ASP-hri-prd-app-service"
  resource_group_name = azurerm_resource_group.rg-hri-eur-app-service.name
  sku {
    size = "S1"
    tier = "Standard"
  }
}

resource "azurerm_app_service" "hri-prd-eur-app-testing" {
  app_service_plan_id = azurerm_app_service_plan.ASP-hri-prd-app-service.id
  location            = var.app-service-loc
  name                = "hri-prd-eur-app-testing"
  resource_group_name = azurerm_resource_group.rg-hri-eur-app-service.name
}

applicationGateway.tf

resource "azurerm_resource_group" "rg-hri-prd-eur-app-gate" {
  location = var.location
  name     = "rg-hri-prd-eur-app-gate"
}

resource "azurerm_resource_group" "rg-hri-eur-app-service" {
  location = var.app-service-loc
  name     = "app-service-testing"
}

locals {
  backend_address_pool_name      = "${azurerm_virtual_network.hri-prd-VNET.name}-beap"
  frontend_port_name             = "${azurerm_virtual_network.hri-prd-VNET.name}-feport"
  frontend_ip_configuration_name = "${azurerm_virtual_network.hri-prd-VNET.name}-feip"
  http_setting_name              = "${azurerm_virtual_network.hri-prd-VNET.name}-be-htst"
  listener_name                  = "${azurerm_virtual_network.hri-prd-VNET.name}-httplstn"
  request_routing_rule_name      = "${azurerm_virtual_network.hri-prd-VNET.name}-rqrt"
  redirect_configuration_name    = "${azurerm_virtual_network.hri-prd-VNET.name}-rdrcfg"
}

resource "azurerm_application_gateway" "network" {
  name                = "example-appgateway"
  resource_group_name = "${azurerm_resource_group.rg-hri-prd-eur-app-gate.name}"
  location            = "${azurerm_resource_group.rg-hri-prd-eur-app-gate.location}"

  sku {
    name     = "Standard_Small"
    tier     = "Standard"
    capacity = 2
  }

  gateway_ip_configuration {
    name      = "my-gateway-ip-configuration"
    subnet_id = "${azurerm_subnet.hri-prd-app-gate.id}"
  }

  frontend_port {
    name = "${local.frontend_port_name}"
    port = 80
  }

  frontend_ip_configuration {
    name                 = "${local.frontend_ip_configuration_name}"
    public_ip_address_id = "${azurerm_public_ip.hri-prd-gate-pip.id}"
  }

  backend_address_pool {
    name = "${local.backend_address_pool_name}"
  }

  backend_http_settings {
    name                  = "${local.http_setting_name}"
    cookie_based_affinity = "Disabled"
    path         = "/path1/"
    port                  = 80
    protocol              = "Http"
    request_timeout       = 1
  }

  http_listener {
    name                           = "${local.listener_name}"
    frontend_ip_configuration_name = "${local.frontend_ip_configuration_name}"
    frontend_port_name             = "${local.frontend_port_name}"
    protocol                       = "Http"
  }

  request_routing_rule {
    name                        = "${local.request_routing_rule_name}"
    rule_type                   = "Basic"
    http_listener_name          = "${local.listener_name}"
    backend_address_pool_name   = "${local.backend_address_pool_name}"
    backend_http_settings_name  = "${local.http_setting_name}"
  }
}

network.tf

resource "azurerm_virtual_network" "hri-prd-VNET" {
  address_space       = ["10.1.0.0/16"]
  location            = var.location
  name                = "hri-prd-VNET"
  resource_group_name = azurerm_resource_group.rg-hri-prd-eur-app-gate.name
}

resource "azurerm_subnet" "hri-prd-app-gate" {
  name                 = "hri-prd-app-gateway-subnet"
  resource_group_name  = azurerm_resource_group.rg-hri-prd-eur-app-gate.name
  virtual_network_name = azurerm_virtual_network.hri-prd-VNET.name
  address_prefixes     = ["10.1.0.0/24"]
}

resource "azurerm_public_ip" "hri-prd-gate-pip" {
  allocation_method   = "Dynamic"
  location            = var.location
  name                = "hri-prd-gate-pip"
  resource_group_name = azurerm_resource_group.rg-hri-prd-eur-app-gate.name
}

I have 2 resource groups, one for the application gateway and one for the app service.

But still I don't understand how to make the app service resource group in a subnet of the application gateway resource group.

Improve this question
1
  • did the solution given to you with regards to the app service work for you? As I have the same problem and I am using the example code from Terraform and have tried the azurerm_app_service_virtual_network_swift_connection and its not worked I cant make traffic go through to the web app Commented Jul 31, 2023 at 13:30

1 Answer 1

Reset to default
0

You raised multiple questions.

  • It is not possible to have nested resource groups in Azure(RG inside the MainRG). It seems to be a misspelling in your picture

https://feedback.azure.com/forums/281804-azure-resource-manager/suggestions/8618338-nested-resource-groups

  • To assign app service to a subnet you should first create VNET with a subnet, then create App Service and attach it to subnet by using Terraform resource azurerm_app_service_virtual_network_swift_connection

https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/app_service_virtual_network_swift_connection

resource "azurerm_resource_group" "example" {
  name     = "example-resources"
  location = "West Europe"
}

resource "azurerm_virtual_network" "example" {
  name                = "example-virtual-network"
  address_space       = ["10.0.0.0/16"]
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
}

resource "azurerm_subnet" "example" {
  name                 = "example-subnet"
  resource_group_name  = azurerm_resource_group.example.name
  virtual_network_name = azurerm_virtual_network.example.name
  address_prefixes     = ["10.0.1.0/24"]
  delegation {
    name = "example-delegation"
    service_delegation {
      name    = "Microsoft.Web/serverFarms"
      actions = ["Microsoft.Network/virtualNetworks/subnets/action"]
    }
  }
}

resource "azurerm_app_service_plan" "example" {
  name                = "example-app-service-plan"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  sku {
    tier = "Standard"
    size = "S1"
  }
}

resource "azurerm_app_service" "example" {
  name                = "example-app-service"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  app_service_plan_id = azurerm_app_service_plan.example.id
}

resource "azurerm_app_service_virtual_network_swift_connection" "example" {
  app_service_id = azurerm_app_service.example.id
  subnet_id      = azurerm_subnet.example.id
}
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.