I need some help in setting up some Azure infrastructure in Terraform. I have app service A which is in vnetA in subnetA, and app service B in vnetB and subnetB. AppA, vnetA, and subnetA were created manually a long time ago, and B resources I have created myself in Terraform. I have added a virtual network peering between the two vnets, but when calling appB from appA I still get 403.
resource "azurerm_subnet" "subnetB" {
name = "subnetB"
resource_group_name = "rgB"
virtual_network_name = "vnetB"
address_prefixes = [cidrsubnet(azurerm_virtual_network.vnetB.address_space[0], 2, 1)]
delegation {
name = "appServiceDelegation"
service_delegation {
name = "Microsoft.Web/serverFarms"
actions = ["Microsoft.Network/virtualNetworks/subnets/action"]
}
}
service_endpoints = ["Microsoft.Web"]
}
What am I missing?
I have gone through similar questions, in subnetB I have added both app service delegation and service endpoints as was advised (here) but this did not fix the issue.
Update: I have verified that the address spaces of these vnets do not overlap (as this is one of the possible reasons for the failure to establish vnet peering).
After a lot of tweaking of my Terraform code for service B (thank you Vinay B) I have found the reason I was getting 403. When I went to the Networking section of function B and looked into Inbound traffic configuration, in the list of Site access and rules, I saw this warning
and when hovering over the warning sign, I was getting this: So, it turns out that the subnet A (which I didn't manage via Terraform) did not have Microsoft.Web endpoint set up. When I added the endpoint manually, I finally started getting 200 responses.