Gets error on azure terraform code: given server does not support private endpoint feature. pls create a new server that is private endpoint capable
While trying to create a PostgreSQL flexible Server with private endpoint using terraform v3.97.1, i am getting below error
Error: creating Private Endpoint (Subscription: "xxxxxxxxxxxxxxxxxxxxxxxxxxxx"
│ Resource Group Name: "psql-tst-buck-rg"
│ Private Endpoint Name: "peppsql-db-tst"): performing CreateOrUpdate: unexpected status 400 (400 Bad Request) with error: : Call to Microsoft.DBforPostgreSQL/flexibleServers failed. Error message: The given server psql-db-tst does not support private endpoint feature. Please create a new server that is private endpoint capable. Refer to https://aka.ms/pgflex-pepreview for more details.
│
│ with azurerm_private_endpoint.peppsql-db-tst,
│ on main.tf line 96, in resource "azurerm_private_endpoint" "peppsql-db-tst":
│ 96: resource "azurerm_private_endpoint" "peppsql-db-tst" {
<blink>
resource "random_pet" "name_prefix" {
prefix = var.name_prefix
length = 1
}
resource "azurerm_resource_group" "db-tst-rg" {
name = "${random_pet.name_prefix.id}-rg"
location = var.location
}
resource "azurerm_virtual_network" "db-tst-vnet" {
name = "${random_pet.name_prefix.id}-vnet"
resource_group_name = azurerm_resource_group.db-tst-rg.name
location = azurerm_resource_group.db-tst-rg.location
address_space = ["10.0.0.0/16"]
}
resource "azurerm_subnet" "db-tst-snet" {
name = "${random_pet.name_prefix.id}-snet"
resource_group_name = azurerm_resource_group.db-tst-rg.name
virtual_network_name = azurerm_virtual_network.db-tst-vnet.name
address_prefixes = ["10.0.1.0/24"]
delegation {
name = "dbsnet"
service_delegation {
name = "Microsoft.DBforPostgreSQL/flexibleServers"
actions = [
"Microsoft.Network/virtualNetworks/subnets/join/action",
]
}
}
resource "azurerm_private_dns_zone" "db-tst-pdnszn" {
name = "pdnszndb.postgres.database.azure.com"
resource_group_name = azurerm_resource_group.db-tst-rg.name
}
resource "azurerm_private_dns_zone_virtual_network_link" "lnk-pdnszndb-vnet" {
name = "lnk-pdnszndb-vnet"
private_dns_zone_name = azurerm_private_dns_zone.db-tst-pdnszn.name
virtual_network_id = azurerm_virtual_network.db-tst-vnet.id
resource_group_name = azurerm_resource_group.db-tst-rg.name
}
resource "azurerm_postgresql_flexible_server" "psql-db-tst" {
name = "psql-db-tst"
resource_group_name = azurerm_resource_group.db-tst-rg.name
location = azurerm_resource_group.db-tst-rg.location
version = "13"
delegated_subnet_id = azurerm_subnet.db-tst-snet.id
private_dns_zone_id = azurerm_private_dns_zone.db-tst-pdnszn.id
geo_redundant_backup_enabled = false
administrator_login = "psqladmin"
administrator_password = "Adminpsql@123#"
zone = "1"
storage_mb = 32768
storage_tier = "P30"
sku_name = "GP_Standard_D2s_v3"
depends_on = [azurerm_private_dns_zone_virtual_network_link.lnk-pdnszndb-vnet]
}
resource "azurerm_private_endpoint" "peppsql-db-tst" {
name = "peppsql-db-tst"
location = azurerm_resource_group.db-tst-rg.location
resource_group_name = azurerm_resource_group.db-tst-rg.name
subnet_id = azurerm_subnet.db-tst-snet.id
private_service_connection {
name = "psc-db-tst"
private_connection_resource_id = azurerm_postgresql_flexible_server.psql-db-tst.id
subresource_names = ["postgresqlServer"]
is_manual_connection = false
}
private_dns_zone_group {
name = "dnsgrppsql-db-tst"
private_dns_zone_ids = [azurerm_private_dns_zone.db-tst-pdnszn.id]
}
}
resource "azurerm_postgresql_flexible_server_database" "testdb-tst" {
name = "tst-db"
server_id = azurerm_postgresql_flexible_server.psql-db-tst.id
charset = "UTF8"
collation = "en_US.utf8"
}
</blink>
Tried to apply the above code , but got error below saying "The given server psql-db-tst does not support private endpoint feature. Please create a new server that is private endpoint capable."
Error: creating Private Endpoint (Subscription: "xxxxxxxxxxxxxxxxxxxxxxxxxxxx"
│ Resource Group Name: "psql-tst-buck-rg"
│ Private Endpoint Name: "peppsql-db-tst"): performing CreateOrUpdate: unexpected status 400 (400 Bad Request) with error: : Call to Microsoft.DBforPostgreSQL/flexibleServers failed. Error message: The given server psql-db-tst does not support private endpoint feature. Please create a new server that is private endpoint capable. Refer to https://aka.ms/pgflex-pepreview for more details.
│
│ with azurerm_private_endpoint.peppsql-db-tst,
│ on main.tf line 96, in resource "azurerm_private_endpoint" "peppsql-db-tst":
│ 96: resource "azurerm_private_endpoint" "peppsql-db-tst" {
I also received the same error as you in my environment.
To deploy a PostgreSQL flexible server with a private endpoint connection, you need to associate a network security group to it and delegate the appropriate subnet as shown below.
Referring to the MSDoc, I tried deploying your requirement and was able to perform it as expected without any errors.
Note: Make sure that you are using the latest Azurerm terraform providers.
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "3.98.0"
}
}
}
provider "azurerm" {
features{}
}
resource "random_pet" "name_prefix" {
prefix = "postgresmy"
length = 1
}
resource "azurerm_resource_group" "main" {
name = random_pet.name_prefix.id
location = "westus"
}
resource "azurerm_virtual_network" "main" {
name = "${random_pet.name_prefix.id}-vnet"
location = azurerm_resource_group.main.location
resource_group_name = azurerm_resource_group.main.name
address_space = ["10.0.0.0/16"]
}
resource "azurerm_network_security_group" "main" {
name = "${random_pet.name_prefix.id}-nsg"
location = azurerm_resource_group.main.location
resource_group_name = azurerm_resource_group.main.name
security_rule {
name = "test123"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}
resource "azurerm_subnet" "main" {
name = "${random_pet.name_prefix.id}-subnet"
virtual_network_name = azurerm_virtual_network.main.name
resource_group_name = azurerm_resource_group.main.name
address_prefixes = ["10.0.2.0/24"]
service_endpoints = ["Microsoft.Storage"]
delegation {
name = "newsub"
service_delegation {
name = "Microsoft.DBforPostgreSQL/flexibleServers"
actions = [
"Microsoft.Network/virtualNetworks/subnets/join/action",
]
}
}
}
resource "azurerm_subnet_network_security_group_association" "main" {
subnet_id = azurerm_subnet.main.id
network_security_group_id = azurerm_network_security_group.main.id
}
resource "azurerm_private_dns_zone" "main" {
name = "${random_pet.name_prefix.id}-pdz.postgres.database.azure.com"
resource_group_name = azurerm_resource_group.main.name
depends_on = [azurerm_subnet_network_security_group_association.main]
}
resource "azurerm_private_dns_zone_virtual_network_link" "main" {
name = "${random_pet.name_prefix.id}-pdzvnetlink.com"
private_dns_zone_name = azurerm_private_dns_zone.main.name
virtual_network_id = azurerm_virtual_network.main.id
resource_group_name = azurerm_resource_group.main.name
}
resource "azurerm_postgresql_flexible_server" "main" {
name = "${random_pet.name_prefix.id}-server"
resource_group_name = azurerm_resource_group.main.name
location = azurerm_resource_group.main.location
version = "13"
delegated_subnet_id = azurerm_subnet.main.id
private_dns_zone_id = azurerm_private_dns_zone.main.id
administrator_login = "adminTerraform"
administrator_password = "Adminpsql@123#"
#zone = "1"
storage_mb = 32768
sku_name = "GP_Standard_D2s_v3"
backup_retention_days = 7
depends_on = [azurerm_private_dns_zone_virtual_network_link.main]
}
Deployment succeeded:
- How to resolve paging when retrieving data from REST API in R
- SearchService deployment fails if the resource exists
- Azure Bicep - Referencing a variable that cannot be calculated at the start
- Local development with Azure SignalR Service and Azure Functions
- Azure Functions & Application Insights requests "Operation Link" empty
- Disabling allow public blob access using terraform
- how to retrieve all resources under given subnet using Azure Resource Graph Explorer query
- I'm using SSIS in ADF to move .csv from a blob container to another and then ingest into a Azure SQL database. I get an assembly error
- How to build expression in ADF from json using parameterized variable?
- Reference a variable azure pipeline not working
- Graph Powershell adding a user to PIM for a privileged security group
- Indexing static HTML blob storage content with Azure Cognitive Search is not working as expected
- Azure python webapp deploy shows as running even though it is successful
- Azure pipeline get Pull request source and target branch name
- Error while copying Azure Storage table from one Storage to another storage table using Powershell script
- Azure Function App Fails to Delete Blob Image After Deployment
- Use Azure AD authentication but manage roles in database in .NET 6
- Microsoft Azure VMs IaaS or PaaS?
- Can an application property be updated/deleted from a ServiceBusReceivedMessage?
- Why is my Blazor Web App throwing a SocketException when authenticating with OpenIddict when deployed to Azure App Service?
- RPC failed: curl 56 failure when receiving data from the peer
- Read 'Attribute & Claims' from SAML Entra application configuration using PowerShell
- Reading Excel file returns 'Invalid Request' error
- Is it possible to clone an Azure Container App?
- Unable to Enable Encryption at host for Azure VM
- Application Insights does not capture information level logging
- How to look up logical partition count and size in Cosmos DB
- AzureRmWebAppDeployment@4 tries to deploy to a wrong URL to Linux app plan
- Azure B2C client credentials flow throws invalid_grant AADB2C90085
- Why I can't create azurerm_app_service connection?