referencing different subscription resource
I have DEV,NPR and PRD subscriptions. In each environment I have container app's(our own build agents are running) running on VNET + SUBNET. T make DEV AKV private and should accessible inside, creating private endpoint from DEV AKV to NPR subscription.
Is it possible with terraform ? I am reading the NPR VNET & SUBNET as dataset in dev provision. but while creating the private point with terraform getting below error.
The referenced resource not found.
Private Endpoint Name: "akv-private-endpoint"): performing CreateOrUpdate: unexpected status 400 (400 Bad Request) with error: InvalidResourceReference: Resource /subscriptions/NPR_SUB/resourceGroups/NPR-RG/providers/Microsoft.Network/virtualNetworks/NPR-VMSS-NETWORK referenced by resource /subscriptions/DEV_SUB/resourceGroups/DEV-rg/providers/Microsoft.Network/privateEndpoints/DEV-private-endpoint was not found. Please make sure that the referenced resource exists, and that both resources are in the same region.
Do i need to have additional rights from dev service principle to NPR resources ?
Referencing different subscription resource while using terraform
With the limited Info from the error description, it seems the private endpoint is being created in the DEV subscription, but it references a virtual network in the NPR subscription.
Basically, when the service principal doesn't have enough permission, you might get the authentication issue due to lack of necessary permissions on the NPR subscription to access or modify the referenced VNET or Subnet.
we need at least Network Contributor access on the NPR subscription's virtual network and subnet
Before running the script make sure the private endpoint and the target virtual network/subnet are in the same Azure region.
Sometimes region differences may cause dependency issue on each other Ultimately causes the issue.
Refer:
https://learn.microsoft.com/en-us/azure/private-link/private-endpoint-overview
- "Schema" property not found in Postgres Connector
- Downloading file from Azure blob storage via Memory Stream
- Reading env variable from template.yaml
- HTTP Error 500.30 - ASP.NET Core app failed to start - Azure
- Azure DevOps Pipelines: TerraformTaskV4: init with different subscription and Workflow Identity Federation
- Enabling HTTPS for a Azure blob static website
- How to search across many Azure Devops Git project and find all files which contain specific text AND which filename contains "Resource"
- Hosting SPA with Static Website option on Azure Blob Storage (clean URLs and Deep links)
- Using Managed Identity to Access Azure OpenAI Service
- Azure data factory not loading
- Transfer encrypted dataprotection keys from a windows vm to azure keyvault
- Refresh powerBI data with additional column
- Azure Application Insights AKS - How to Create 1 custom alert rule which will trigger multiple alerts, but with different names (per pod name)?
- gRPC and REST side by side in Azure App Service, Linux Container
- Connecting to a SignalR WSS stream but not getting the response i am looking for
- SignalR prevent user from opening multiple sessions in different tabs
- Application Insights -_logger.LogInformation
- CosmosDB is not allowing serverless capabalities to NoSQL, it says I must use CapacityMode
- Azure Webapp / Website Swap : HTTP Ping Error
- Microsoft Graph API - Update phoneMethods is no longer working
- Use Azure Key Vault secret in Header section of Web Activity
- Azure Storage blob getting the io.netty.channel.StacklessClosedChannelException while generating /downloading the from SasUrl
- How do I save and later load Azure AnalyzeResult object in python?
- Office 365 Exchange Online permission is not visible for registered application in azure active directory
- Azure ADF - HTTP : Table from list
- Self hosted azure devops build agent not getting tool from $PATH
- Azure devops pipeline stages template nesting
- Azure APIM is returning the incorrect HTTP response error when call is missing mandatory querystring parameter
- Azure DevOps build pipeline logid for a specific task - dynamically
- PS script to fetch the list non-compliance resource list with respect to policy from multiple subscriptions