I’ve been fine-tuning some Terraform config for Azure Application Gateway lately, and have thus been fine-tuning my understanding of its components. This Microsoft Doc about the App Gateway configuration was quite helpful because of it’s diagram.
Here’s a few items I’ve learned:
- Terraform: You must separate out private IP and public IP into different front-end configurations. If you wish to utilize both to be associated with listeners, you’d have two config blocks:
-
frontend_ip_configuration { name = "${local.frontend_ip_configuration_name}" public_ip_address_id = "${azurerm_public_ip.test.id}" }
-
frontend_ip_configuration { name = "${local.frontend_ip_configuration_name}" subnet_id = "${azurerm_subnet.test.id}" private_ip_address_id = "${azurerm_subnet.testsub.id}" private_ip_address_allocation = Static }
-
- General: A listener can only be associated with 1 front end IP (either private or public). Originally I thought that I could have both a private and public front-end that were associated with the same listener, and thus the same rule with a backend. This isn’t possible, and instead you must have unique listeners to each front end configuration.
- Terraform: Terraform seems to have a problem adding multiple rules touching the same backend. Even though these were unique rules associated with unique listeners, Terraform gave this error: ApplicationGatewayBackendAddressPoolCannotHaveDuplicateAddress
- This was seen while trying to add an additional rule after an original was created. I haven’t yet tried to perform a ‘terraform apply’ from a fresh start with two rules referencing the same backend.
- General: You can’t have multiple listeners on the same front-end port across two different front-end configurations. If you do, you receive the following error:
- For example, if I have port 80 on my private front-end config, I can add multi-site listeners based on hostname here to target multiple rules and backends. But this means I cannot use port 80 on the public front-end configuration anymore; a different port would be required.
- Error: Two Http Listeners of Application Gateway are using the same Frontend Port and HostName (ApplicationGatewayFrontendPortsUsingSamePortNumber)