Giters

Azure / ALZ-Bicep

This repository contains the Azure Landing Zones (ALZ) Bicep modules that help deliver and deploy the Azure Landing Zone conceptual architecture in a modular approach. https://aka.ms/alz/docs

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Deployment alz-bicep-4a-hubspoke fails when AzureFirewall disabled

jbarrancos opened this issue · comments

commented

What happened? Provide a clear and concise description of the bug, including deployment details.

When disabling AzureFirewall in HubSpoke configuration hubNetworking.parameters.all.json:

"parAzFirewallEnabled": {
"value": false
}

and having no AzureFirewallSubnet in the "parSubnets": { } It still wants a subnet named AzureFirewallSubnet:

Resource /subscriptions/xxxxx/resourceGroups/rg-xxxx-connectivity/providers/Microsoft.Network/virtualNetworks/vnt-hub-prd-we-001/subnets/AzureFirewallSubnet not found. (Code: NotFound)

It seems that this is related to the following part in the: ALZ-Platform\upstream-releases\V0.17.1\infra-as-code\bicep\modules\hubNetworking\hubNetworking.bicep file:

resource resAzureFirewallSubnetRef 'Microsoft.Network/virtualNetworks/subnets@2023-02-01' existing = {
parent: resHubVnet
name: 'AzureFirewallSubnet'
}

Which should be checking if AzureFirewall is enabled, before expecting the subnet:

resource resAzureFirewallSubnetRef 'Microsoft.Network/virtualNetworks/subnets@2023-02-01' existing = if (parAzFirewallEnabled) {
parent: resHubVnet
name: 'AzureFirewallSubnet'
}

This fixes the issue.

Please provide the correlation id associated with your error or bug.

c666a676-ac51-4ebc-adf7-50e0b3a73cbb

What was the expected outcome?

Deployment without expecting FirewallSubnet

Relevant log output

{
  "code": "NotFound",
  "message": "Resource /subscriptions/xxxxx/resourceGroups/rg-xxxx-connectivity/providers/Microsoft.Network/virtualNetworks/vnt-hub-prd-we-001/subnets/AzureFirewallSubnet not found.",
  "details": []
}

Check previous GitHub issues

  • I have searched the issues for this item and found no duplicate

Code of Conduct

  • I agree to follow this project's Code of Conduct
commented

Hey @jbarrancos, appreciate you calling out this issue. We do actually have a team member working on improving this specifically for this module. See https://github.com/orgs/Azure/projects/610/views/1?pane=issue&itemId=52291857. I am glad you were able to get it sorted out, and thanks for sharing your approach!

cc: @FallenHoot