Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update app gateway with separate network and add WAF protections #480

Merged
merged 3 commits into from
Dec 13, 2024

Conversation

marycrawford
Copy link
Collaborator

@marycrawford marycrawford commented Dec 12, 2024

Description

Updated appgw with its own independent subnet and added Web Application Firewall (WAF) protections to provide added security for our end users and Azure resources. The separate subnet resolved the error shown below. This error resulted when we were using the load balancer subnet in our gateway configurations, causing conflicts when trying to deploy the appgw via terraform.

Error: creating Application Gateway (Subscription: "72d4d159-ba2c-4fee-82da-4ff96e9195cb"
│ Resource Group Name: "reportvision-rg-dev"
│ Application Gateway Name: "reportvision-appgateway-dev"): performing CreateOrUpdate: unexpected status 400 (400 Bad Request) with error: ApplicationGatewaySubnetCannotHaveOtherResources: Subnet /subscriptions/72d4d159-ba2c-4fee-82da-4ff96e9195cb/resourceGroups/reportvision-rg-dev/providers/Microsoft.Network/virtualNetworks/reportvision-vnet-dev/subnets/reportvision-lb-subnet-dev cannot be used for application gateway /subscriptions/72d4d159-ba2c-4fee-82da-4ff96e9195cb/resourceGroups/reportvision-rg-dev/providers/Microsoft.Network/applicationGateways/reportvision-appgateway-dev since it has other resources deployed. Subnet used for application gateway can only have other application gateways.
│ 
│   with module.app_gateway.azurerm_application_gateway.load_balancer,
│   on modules/app_gateway/main.tf line 36, in resource "azurerm_application_gateway" "load_balancer":
│   36: resource "azurerm_application_gateway" "load_balancer" {

Related Issues

#463

Checklist

  • [ x ] The title of this PR is descriptive and concise.
  • [ x ] My changes follow the style guidelines of this project.
  • [ x ] Terraform code has been tested.
  • [ x ] I've let the team know about this PR by linking it in the review channel

@marycrawford marycrawford self-assigned this Dec 12, 2024
@marycrawford marycrawford marked this pull request as draft December 12, 2024 19:31
@marycrawford marycrawford marked this pull request as ready for review December 13, 2024 05:17
@marycrawford marycrawford changed the title update application gateway to include WAF protection update app gateway with separate network and add WAF protections Dec 13, 2024
Copy link
Collaborator

@arinkulshi-skylight arinkulshi-skylight left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@marycrawford marycrawford added this pull request to the merge queue Dec 13, 2024
Merged via the queue into main with commit c75061f Dec 13, 2024
1 check passed
@marycrawford marycrawford deleted the enable-waf-config-for-appgateway branch December 13, 2024 19:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Update App Gateway with Indendent Network and Add WAF/Firewall Protections
2 participants