Management Public IP for Zonal Firewall is not zonal; deployment fails

[SvenAelterman]

Is there an existing issue for this?

• I have searched the existing issues

Greenfield/Brownfield provisioning

greenfield

Terraform Version

1.9.2

Module Version

1.2.0

AzureRM Provider Version

3.113.0

Affected Resource(s)/Data Source(s)

azurerm_firewall

Terraform Configuration Files

Generated by ALZ Terraform accelerator + manual modifications for Basic Firewall tier:

connectivity:
  hubnetworking: # `hubnetworking` module, add inputs as listed on the module registry where necessary.
    hub_virtual_networks:
      primary:
        name: hub-demo-vnet-cnc-01
        resource_group_name: network-demo-rg-cnc-01
        location: ${default_location}
        address_space:
          - 10.0.0.0/23
        # TODO: Add DNS servers, once deployed
        #dns_servers: [""]
        # TODO: Add tags
        tags: {}
        # TODO: Add custom subnets, for Bastion
        # subnets:
        #   - name: AzureBastionSubnet
        #     address_prefixes: 10.0.0.128/26
        #     delegation:
        #       name: Microsoft.Network/bastionHosts
        #       service_delegation:
        #         name: Microsoft.Bastion
        #         actions: ["Microsoft.Network/bastionHosts/*"]
        firewall:
          name: hub-demo-fw-cnc-01
          sku_name: AZFW_VNet
          sku_tier: Basic
          subnet_address_prefix: 10.0.0.0/26
          management_subnet_address_prefix: 10.0.0.64/26
          zones: ["1", "2", "3"]
          default_ip_configuration:
            public_ip_config:
              zones: ["1", "2", "3"]
              name: "hub-demo-fw-pip-cnc-01"
          management_ip_configuration:
            public_ip_config:
              zones: ["1", "2", "3"]
              name: "hub-demo-fw-mgmt-pip-cnc-01"

tfvars variables values

configuration_file_path         = ""
default_location                = "canadacentral"
default_postfix                 = "landing-zone"
root_parent_management_group_id = ""
subscription_id_connectivity    = "fca9eaf6-728a-4252-9e2d-aa2532c82614"
subscription_id_identity        = "d08095f8-98fa-434e-8f14-6d06471029b0"
subscription_id_management      = "efd2877e-cc6a-4660-ab6d-60f1c33f3ded"

Debug Output/Panic Output

Azure Firewall Name: "hub-demo-fw-cnc-01"): performing CreateOrUpdate: unexpected status 400 (400 Bad Request) with error: ZonalAzureFirewallCannotReferenceNoZonePublicIp: Azure Firewall /subscriptions/fca9eaf6-728a-4252-9e2d-aa2532c82614/resourceGroups/network-demo-rg-cnc-01/providers/Microsoft.Network/azureFirewalls/hub-demo-fw-cnc-01 has zone constraint 2, 3, 1, but Public IP /subscriptions/fca9eaf6-728a-4252-9e2d-aa2532c82614/resourceGroups/network-demo-rg-cnc-01/providers/Microsoft.Network/publicIPAddresses/hub-demo-fw-mgmt-pip-cnc-01 referenced by the azure firewall has no zones

Expected Behaviour

Public IP addresses should be correctly configured for zonal support

Actual Behaviour

Deployment errored

Steps to Reproduce

No response

Important Factoids

No response

References

No response

[SvenAelterman]

I've found the root cause. It's a set of typos.

[SvenAelterman]

This was resolved with #79