TOT

Gateway URL
https://apim-esp-qa-01.azure-api.net
Gateway regional URL
https://apim-esp-qa-01-eastus2-01.regional.azure-api.net
Portal URL
https://apim-esp-qa-01.portal.azure-api.net
Management API URL
https://apim-esp-qa-01.management.azure-api.net
Scm URL
https://apim-esp-qa-01.scm.azure-api.net
Developer portal URL
https://apim-esp-qa-01.developer.azure-api.net



# Provider configuration
provider "azurerm" {
  alias             = "primary"
  subscription_id   = "d4e6a562-12f4-40da-9747-6fa23ff3dcb1"  # Primary subscription for APIM
  features {}

  skip_provider_registration = true
}

provider "azurerm" {
  alias                     = "secondary"
  subscription_id           = "9826d6c1-2631-4848-8485-8ee1c050d023"  # Secondary subscription for Private DNS Zone, Private Link, and Private Endpoint
  features {}

  skip_provider_registration = true
}


# Data Sources for Existing Resources

# Data source to fetch details about the existing resource group for APIM
data "azurerm_resource_group" "apim_rg" {
  name     = "rg-esp-qa"
  provider = azurerm.primary
}

data "azurerm_resource_group" "qa-resourcegp" {
  name = "NET-EUS2-QA-RG"  
}

# Data source to fetch details about the existing virtual network
data "azurerm_virtual_network" "vnet" {
  name                = "VNET-QA-10.118.0.0-17"
  resource_group_name = "NET-EUS2-QA-RG"
  provider            = azurerm.primary
}

# Data source to fetch details about the existing subnet within the virtual network
data "azurerm_subnet" "subnet" {
  name                 = "APIM-QA-Subnet"
  virtual_network_name = data.azurerm_virtual_network.vnet.name
  resource_group_name  = "NET-EUS2-QA-RG"
  provider             = azurerm.primary
}

# Data source to fetch details about the PrivateEndpointQA-Subnet within the virtual network
data "azurerm_subnet" "private_endpoint_subnet" {
  name                 = "PrivateEndpointQA-Subnet"
  virtual_network_name = data.azurerm_virtual_network.vnet.name
  resource_group_name  = "NET-EUS2-QA-RG"
  provider             = azurerm.primary
}

# Data source to fetch details about the existing resource group for private resources
data "azurerm_resource_group" "private_rg" {
  name     = "NET-EUS2-PROD-RG"
  provider = azurerm.secondary
}

## Data source to fetch details about the existing Private DNS Zone
data "azurerm_private_dns_zone" "private_dns_zone" {
  name                = "privatelink.azure-api.net"
  resource_group_name = data.azurerm_resource_group.private_rg.name
  provider            = azurerm.secondary
}


## APIM Resource Definition

resource "azurerm_api_management" "apim" {
  name                = "apim-esp-qa-01"
  location            = "East US 2"
  resource_group_name = data.azurerm_resource_group.apim_rg.name
  publisher_name      = "apim-esp-qa-publisher"
  publisher_email     = "michael.million@neogenomics.com"
  sku_name            = "Developer_1"

  identity {
    type = "SystemAssigned"
  }
  #--

  tags = var.tags

  # subnet_id = data.azurerm_subnet.subnet.id  # Place APIM in the desired subnet
}


## Private DNS Zone Link and Private Endpoint Resources

# Resource for linking the existing Private DNS Zone with a virtual network
# resource "azurerm_private_dns_zone_virtual_network_link" "dns_vnet_link" {
#   name                  = "vnl-qa-sdwan"
#   resource_group_name   = data.azurerm_resource_group.private_rg.name
#   private_dns_zone_name = data.azurerm_private_dns_zone.private_dns_zone.name
#   virtual_network_id    = data.azurerm_virtual_network.vnet.id
#   provider              = azurerm.secondary
# }

# Resource for linking the existing Private DNS Zone with a virtual network
data "azurerm_private_dns_zone_virtual_network_link" "dns_vnet_link" {
    name = "vnl-qa-sdwan"
    resource_group_name   = data.azurerm_resource_group.private_rg.name
    #resource_group_name = data.azurerm_resource_group.qa-resourcegp.name
    private_dns_zone_name = data.azurerm_private_dns_zone.private_dns_zone.name
    provider              = azurerm.secondary
}

# Resource for creating a Private Endpoint
resource "azurerm_private_endpoint" "private_endpoint" {
  name                = "pe-apim-esp-qa-01"
  #location            = data.azurerm_resource_group.private_rg.location
  location            = data.azurerm_resource_group.qa-resourcegp.location
  resource_group_name = data.azurerm_resource_group.qa-resourcegp.name
  subnet_id           = data.azurerm_subnet.private_endpoint_subnet.id
  provider            = azurerm.primary

   private_service_connection {
    name                           = "pe-apim-apim-esp-qa-connection"
    private_connection_resource_id = azurerm_api_management.apim.id
    subresource_names              = ["Gateway"]
    is_manual_connection           = false
  }
}

# Resource for creating a DNS A record in the Private DNS Zone
resource "azurerm_private_dns_a_record" "dns_a_record" {
  name                = azurerm_api_management.apim.name
  zone_name           = data.azurerm_private_dns_zone.private_dns_zone.name
  resource_group_name = data.azurerm_resource_group.private_rg.name
  ttl                 = 300
  records             = [azurerm_private_endpoint.private_endpoint.private_service_connection[0].private_ip_address]
  tags                = {
    environment = "QA"
    purpose     = "ESP"
    owner       = "Apandeep Singh"
    created_by  = "Terraform IaC"
  }
  provider            = azurerm.secondary
}


Comments

Post a Comment

Popular posts from this blog

On-Premises to Cloud

 Connecting on-premises networks to the cloud is a critical aspect of hybrid cloud architecture. This connectivity allows organizations to extend their existing IT infrastructure into the cloud, ensuring seamless communication and integration between on-premises resources and cloud services. Here are the primary methods and services used to achieve this connectivity in Azure: ### Methods of Connecting On-Premises Networks to Azure 1. **Site-to-Site VPN**    - **VPN Gateway**: Azure VPN Gateway connects on-premises networks to Azure VNets over an IPsec/IKE (IKEv1 and IKEv2) VPN tunnel.    - **Advantages**: Cost-effective, easy to set up.    - **Use Cases**: Suitable for development and testing environments, small to medium-sized deployments. 2. **ExpressRoute**    - **Azure ExpressRoute**: Provides a private, dedicated connection between on-premises networks and Azure. It does not go over the public internet, offering higher security, reliabil...
Read more

issue

 {   "code": "ServiceProviderActionFailed",   "message": "The service provider action failed with error code 'BadGateway' and error message 'A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. ErrorCode: TimedOut (ServiceCommunicationProblem).
Read more