aca-internal-front-door-integration deployment issue

Question

aca-internal-front-door-integration deployment issue

Opened this issue 5 months ago · 3 comments

Hello @cbellee,
Firstly, I would like to thank you for providing the repository. However, upon deploying the “aca-internal-front-door-integration” solution, I encountered an error. Could you please assist me in resolving this issue?
module-afd
colour5-afd-lcgyrlz6xch4o/secret-1
Secret
BadReques
{
"status": "Failed",
"error": {
"code": "BadRequest",
"message": "The Key Vault resource uri is not valid."
}
}

i suspect that the issue may reside within this segment of the code : resource wildcardCertificate 'Microsoft.Cdn/profiles/secrets@2022-11-01-preview' = {
parent: frontDoor
name: 'test-com'
properties: {
parameters: {
type: 'CustomerCertificate'
secretSource: {
id: resourceId('Microsoft.KeyVault/vaults/secrets', keyVault.name, secretName)
}
useLatestVersion: true
subjectAlternativeNames: [
'.${publicDomainName}'
'.internal.${publicDomainName}'
]
}
}
dependsOn: [
keyVaultRbac
]
}

the cert import is successful and i see it under certificates section of key vault , could you please help identifying the issue ?
Thanks

Answer 1 · 2024-05-09T16:42:01.000Z

Additionally, I am uncertain about the functionality of this parameter. Could you please provide more context or details? : param externalDomainResourceGroupName string = 'external-dns-zones-rg'

resource dnsZone 'Microsoft.Network/dnsZones@2023-07-01-preview' existing = {
name: dnsZoneName
scope: resourceGroup(externalDomainResourceGroupName)
}
resource keyVault 'Microsoft.KeyVault/vaults@2023-07-01' existing = {
name: keyVaultName
scope: resourceGroup(externalDomainResourceGroupName)
}
i don't see any resource group get created with this name ??
Thanks

Answer 2 · 2024-05-13T04:57:31.000Z

HI @MohamedElso, Thanks for reaching out! I haven't deployed this in a while, so will need to try it myself and get back to you.

For your second question, I have an Azure public DNS zone with the same name as the TLS certificate domain. I must have forgotten to remove the default value of external-dns-zones-rg from it, but you'd need to override it with the name of your own resource group containing the DNS zone.

Answer 3 · 2024-05-17T13:28:23.000Z

@cbellee thank you for your answer, waiting for your response about the mentioned issue.