‘D:\home\site\wwwroot\host.json’ is denied.

 Function App will not start or deployment will thrown an error as below:

'D:\home\site\wwwroot\host.json' is denied.

If you receive a System.UnauthorizedAccessException with a message Access to the path ‘D:\home\site\wwwroot\host.json’ is denied, 

then mostly likely access from functionapp to the Azure Storage Account is being blocked where Azure Function is hosted.  

1) Check if your functionapp is restricted to a specific VNET  as shown below:

If it is not configured to a specific VNET then make sure the storage account where the function app is hosted has selected "ALL Networks" as shown below

If the function app is configured to a specific VNET then make sure the storage account where the function app is hosted has selected "Specific Networks" and the VNET is selected from the listed as shown below

How to import a resource in terraform if not is not being managed already

 If a cloud resource is not being managed by your terraform scripts then in the below post I will show you how you can make terraform mange it.

I have a resource already created by ARM templates but now I want it managed by terraform.

Ex:-

azurerm_subnet.app-subnet: Creating...

azurerm_subnet.app-subnet: Creating...

 Error: A resource with the ID "/subscriptions/12XXXXXXX058f0/resourceGroups/XXXcare-rg/providers/Microsoft.Network/virtualNetworks/datacare-vnet/subnets/xxxcare-appsubnet" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_subnet" for more information.

  on main.tf line 29, in resource "azurerm_subnet" "app-subnet":

   29: resource "azurerm_subnet" "app-subnet" {

Now if we want terraform to manage this resource we need to add (import) this resource into the state file. 

First get the resource id of this resource from properties blade.

Then use the below command to import the resource into the state file.

terraform import azurerm_subnet.app-subnet /subscriptions/12XXX58f0/resourceGroups/care-rg/providers/Microsoft.Network/virtualNetworks/my-vnet

Ex:-

samshaik@shaikprod:~/terraform/azure/confluence$ terraform import azurerm_subnet.app-subnet /subscriptions/12XXX58f0/resourceGroups/care-rg/providers/Microsoft.Network/virtualNetworks/my-vnet

azurerm_subnet.app-subnet: Importing from ID "/subscriptions/12XXX58f0/resourceGroups/care-rg/providers/Microsoft.Network/virtualNetworks/my-vnet"...

azurerm_subnet.app-subnet: Import prepared!

  Prepared azurerm_subnet for import

azurerm_subnet.app-subnet: Refreshing state... [id=/ssubscriptions/12XXX58f0/resourceGroups/care-rg/providers/Microsoft.Network/virtualNetworks/my-vnet]

Import successful!

The resources that were imported are shown above. These resources are now in your Terraform state and will henceforth be managed by Terraform.

Now create the plan again:

samshaik@shaikprod:~/terraform/azure/confluence$ terraform plan -out confluencedev.plan

Plan: 3 to add, 0 to change, 1 to destroy.

Saved the plan to: confluencedev.plan

To perform exactly these actions, run the following command to apply:

    terraform apply "confluencedev.plan"

Now apply the plan to create the resources:

Plan: 3 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?

  Terraform will perform the actions described above.

  Only 'yes' will be accepted to approve.

  Enter a value: yes

How to export VM Image in Azure

How to export VM Image in Azure

Create the snapshot using the below JSON template, if you already have a snapshot then you can skip this step.

{

  "id": "/subscriptions/subid/resourceGroups/MYAPP/providers/Microsoft.Resources/deployments/Snapshot.az-mydisk-os-post-upgrade-20210428111917",

  "name": "Snapshot.az-mydisk-os-post-upgrade-20210428111917",

  "type": "Microsoft.Resources/deployments",

  "tags": {

    "primaryResourceId": "/subscriptions/subid/resourceGroups/MYAPP/providers/Microsoft.Compute/snapshots/az-mydisk-os-post-upgrade",

    "marketplaceItemId": "Microsoft.Snapshot"

  },

  "properties": {

    "templateHash": "13238197693155926102",

    "parameters": {

      "apiVersion": {

        "type": "String",

        "value": "2020-09-30"

      },

      "name": {

        "type": "String",

        "value": "az-mydisk-os-post-upgrade"

      },

      "location": {

        "type": "String",

        "value": "eastus"

      },

      "accountType": {

        "type": "String",

        "value": "Standard_LRS"

      },

      "createOption": {

        "type": "String",

        "value": "Copy"

      },

      "sourceUri": {

        "type": "String",

        "value": "/subscriptions/subid/resourceGroups/MYAPP/providers/Microsoft.Compute/disks/mydisk_OsDisk_1_29a2c78fb9b8b27"

      },

      "incremental": {

        "type": "String",

        "value": "false"

      },

      "diskEncryptionSetType": {

        "type": "String",

        "value": "EncryptionAtRestWithPlatformKey"

      },

      "networkAccessPolicy": {

        "type": "String",

        "value": "DenyAll"

      }

    },

    "mode": "Incremental",

    "debugSetting": {

      "detailLevel": "None"

    },

    "provisioningState": "Succeeded",

    "timestamp": "2021-04-28T15:19:28.849237Z",

    "duration": "PT12.642492S",

    "correlationId": "2008b5e6-9306-4413-b595-0663861bd405",

    "providers": [

      {

        "namespace": "Microsoft.Compute",

        "resourceTypes": [

          {

            "resourceType": "snapshots",

            "locations": [

              "eastus"

            ]

          }

        ]

      }

    ],

    "dependencies": [],

    "outputResources": [

      {

        "id": "/subscriptions/subid/resourceGroups/MYAPP/providers/Microsoft.Compute/snapshots/az-mydisk-os-post-upgrade"

      }

    ],

    "validationLevel": "Template"

  }

}

Make sure that you have appropriate access level set while creating the snapshot. Only with public endpoint connectivity method you will be able to export the snapshot and share it outside of your VNET.

Go to the snapshot:

Then snapshot export:

If you don't see the Generate URL option then change the networking settings to public for this snapshot.

Now click on Generate URL:

Now copy the url in a browser and download the entire image, you can also use wget via command line to download the image.

How to create cloud infrastructure using terraform scripts.

Here is the sample code to create few resource groups/Network and storage in the cloud.

Here is my main.tf file which will call variables file to lookup the variables that I have defined.

# Provider source and version being used

terraform {

required_providers {

azurerm = {

source = "hashicorp/azurerm"

version = "=2.46.0"

}

}

}

# Configure the Microsoft Azure Provider

provider "azurerm" {

features {}

}

# Create a resource group in existing VNET

resource "azurerm_resource_group" "dev-rg" {

name = "${var.resource_group_name}"

location = "${var.locations["location1"]}"

}

# Create a virtual network within the resource group

resource "azurerm_virtual_network" "dev-vnet" {

name = "${var.virtual_network_name}"

resource_group_name = "${var.resource_group_name}"

location = "${var.locations["location1"]}"

address_space = "${var.address_prefixes}"

depends_on = [azurerm_resource_group.dev-rg]

}

# Create a Subnet in existing VNET

resource "azurerm_subnet" "dev-app-subnet" {

name = "db-subnet"

resource_group_name = "${var.resource_group_name}"

virtual_network_name = "${var.virtual_network_name}"

address_prefixes = ["10.0.1.0/24"]

depends_on = [azurerm_resource_group.dev-rg, azurerm_virtual_network.dev-vnet]

delegation {

name = "delegation"

service_delegation {

name = "Microsoft.ContainerInstance/containerGroups"

actions = ["Microsoft.Network/virtualNetworks/subnets/join/action", "Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action"]

}

}

}

Here is my variables file:

variable "resource_group_name" {

default = "dev-rg"

}

variable "locations" {

type = map(string)

default = {

location1 = "eastus"

location2 = "westus"

}

}

variable "virtual_network_name" {

default = "dev-vnet"

}

variable "address_prefixes" {

type = list(string)

default = ["10.0.0.0/16"]

}

variable "vnet_app_subnet" {

description = "The subnet id of the virtual network where the virtual machines will reside."

type = list(string)

default = ["10.0.1.0/24"]

}

samshaik@shaikprod:~/terraform/lab$ terraform init

Initializing the backend...

Initializing provider plugins...

- Reusing previous version of hashicorp/azurerm from the dependency lock file

- Using previously-installed hashicorp/azurerm v2.46.0

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see

any changes that are required for your infrastructure. All Terraform commands

should now work.

If you ever set or change modules or backend configuration for Terraform,

rerun this command to reinitialize your working directory. If you forget, other

commands will detect it and remind you to do so if necessary.

samshaik@shaikprod:~/terraform/lab$ terraform plan

azurerm_resource_group.dev-rg: Refreshing state... [id=/subscriptions/cdc85617-7bc1-49b9-9350-1091dac2c37b/resourceGroups/dev-rg]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:

  + create

Terraform will perform the following actions:

  # azurerm_subnet.dev-app-subnet will be created

  + resource "azurerm_subnet" "dev-app-subnet" {

      + address_prefix                                 = (known after apply)

      + address_prefixes                               = [

          + "10.0.1.0/24",

        ]

      + enforce_private_link_endpoint_network_policies = false

      + enforce_private_link_service_network_policies  = false

      + id                                             = (known after apply)

      + name                                           = "db-subnet"

      + resource_group_name                            = "dev-rg"

      + virtual_network_name                           = "dev-vnet"

      + delegation {

          + name = "delegation"

          + service_delegation {

              + actions = [

                  + "Microsoft.Network/virtualNetworks/subnets/join/action",

                  + "Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action",

                ]

              + name    = "Microsoft.ContainerInstance/containerGroups"

            }

        }

    }

  # azurerm_virtual_network.dev-vnet will be created

  + resource "azurerm_virtual_network" "dev-vnet" {

      + address_space         = [

          + "10.0.0.0/16",

        ]

      + guid                  = (known after apply)

      + id                    = (known after apply)

      + location              = "eastus"

      + name                  = "dev-vnet"

      + resource_group_name   = "dev-rg"

      + subnet                = (known after apply)

      + vm_protection_enabled = false

    }

Plan: 2 to add, 0 to change, 0 to destroy.

samshaik@shaikprod:~/terraform/lab$ terraform apply

azurerm_resource_group.dev-rg: Refreshing state... [id=/subscriptions/cdc85617-7bc1-49b9-9350-1091dac2c37b/resourceGroups/dev-rg]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:

  + create

Terraform will perform the following actions:

  # azurerm_subnet.dev-app-subnet will be created

  + resource "azurerm_subnet" "dev-app-subnet" {

      + address_prefix                                 = (known after apply)

      + address_prefixes                               = [

          + "10.0.1.0/24",

        ]

      + enforce_private_link_endpoint_network_policies = false

      + enforce_private_link_service_network_policies  = false

      + id                                             = (known after apply)

      + name                                           = "db-subnet"

      + resource_group_name                            = "dev-rg"

      + virtual_network_name                           = "dev-vnet"

      + delegation {

          + name = "delegation"

          + service_delegation {

              + actions = [

                  + "Microsoft.Network/virtualNetworks/subnets/join/action",

                  + "Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action",

                ]

              + name    = "Microsoft.ContainerInstance/containerGroups"

            }

        }

    }

  # azurerm_virtual_network.dev-vnet will be created

  + resource "azurerm_virtual_network" "dev-vnet" {

      + address_space         = [

          + "10.0.0.0/16",

        ]

      + guid                  = (known after apply)

      + id                    = (known after apply)

      + location              = "eastus"

      + name                  = "dev-vnet"

      + resource_group_name   = "dev-rg"

      + subnet                = (known after apply)

      + vm_protection_enabled = false

    }

Plan: 2 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?

  Terraform will perform the actions described above.

  Only 'yes' will be accepted to approve.

  Enter a value: yes

azurerm_virtual_network.dev-vnet: Creating...

azurerm_virtual_network.dev-vnet: Creation complete after 4s [id=/subscriptions/cdc85617-7bc1-49b9-9350-1091dac2c37b/resourceGroups/dev-rg/providers/Microsoft.Network/virtualNetworks/dev-vnet]

azurerm_subnet.dev-app-subnet: Creating...

azurerm_subnet.dev-app-subnet: Creation complete after 4s [id=/subscriptions/cdc85617-7bc1-49b9-9350-1091dac2c37b/resourceGroups/dev-rg/providers/Microsoft.Network/virtualNetworks/dev-vnet/subnets/db-subnet]

Apply complete! Resources: 2 added, 0 changed, 0 destroyed.

samshaik@shaikprod:~/terraform/lab$ terraform destroy

azurerm_resource_group.dev-rg: Refreshing state... [id=/subscriptions/cdc85617-7bc1-49b9-9350-1091dac2c37b/resourceGroups/dev-rg]

azurerm_virtual_network.dev-vnet: Refreshing state... [id=/subscriptions/cdc85617-7bc1-49b9-9350-1091dac2c37b/resourceGroups/dev-rg/providers/Microsoft.Network/virtualNetworks/dev-vnet]

azurerm_subnet.dev-app-subnet: Refreshing state... [id=/subscriptions/cdc85617-7bc1-49b9-9350-1091dac2c37b/resourceGroups/dev-rg/providers/Microsoft.Network/virtualNetworks/dev-vnet/subnets/db-subnet]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:

  - destroy

Terraform will perform the following actions:

  # azurerm_resource_group.dev-rg will be destroyed

  - resource "azurerm_resource_group" "dev-rg" {

      - id       = "/subscriptions/cdc85617-7bc1-49b9-9350-1091dac2c37b/resourceGroups/dev-rg" -> null

      - location = "eastus" -> null

      - name     = "dev-rg" -> null

      - tags     = {} -> null

    }

  # azurerm_subnet.dev-app-subnet will be destroyed

  - resource "azurerm_subnet" "dev-app-subnet" {

      - address_prefix                                 = "10.0.1.0/24" -> null

      - address_prefixes                               = [

          - "10.0.1.0/24",

        ] -> null

      - enforce_private_link_endpoint_network_policies = false -> null

      - enforce_private_link_service_network_policies  = false -> null

      - id                                             = "/subscriptions/cdc85617-7bc1-49b9-9350-1091dac2c37b/resourceGroups/dev-rg/providers/Microsoft.Network/virtualNetworks/dev-vnet/subnets/db-subnet" -> null

      - name                                           = "db-subnet" -> null

      - resource_group_name                            = "dev-rg" -> null

      - service_endpoint_policy_ids                    = [] -> null

      - service_endpoints                              = [] -> null

      - virtual_network_name                           = "dev-vnet" -> null

      - delegation {

          - name = "delegation" -> null

          - service_delegation {

              - actions = [

                  - "Microsoft.Network/virtualNetworks/subnets/action",

                ] -> null

              - name    = "Microsoft.ContainerInstance/containerGroups" -> null

            }

        }

    }

  # azurerm_virtual_network.dev-vnet will be destroyed

  - resource "azurerm_virtual_network" "dev-vnet" {

      - address_space         = [

          - "10.0.0.0/16",

        ] -> null

      - dns_servers           = [] -> null

      - guid                  = "53edc62c-1259-4de2-8f6b-60beebee5466" -> null

      - id                    = "/subscriptions/cdc85617-7bc1-49b9-9350-1091dac2c37b/resourceGroups/dev-rg/providers/Microsoft.Network/virtualNetworks/dev-vnet" -> null

      - location              = "eastus" -> null

      - name                  = "dev-vnet" -> null

      - resource_group_name   = "dev-rg" -> null

      - subnet                = [

          - {

              - address_prefix = "10.0.1.0/24"

              - id             = "/subscriptions/cdc85617-7bc1-49b9-9350-1091dac2c37b/resourceGroups/dev-rg/providers/Microsoft.Network/virtualNetworks/dev-vnet/subnets/db-subnet"

              - name           = "db-subnet"

              - security_group = ""

            },

        ] -> null

      - tags                  = {} -> null

      - vm_protection_enabled = false -> null

    }

Plan: 0 to add, 0 to change, 3 to destroy.

Do you really want to destroy all resources?

  Terraform will destroy all your managed infrastructure, as shown above.

  There is no undo. Only 'yes' will be accepted to confirm.

  Enter a value: yes

azurerm_subnet.dev-app-subnet: Destroying... [id=/subscriptions/cdc85617-7bc1-49b9-9350-1091dac2c37b/resourceGroups/dev-rg/providers/Microsoft.Network/virtualNetworks/dev-vnet/subnets/db-subnet]

azurerm_subnet.dev-app-subnet: Still destroying... [id=/subscriptions/cdc85617-7bc1-49b9-9350-...ualNetworks/dev-vnet/subnets/db-subnet, 10s elapsed]

azurerm_subnet.dev-app-subnet: Destruction complete after 10s

azurerm_virtual_network.dev-vnet: Destroying... [id=/subscriptions/cdc85617-7bc1-49b9-9350-1091dac2c37b/resourceGroups/dev-rg/providers/Microsoft.Network/virtualNetworks/dev-vnet]

azurerm_virtual_network.dev-vnet: Still destroying... [id=/subscriptions/cdc85617-7bc1-49b9-9350-...osoft.Network/virtualNetworks/dev-vnet, 10s elapsed]

azurerm_virtual_network.dev-vnet: Destruction complete after 11s

azurerm_resource_group.dev-rg: Destroying... [id=/subscriptions/cdc85617-7bc1-49b9-9350-1091dac2c37b/resourceGroups/dev-rg]

azurerm_resource_group.dev-rg: Still destroying... [id=/subscriptions/cdc85617-7bc1-49b9-9350-1091dac2c37b/resourceGroups/dev-rg, 10s elapsed]

azurerm_resource_group.dev-rg: Still destroying... [id=/subscriptions/cdc85617-7bc1-49b9-9350-1091dac2c37b/resourceGroups/dev-rg, 20s elapsed]

azurerm_resource_group.dev-rg: Still destroying... [id=/subscriptions/cdc85617-7bc1-49b9-9350-1091dac2c37b/resourceGroups/dev-rg, 30s elapsed]

azurerm_resource_group.dev-rg: Still destroying... [id=/subscriptions/cdc85617-7bc1-49b9-9350-1091dac2c37b/resourceGroups/dev-rg, 40s elapsed]

azurerm_resource_group.dev-rg: Destruction complete after 45s

Destroy complete! Resources: 3 destroyed.

How to Install terraform on Ubuntu:

 How to install terraform on Ubuntu:

samshaik@shaikprod:~$ sudo apt-get install terraform
[sudo] password for samshaik:
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Unable to locate package terraform


Add the terraform provider's key:
samshaik@shaikprod:~$ curl -fsSL https://apt.releases.hashicorp.com/gpg | sudo apt-key add -
OK

Add the terraform provider's repo on your debian/Ubuntu repos:

samshaik@shaikprod:~$ sudo apt-add-repository "deb [arch=$(dpkg --print-architecture)] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
Get:1 https://apt.releases.hashicorp.com bionic InRelease [4421 B]
Get:2 http://security.ubuntu.com/ubuntu bionic-security InRelease [88.7 kB]
Hit:3 https://packages.microsoft.com/repos/azure-cli bionic InRelease
Hit:4 http://archive.ubuntu.com/ubuntu bionic InRelease
Get:5 http://archive.ubuntu.com/ubuntu bionic-updates InRelease [88.7 kB]
Get:6 https://apt.releases.hashicorp.com bionic/main amd64 Packages [22.2 kB]
Get:7 http://archive.ubuntu.com/ubuntu bionic-backports InRelease [74.6 kB]
Get:8 http://security.ubuntu.com/ubuntu bionic-security/main amd64 Packages [1696 kB]
Get:9 http://archive.ubuntu.com/ubuntu bionic-updates/main amd64 Packages [2039 kB]
Get:10 http://security.ubuntu.com/ubuntu bionic-security/universe amd64 Packages [1124 kB]
Get:11 http://archive.ubuntu.com/ubuntu bionic-updates/universe amd64 Packages [1733 kB]
Fetched 6871 kB in 13s (523 kB/s)
Reading package lists... Done

Now install the package:

samshaik@shaikprod:~$ sudo apt-get install terraform
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following NEW packages will be installed:
  terraform
0 upgraded, 1 newly installed, 0 to remove and 183 not upgraded.
Need to get 32.6 MB of archives.
After this operation, 79.6 MB of additional disk space will be used.
Get:1 https://apt.releases.hashicorp.com bionic/main amd64 terraform amd64 0.15.0 [32.6 MB]
Fetched 32.6 MB in 2s (15.0 MB/s)
Selecting previously unselected package terraform.
(Reading database ... 78062 files and directories currently installed.)
Preparing to unpack .../terraform_0.15.0_amd64.deb ...
Unpacking terraform (0.15.0) ...

Setting up terraform (0.15.0) ...

Verify the version:

samshaik@shaikprod:~$ terraform -v
Terraform v0.15.0
on linux_amd64