Bug: PublicIpWithBasicSkuNotAllowedOnVPNGateways" Message="Basic IP configuration for VPN Virtual Network Gateways is not supported.

[Raphael-kainos]

Is there an existing issue for this?

• I have searched the existing issues

Bootstrap or Starter Module Deployment? (Required)

bootstrap

ALZ-PowerShell-Module Version (Required)

2.0.2

alz-terraform-accelerator Version (Required)

2.0.2

Starter Module (Required)

complete

Input arguments of the ALZ-PowerShell-Module (Required)

{
  "allow_storage_access_from_my_ip": "false",
  "apply_approvers": "xxx",
  "bootstrap_location": "uksouth",
  "bootstrap_subscription_id": "xxxxxx",
  "environment_name": "mgmt",
  "github_organization_name": "SONIAK-ORG",
  "github_personal_access_token": "xxx",
  "github_runners_personal_access_token":  "xxx",
  "postfix_number": "1",
  "service_name": "alz",
  "use_private_networking": "true",
  "use_self_hosted_runners": "true",
  "use_separate_repository_for_workflow_templates": "true"
}




{
  "configuration_file_path": "/Users/xxxxxxx/Desktop/config-hub-spk-2.yaml",
  "default_location": "uksouth",
  "default_postfix": "1",
  "root_parent_management_group_id": "xxx",
  "subscription_id_connectivity": "xxx",
  "subscription_id_identity": "xxx",
  "subscription_id_management":"xxx"
}

Contents of the configuration file used for the complete starter module. (Optional)

# This file contains templated variables to avoid repeating the same hard-coded values.
# Templated variables are denoted by the dollar curly braces token. The following details each templated variable that you can use:
# `default_location`: This is an Azure location sourced from the `default_location` variable. This can be used to set the location of resources.
# `root_parent_management_group_id`: This is the id of the management group that the ALZ hierarchy will be nested under.
# `subscription_id_identity`: The subscription ID of the subscription to deploy the identity resources to, sourced from the variable `subscription_id_identity`.
# `subscription_id_connectivity`: The subscription ID of the subscription to deploy the connectivity resources to, sourced from the variable `subscription_id_connectivity`.
# `subscription_id_management`: The subscription ID of the subscription to deploy the management resources to, sourced from the variable `subscription_id_management`.
---
archetypes: # `caf-enterprise-scale` module, add inputs as listed on the module registry where necessary.
  root_name: soniak
  root_id: soniak-alz
  subscription_id_connectivity: ${subscription_id_connectivity}
  subscription_id_identity: ${subscription_id_identity}
  subscription_id_management: ${subscription_id_management}
  root_parent_id: ${root_parent_management_group_id}
  deploy_corp_landing_zones: true
  deploy_online_landing_zones: true
  default_location: ${default_location}
  disable_telemetry: true
  deploy_management_resources: true
  configure_management_resources:
    location: ${default_location}
    settings:
      security_center:
        config:
          email_security_contact: "security_contact@replace_me"
    advanced:
      asc_export_resource_group_name: rg-asc-export
      custom_settings_by_resource_type:
        azurerm_resource_group:
          management:
            name: rg-management
        azurerm_log_analytics_workspace:
          management:
            name: log-management
        azurerm_automation_account:
          management:
            name: aa-management

connectivity:
  hubnetworking: # `hubnetworking` module, add inputs as listed on the module registry where necessary.
    hub_virtual_networks:
      primary:
        name: vnet-hub-uks
        resource_group_name: rg-connectivity-alz-uks
        location: ${default_location}
        address_space:
          - 10.0.0.0/16
        firewall:
          name: fw-hub
          sku_name: AZFW_VNet
          sku_tier: Standard
          subnet_address_prefix: 10.0.0.0/24
        mesh_peering_enabled: true
        virtual_network_gateway: # `vnet-gateway` module, add inputs as listed on the module registry where necessary.
          name: vgw-hub-uks
          sku: VpnGw1
          type: Vpn
          subnet_address_prefix: 10.0.2.0/24
      secondary:
        name: vnet-hub-ukw
        resource_group_name: rg-connectivity-alz-ukw
        location: ${default_location}
        address_space:
          - 10.1.0.0/16
        firewall:
          name: fw-hub
          sku_name: AZFW_VNet
          sku_tier: Standard
          subnet_address_prefix: 10.1.0.0/24
        mesh_peering_enabled: true
        virtual_network_gateway: # `vnet-gateway` module, add inputs as listed on the module registry where necessary.
          name: vgw-hub-uks
          sku: VpnGw1
          type: Vpn
          subnet_address_prefix: 10.1.2.0/24

Debug Output/Panic Output (Optional)

No response

Expected Behaviour (Required)

{
"configuration_file_path": "/Users/xxxxxxx/Desktop/config-hub-spk-2.yaml",
"default_location": "uksouth",
"default_postfix": "1",
"root_parent_management_group_id": "xxxxxxx",
"subscription_id_connectivity": "xxxxxxx",
"subscription_id_identity": "xxxxxxx",
"subscription_id_management": "xxxxxxx"
}

Actual Behaviour (Required)

When continuous delivery workflow is ran I get the error below, vgw-hub-ukw (secondary hub as per the configuration file) deploys with the vpn but primary vgw-hub-uks give this error.

Error: Creating/Updating Virtual Network Gateway: (Name "vgw-hub-uks" / Resource Group "rg-connectivity-alz-uks"): network.VirtualNetworkGatewaysClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="PublicIpWithBasicSkuNotAllowedOnVPNGateways" Message="Basic IP configuration for VPN Virtual Network Gateways is not supported. Follow the link for more details : https://go.microsoft.com/fwlink/p/?linkid=2241350 /subscriptions/xxxxxxxx/resourceGroups/rg-connectivity-alz-uks/providers/Microsoft.Network/virtualNetworkGateways/vgw-hub-uks" Details=[]

Steps to Reproduce (Optional)

No response

Important Factoids (Optional)

No response

References (Optional)

No response

[jaredfholgate]

Hi. Apologies for the slow response here. This is a known issue with the upstream alz module. We'll take care of it there and it will feed down to here: Azure/terraform-azurerm-caf-enterprise-scale#920