I have been using Terraform for a few months in a continuous delivery pipeline to automatically deploy Azure Function apps. One of the apps requires accessing an on-prem database that is well-protected due to the sensitive nature of the data it contains. There are a couple of ways to facilitate this connection - VNet Integration and Hybrid Connections. We have been using hybrid connections.
There are multiple apps that need to access this database and each app is provisioned and deployed through its own continuous delivery pipeline. The way Terraform works is that each pipeline has its own state file that tracks the resources created and updated for each run. Ideally, you want all the resources required for an application to be managed by the same pipeline. However, from a security standpoint, we do not want a hole through the firewall for each of the apps.
Therefore, there is only one hybrid connection, and it is managed separately from the pipelines. Terraform makes it
simple to declare a resource and then refer to it elsewhere in the configuration. You can view an example of this
process in the documentation for the
Our pipeline needs to refer to a hybrid connection that is provisioned separately, however.
It turns out that the
azurerm_function_app_hybrid_connection is still the correct declarative statement to use. I just
need to determine the correct value for the
relay_id argument, since I cannot point to a relay that was created in the
same pipeline. How do you find the ID of the relay? The documentation for this argument is sparse, to say the least.
To save you some trouble, Terraform is not expecting a database ID or GUID, instead it is expecting a resource ID. Each
resource in Azure has an ID that looks similar to a URL. Sometimes the resources have a “JSON View” link in the Overview
tab where you can find the resource ID. However, Microsoft also correlated the URLs in Azure with the resource IDs. If
you go to the resource in Azure and look at the URL, the resource ID is most everything after
resource. For example
with the URL of
the resource ID is
overview at the end of the URL is not part of the resource ID. Another gotcha I encountered with this method
of finding the resource ID for terraform is that the URL uses
hybridconnections while the resource ID should actually