Share via

Cannot add an external subnet to my API management

maxime 20 Reputation points
2025-02-23T14:04:29.11+00:00

I am trying to add a subnet to my API management via Terraform but I get the following error. From what I understand, a VMSS resource from another resource group that is not mine is blocking me from adding an external subnet. I also tried to do it via portal but it didn't work either.

I also pasted my terraform resources below the error.

│ Error: creating/updating Service (Subscription: "my-sub-id" │ Resource Group Name: "abo-dev" │ Service Name: "abo-apim-dev"): polling after Update: polling failed: the Azure API returned the following error: │  │ Status: "UpdateApiServiceFailed" │ Code: "" │ Message: "Resource /subscriptions/1a789875-5d29-4ddb-8bf9-1e830ed9ade6/resourceGroups/ABO-APIM-DEV-ZRKABDTO94F9DOO4MNEBLJGXKCHOOXFA8ZGLH/providers/Microsoft.Compute/virtualMachineScaleSets/gwhost/updateGroups/d9cf4551-c830-4ae3-b372-3043713b104a/networkInterfaceConfigurations/gwhost-nic/ipConfigurations/gwhost-ipConfig cannot be created in or updated to use the subnet /subscriptions/my-sub-id/resourceGroups/abo-dev/providers/Microsoft.Network/virtualNetworks/abo-vnet-dev/subnets/abo-apim_subnet-dev since it has delegation(s) [Microsoft.ApiManagement/service: /subscriptions/my-sub-id/resourceGroups/abo-dev/providers/Microsoft.Network/virtualNetworks/abo-vnet-dev/subnets/abo-apim_subnet-dev/delegations/apiGatewayDelegation] to external services." │ Activity Id: "" │  │ --- │  │ API Response: │  │ ----[start]---- │ {"status":"Failed","error":{"code":"UpdateApiServiceFailed","message":"Resource /subscriptions/1a789875-5d29-4ddb-8bf9-1e830ed9ade6/resourceGroups/ABO-APIM-DEV-ZRKABDTO94F9DOO4MNEBLJGXKCHOOXFA8ZGLH/providers/Microsoft.Compute/virtualMachineScaleSets/gwhost/updateGroups/d9cf4551-c830-4ae3-b372-3043713b104a/networkInterfaceConfigurations/gwhost-nic/ipConfigurations/gwhost-ipConfig cannot be created in or updated to use the subnet /subscriptions/my-sub-id/resourceGroups/abo-dev/providers/Microsoft.Network/virtualNetworks/abo-vnet-dev/subnets/abo-apim_subnet-dev since it has delegation(s) [Microsoft.ApiManagement/service: /subscriptions/my-sub-id/resourceGroups/abo-dev/providers/Microsoft.Network/virtualNetworks/abo-vnet-dev/subnets/abo-apim_subnet-dev/delegations/apiGatewayDelegation] to external services."}} │ -----[end]----- │  │  │   with module.api_management.azurerm_api_management.api_mgmt, │   on modules/api_management/main.tf line 1, in resource "azurerm_api_management" "api_mgmt": │    1: resource "azurerm_api_management" "api_mgmt" {
																		




																																																							

resource "azurerm_subnet" "apim_subnet" {
  count = 1
  name                 = "${var.client}-apim_subnet-${var.environment}"
  resource_group_name  = var.resource_group_name
  virtual_network_name = azurerm_virtual_network.vnet.name
  address_prefixes     = [cidrsubnet(var.cidr_vnet[0], 8, count.index + 1)]

  delegation {
    name = "apiGatewayDelegation"
    service_delegation {
      name = "Microsoft.ApiManagement/service"
      actions = ["Microsoft.Network/virtualNetworks/subnets/join/action", "Microsoft.Network/virtualNetworks/subnets/prepareNetworkPolicies/action"]
    }
  }
}



resource "azurerm_api_management" "api_mgmt" {
  name                = "${var.client}-apim-${var.environment}"
  location            = var.location
  resource_group_name = var.resource_group_name
  publisher_name      = var.client
  publisher_email     = "******@ab.com"
  sku_name            = lookup(var.api_sku_sizes, var.environment, "Developer_1")
  virtual_network_type= "External"
  virtual_network_configuration {
    subnet_id = var.new_apim_subnet_id
  }

  tags = {
    client      = var.client
    environment = var.environment
    source      = "terraform"
  }
}
Azure API Management
Azure API Management
An Azure service that provides a hybrid, multi-cloud management platform for APIs.
2,312 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Loknathsatyasaivarma Mahali 630 Reputation points Microsoft Vendor
    2025-02-24T07:34:31.6666667+00:00

    Hello maxime,

    Welcome to the Microsoft Q&A Platform! Thank you for asking your question here.

     As from the above details and the backend logs it is clear that you are facing an issue while you are adding the subnet. If you are having the existing Internal Vnet in that try to create an new Subnet and add the NSG RULES(Please add all Inbound and Outbound Rules as mentioned in the document) and add the Service endpoint and after doing that make sure to click the Apply Network Configuration (Note it will take 45Min to take changes).

    For your convivence refer the below screenshot.

    Add the new Subnetimage (13) As informed above create the NSG Rules and add that NSG in the Subnet as shown below

    image (14)

    After that from the same window scroll down and add the Service endpoint that are highlighted in the image.

    image (15) After adding that above NSG Rules and Service endpoints, in API Management add the subnet and click on save and click the Apply Network configuration as shown below
    image (16) I hope the above provided information will make you understand better and solve your concern if you have any further concerns or queries, please feel free to reach to us.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.