Share via

vnet network peering between different tenants failing through terraform

Ben Magriso 0 Reputation points
2025-02-17T15:23:10.39+00:00

Hi,

I am trying to do VNET Peering between two different tenants.

I am using azure service principle to do it, the user has all the appropriate permissions (Owner/Network Contributor).

From az cli with the command "az network vnet peering create"

its working well.

From terraform, i am getting the following error:

**unexpected status 403 (403 Forbidden) with error: LinkedAuthorizationFailed: The client has permission to perform action 'Microsoft.Network/virtualNetworks/peer/action' on scope 'VNET_RESOURCE_ID/virtualNetworkPeerings/AUDC-Domain-services-To-umptest-vnet-eu', however the current tenant **** is not authorized to access linked subscription **.

in my terraform code I have two providers defined with the subscription and tenant for each resource of vnet I am creating.

this is the terraform code:

resource "azurerm_virtual_network_peering" "peering1" {
  name                      = "PEERING1"
  resource_group_name       = var.resource_group
  virtual_network_name      = var.vnet_name
  remote_virtual_network_id = "/subscriptions/${var.remote_subscription}/resourceGroups/${var.remote_rg}/providers/Microsoft.Network/virtualNetworks/${var.remote_vnet}"
  allow_virtual_network_access = true
  provider = azurerm.primary
}

resource "azurerm_virtual_network_peering" "peering2" {
  name                      = "peering2"
  resource_group_name       = var.remote_rg
  virtual_network_name      = var.remote_vnet
  remote_virtual_network_id = var.vnet_id
  allow_virtual_network_access = true
  provider = azurerm.secondary
}
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,647 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Praveen Bandaru 515 Reputation points Microsoft Vendor
    2025-02-19T13:34:48.36+00:00

    Hello Ben Magriso

    Greetings!

    • To set up VNET peering between two different Azure tenants using Terraform, ensure the service principal has the required permissions in both tenants and that your Terraform configuration is correct.
    • The error message indicates that the service principal lacks authorization to access the linked subscription in the other tenant.
    • In both tenants, the service principal should have at least the Network Contributor role.
    • Please verify that the subscription IDs and tenant IDs are correct in your provider configurations and ensure that the service principal has access to the appropriate subscriptions.

    Check the below reference docs:

    Virtual network peering - different subscriptions and Microsoft Entra tenants.

    https://learn.microsoft.com/en-us/azure/virtual-network/virtual-network-manage-peering?tabs=peering-portal#requirements-and-constraints

    Hope the above answer helps!

    Please let us know do you have any further queries.

    Please do consider to “up-vote” wherever the information provided helps you, this can be beneficial to other community members.

    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.