@tall-librarian-49374 (since you seem to be the Network expert 😄 ), I am back to square one with creating this Azure Front Door. What I previously thought was working turned out not to during testing. The relationship between the Front Door and the Rules Engine is circular. I was able to create both resources but not add the association between them. I have tried numerous combinations of creating the objects, applying

DependsOn

and using ARM IDs, but nothing appears to work. (example output below) Have you ever successfully created a Front Door and Rules engine or have advice on how to achieve this? It would be easy if I could create one, then update the other, but ComponentResources appear to be immutable once created.

Diagnostics:
  azure-native:network:RulesEngine (mnurulesdev):
    error: Code="ResourceNotFound" Message="The Resource 'Microsoft.Network/frontdoors/mnuorderdoordev' under resource group 'mnuedgedev' was not found. For more details please go to <https://aka.ms/ARMResourceNotFoundFix>"

  azure-native:network:FrontDoor (mnuorderdoordev):
    error: Code="BadRequest" Message="A resource reference was invalid: \"Routing rule RoutingRules contains an invalid reference to RulesEngine: \"/subscriptions/a2a556e1-0404-4b5d-b60d-a230044f4ff8/resourceGroups/mnuedgedev/providers/Microsoft.Network/frontDoors/mnuorderdoordev/rulesEngines/mnurulesdev\"\""

Unfortunately, I am definitely not a Network expert 🙈

okay, maybe you've come across circular dependencies before?

This is the same issue I came across last week, there isn't a way to resolve this in Pulumi, or in ARM templates, the FD API is pretty bad. What I had to do was run a step after I deploy FD calling the Azure SDK to to link the rules engine to the route

I don’t have a solution that doesn’t involve multiple updates with code changes in between

I'd be happy to do a blog post, will try and do that this week. I know the new version of Front Door, with the CDN integrated which is in preview now is supposed to improve the deployment experience to hopefully this will resolve it

Oh that’s good news. Any pointers?

This is the new version - https://docs.microsoft.com/en-us/azure/frontdoor/standard-premium/ not had time to look into it much yet

I read that a couple of days ago, but couldn't see much difference. Premium has better "threat intelliegence" which is opaque at best, but other than that their the same (but one is more expensive)

Interesting, their example for that preview versions is using Microsoft.Cdn and no network/frontdoor https://github.com/Azure/azure-quickstart-templates/tree/master/201-front-door-standard-premium-app-service-public

The main difference is that it has broken out the FD components into separate top level items, such as "type": "Microsoft.Cdn/profiles/afdEndpoints/routes",

ah, I thought standard was what we had already

Those AFD resources are already in the provider if you want to give them a try https://www.pulumi.com/docs/reference/pkg/azure-native/cdn/

Damn I was about to hit this very same issue then, I thought its gonna be a breeze to put FD in front of our n clusters and let it do its job. 'subscribing' to this thread :C