Loading source
Pulling the file list, source metadata, and syntax-aware rendering for this listing.
Source from repo
Validate Azure configurations, ARM/Bicep templates, and resource settings before deployment
Files
Skill
Size
Entrypoint
Format
Open file
Syntax-highlighted preview of this file as included in the skill package.
references/recipes/terraform/errors.md
1# Terraform Validation Errors2| Error | Fix |4|-------|-----|5| `Backend init failed` | Check storage account access |6| `Provider version conflict` | Update required_providers |7| `State lock failed` | Wait or force unlock |8| `Validation failed` | Check terraform validate output |9| `Error: Cycle:` | See [Cycle Errors](#cycle-errors) below |10## Cycle Errors12`terraform validate` reports a cycle when two or more resources reference each other's attributes, creating a circular dependency.14### Common Pattern: CORS Cross-Reference16Multi-service App Service deployments often introduce a cycle when the API's CORS configuration references the frontend hostname and the frontend's app settings reference the API hostname:18```20Error: Cycle: azurerm_linux_web_app.frontend, azurerm_linux_web_app.api21```22**Cause — circular attribute references:**24```hcl26# API references frontend.default_hostname in CORS27resource "azurerm_linux_web_app" "api" {28site_config {29cors {30allowed_origins = ["https://${azurerm_linux_web_app.frontend.default_hostname}"]31}32}33}34# Frontend references api.default_hostname in app_settings36resource "azurerm_linux_web_app" "frontend" {37app_settings = {38API_URL = "https://${azurerm_linux_web_app.api.default_hostname}"39}40}41```42### Fix Strategies44**Option A (recommended):** Use a Terraform variable for the frontend origin so CORS is restrictive by default and the cycle is broken. Define the variable with a sensible default and pass the real frontend URL after the first deployment:46```hcl48variable "frontend_origin" {49type = string50description = "Frontend origin for API CORS. Set after first deployment."51default = ""52}53resource "azurerm_linux_web_app" "api" {55site_config {56cors {57allowed_origins = var.frontend_origin != "" ? [var.frontend_origin] : ["*"]58support_credentials = var.frontend_origin != "" ? true : false59}60}61}62```63> ⚠️ **Warning:** If using `["*"]` as a temporary bootstrap value, you **must** set `frontend_origin` to the actual URL (e.g., `https://app-web-*.azurewebsites.net`) and re-run `terraform apply` in the same deployment session before reporting success. Do not leave wildcard CORS in a completed deployment.65**Option B:** Use `azurerm_app_service_custom_hostname_binding` or a `null_resource` with a `local-exec` provisioner to configure CORS after both resources are created, breaking the dependency chain.67**Option C:** Use `lifecycle { ignore_changes = [site_config[0].cors] }` on the API resource and configure CORS via a separate `azurerm_web_app_active_slot` or post-deployment script.69### After Fixing711. Run `terraform fmt -recursive` to fix formatting732. Re-run `terraform validate` to confirm the cycle is resolved743. Run `terraform plan` to verify the configuration is correct75## Debug77```bash79TF_LOG=DEBUG terraform plan80```81