### Terraform Version ```shell 1.7.5 ``` ### Terraform Configuration Files ```terraform data "azurerm_resources" "not_to_lock_with_tag" { resource_group_name = var.context.resource_group_name required_tags = { resource_lock = false } } data "azurerm_resources" "not_to_lock_vm_extensions" { resource_group_name = var.context.resource_group_name type = "Microsoft.Compute/virtualMachines/extensions" } data "azurerm_resources" "not_to_lock_snapshots" { resource_group_name = var.context.resource_group_name type = "Microsoft.Compute/snapshots" } data "azurerm_resources" "disks" { resource_group_name = var.context.resource_group_name type = "Microsoft.Compute/disks" } data "azurerm_resources" "not_to_lock_agents_container_instances" { resource_group_name = var.context.resource_group_name type = "Microsoft.ContainerInstance/containerGroups" required_tags = { role = "agent" } } data "azurerm_resources" "all" { resource_group_name = var.context.resource_group_name } locals { osdisks = [for v in data.azurerm_resources.disks.resources : v if endswith(v.name, "-osdisk")] # naive way. resources_to_exclude = setunion( toset(data.azurerm_resources.not_to_lock_with_tag.resources), toset(data.azurerm_resources.not_to_lock_vm_extensions.resources), toset(data.azurerm_resources.not_to_lock_snapshots.resources), toset(data.azurerm_resources.not_to_lock_agents_container_instances.resources), toset(local.osdisks) ) resources_to_lock_list = setsubtract( toset(data.azurerm_resources.all.resources), local.resources_to_exclude ) resources_to_lock_map = zipmap(local.resources_to_lock_list[*].name, local.resources_to_lock_list[*]) } resource "azurerm_management_lock" "this" { for_each = local.resources_to_lock_map name = "terraform-lock" scope = each.value.id lock_level = "CanNotDelete" notes = "Managed by terraform" } ``` ### Debug Output ``` │ ╵ ╷ │ Error: retrieving Scoped Lock (Scope: "/subscriptions/012eefdf-3bcf-49e9-84fd-7e3c8b0c18ec/resourceGroups/ProdWE-G/providers/Microsoft.Network/networkInterfaces/WE-G-AZCP-SP-NIC" │ Lock Name: "terraform-lock"): Get "[https://management.azure.com/subscriptions/012eefdf-3bcf-49e9-84fd-7e3c8b0c18ec/resourceGroups/ProdWE-G/providers/Microsoft.Network/networkInterfaces/WE-G-AZCP-SP-NIC/providers/Microsoft.Authorization/locks/terraform-lock?api-version=2020-05-01"](https://management.azure.com/subscriptions/012eefdf-3bcf-49e9-84fd-7e3c8b0c18ec/resourceGroups/ProdWE-G/providers/Microsoft.Network/networkInterfaces/WE-G-AZCP-SP-NIC/providers/Microsoft.Authorization/locks/terraform-lock?api-version=2020-05-01%22): dial tcp 4.150.241.10:443: connect: connection timed out │ │ with module.resource-lock.azurerm_management_lock.this["WE-G-AZCP-SP-NIC"], │ on .terraform/modules/resource-lock/main.tf line 52, in resource "azurerm_management_lock" "this": │ 52: resource "azurerm_management_lock" "this" { │ ╵ ╷ │ Error: retrieving Scoped Lock (Scope: "/subscriptions/012eefdf-3bcf-49e9-84fd-7e3c8b0c18ec/resourceGroups/ProdWE-G/providers/Microsoft.Compute/disks/WE-G-ROUTE05_lun_0_2_eea04a122c3f4df0aa2de7528c76d4d3" │ Lock Name: "terraform-lock"): Get "[https://management.azure.com/subscriptions/012eefdf-3bcf-49e9-84fd-7e3c8b0c18ec/resourceGroups/ProdWE-G/providers/Microsoft.Compute/disks/WE-G-ROUTE05_lun_0_2_eea04a122c3f4df0aa2de7528c76d4d3/providers/Microsoft.Authorization/locks/terraform-lock?api-version=2020-05-01"](https://management.azure.com/subscriptions/012eefdf-3bcf-49e9-84fd-7e3c8b0c18ec/resourceGroups/ProdWE-G/providers/Microsoft.Compute/disks/WE-G-ROUTE05_lun_0_2_eea04a122c3f4df0aa2de7528c76d4d3/providers/Microsoft.Authorization/locks/terraform-lock?api-version=2020-05-01%22): dial tcp 4.150.241.10:443: connect: connection timed out │ │ with module.resource-lock.azurerm_management_lock.this["WE-G-ROUTE05_lun_0_2_eea04a122c3f4df0aa2de7528c76d4d3"], │ on .terraform/modules/resource-lock/main.tf line 52, in resource "azurerm_management_lock" "this": │ 52: resource "azurerm_management_lock" "this" { │ ╵ ╷ │ Error: retrieving Scoped Lock (Scope: "/subscriptions/012eefdf-3bcf-49e9-84fd-7e3c8b0c18ec/resourceGroups/ProdWE-G/providers/Microsoft.Compute/disks/WE-G-PG-VLA02-SWAP1" │ Lock Name: "terraform-lock"): Get "[https://management.azure.com/subscriptions/012eefdf-3bcf-49e9-84fd-7e3c8b0c18ec/resourceGroups/ProdWE-G/providers/Microsoft.Compute/disks/WE-G-PG-VLA02-SWAP1/providers/Microsoft.Authorization/locks/terraform-lock?api-version=2020-05-01"](https://management.azure.com/subscriptions/012eefdf-3bcf-49e9-84fd-7e3c8b0c18ec/resourceGroups/ProdWE-G/providers/Microsoft.Compute/disks/WE-G-PG-VLA02-SWAP1/providers/Microsoft.Authorization/locks/terraform-lock?api-version=2020-05-01%22): dial tcp 4.150.241.10:443: connect: connection timed out │ │ with module.resource-lock.azurerm_management_lock.this["WE-G-PG-VLA02-SWAP1"], │ on .terraform/modules/resource-lock/main.tf line 52, in resource "azurerm_management_lock" "this": │ 52: resource "azurerm_management_lock" "this" { │ ╵ ``` ### Expected Behavior This Terraform code comes from a module we use, and it works as intended. It retrieves all resources within a specific Azure resource group, checks for the presence of a particular tag, and then applies a resource lock based on that condition. ### Actual Behavior However, sometimes the Terraform plan times out because it can't reach certain Azure public IPs to retrieve resource information. I previously contacted Azure Support, but they indicated that this is likely a Terraform related issue. Has anyone else experienced this? I’d really appreciate any insights or hints about what might be going on. Many thanks! ### Steps to Reproduce 1. terraform init 2. Call the code pasted above as a module 3. terraform plan ### Additional Context _No response_ ### References _No response_ ### Generative AI / LLM assisted development? _No response_