Before we start, names can be confusing, so let's make sure that we are on the same page. By resource locks I mean the locks that lock Azure resources to prevent their modification or deletion. Depending on what Azure client you use, you might also know them as
Recently, the team and I encountered weird networking behavior on Azure which just baffled us. We are developing a platform based on Azure's Hub & Spoke Network Topology reference architecture and are using the Azure Firewall as central routing component to route traffic from spoke to spoke. A simplified architecture diagram would look somewhat like this:
With this networking setup, we were able to establish connectivity...
I've seen the error CannotRemoveRuleUsedByProbeUsedByVMSS quite a few times now in my Terraform logs, but I've never came around to care enough to actually look into it. Instead, I acknowledged that likely some dependencies are not set up right, shrugged it off and nuked and rebuilt the whole infrastructure, because that was way faster than having to dive into yet another Azure Terraform problem. It was a problem for the future. Well, the future is now.
Some background information on what we're dealing with here. We are operating a Virtual Machine Scale Set that runs a mission-critial ingress for our large-scale IT platform (we had used Azure Application Gateway before, but its limitations made us decide to rather build something on our own). In front of that Scale Set is an Azure Load Balancer, with Load Balancing rules configured for every protocol and port we have a backend service for. Updates to the list of backend services in