Share via

Error when creating a virtual endpoint on postgresql

Maddy 25 Reputation points
2026-04-01T09:25:58.9533333+00:00 
plan. Resource actions are indicated with the following symbols:
  + create
Terraform will perform the following actions:
  # module.postgresql.azapi_resource_action.virtual_endpoint will be created
  + resource "azapi_resource_action" "virtual_endpoint" {
      + action                 = "virtualendpoints/xxxxxx
      + body                   = {
          + Properties = {
              + EndpointType = "ReadWrite"
              + Members      = [
                  + "xxxxxxxxx",
                ]
            }
        }
      + exist                  = (known after apply)
      + id                     = (known after apply)
      + method                 = "PUT"
      + output                 = (known after apply)
      + resource_id            = "/subscriptions/xxxxxxxxxxxxxxx
      + response_export_values = [
          + "*",
        ]
      + sensitive_output       = (sensitive value)
      + type                   = "Microsoft.DBForPostgreSql/flexibleServers@2023-06-01-preview"
      + when                   = "apply"
    }
Plan: 1 to add, 0 to change, 0 to destroy.

When running my terraform plan I am getting:

│ RESPONSE 200: 200 OK
│ ERROR CODE: VirtualEndpointNotExists
│ --------------------------------------------------------------------------------
│ {
│   "name": "b90473b8-0caa-4c64-b305-7e39065d36bb",
│   "status": "Failed",
│   "startTime": "2026-04-01T08:30:13.367Z",
│   "error": {
│     "code": "VirtualEndpointNotExists",
│     "message": "Virtual endpoint xxxxx do not exists."
│   }
│ }

When I try add a virtual endpoint (with another name) through the ui I am getting:

error":{"code":"VirtualEndpointTypeLimit","message":"Server has 1 virtual endpoint of type ReadWrite. More than 1 virtual endpoints are not allowed of type ReadWrite"}}

Its looks like there may be a "ghost" virtual endpoint attached to my postgres server.

Please help.

Azure Database for PostgreSQL
Answer accepted by question author
  1. Saraswathi Devadula 15,515 Reputation points Microsoft External Staff Moderator
    2026-04-01T10:28:56.09+00:00

    Hello **Maddy

    **You can see the existing virtual endpoints of your Azure PostgreSQL flexible server by running the az postgres flexible-server virtual-endpoint list command.

    Because only one pair of virtual endpoints is allowed per replication set.

    az postgres flexible-server virtual-endpoint list --resource-group "" --server-name ""

    https://learn.microsoft.com/en-us/cli/azure/postgres/flexible-server/virtual-endpoint?view=azure-cli-latest#az-postgres-flexible-server-virtual-endpoint-list

    If the endpoint is not in use, please delete the endpoint using the below cli command.

    az postgres flexible-server virtual-endpoint delete --resource-group testGroup --server-name testserver --name test-virtual-endpoint

    https://learn.microsoft.com/en-us/cli/azure/postgres/flexible-server/virtual-endpoint?view=azure-cli-latest#az-postgres-flexible-server-virtual-endpoint-delete

    Also, I request you to please share your available time to connect, so that I can connect and address the issue.

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2026-04-01T09:26:16.5933333+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The PostgreSQL flexible server already has a ReadWrite virtual endpoint, and the current Terraform/AzAPI call is trying to create another one instead of managing the existing resource.

    From the platform behavior and error messages:

    • VirtualEndpointNotExists is returned because the virtualendpoints/cdp-warehouse-36075-eu resource name being targeted by the action does not exist yet.
    • The portal error VirtualEndpointTypeLimit confirms there is already one ReadWrite virtual endpoint on this server, and only a single ReadWrite endpoint is allowed per server.

    Key constraints from the resource definition:

    • endpointType is restricted to 'ReadWrite'.
    • Only one virtual endpoint of type ReadWrite is allowed per server.
    • The virtual endpoint is a child resource of the flexible server: Microsoft.DBforPostgreSQL/flexibleServers/virtualendpoints.

    To resolve:

    1. Discover the existing virtual endpoint
      • Use ARM/Bicep/CLI to list the child virtualendpoints resources under the server:
        • Resource type: Microsoft.DBforPostgreSQL/flexibleServers/virtualendpoints
        • Parent: /subscriptions/.../resourceGroups/cdp-common-weu/providers/Microsoft.DBforPostgreSQL/flexibleServers/cdp-warehouse-36075
      • Identify the existing virtual endpoint name and its properties.
    2. Decide whether to reuse or remove it
      • If the existing endpoint is valid and should be used, update Terraform to manage that existing resource instead of creating a new one:
        • Use the discovered virtual endpoint name in the action path (e.g. virtualendpoints/<existing-name>).
        • Ensure the body matches the schema: properties.endpointType = 'ReadWrite' and properties.members = ["cdp-warehouse-36075"] (property names are case-sensitive in ARM/Bicep: endpointType, members).
      • If the existing endpoint is a true “ghost” (or misconfigured) and should be removed, delete it via ARM/CLI/Portal first, then re-run Terraform to create a new one.
    3. Align with the ARM schema
      • The Bicep/ARM schema for this resource is:
        • Type: Microsoft.DBforPostgreSQL/flexibleServers/virtualendpoints
        • Properties object: properties with:
          • endpointType: 'ReadWrite'
          • members: string[]
      • Adjust the Terraform AzAPI body to match this structure and casing, for example:
        • body = jsonencode({ properties = { endpointType = "ReadWrite"; members = ["cdp-warehouse-36075"] } })

    Once the existing virtual endpoint is either managed or removed, the VirtualEndpointTypeLimit error will stop, and the VirtualEndpointNotExists error will be resolved by targeting a valid resource name.

    References:

    0 comments

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.