right now I am creating a Terraform script to setup an application gateway, aks, nsg etc...

I am in need to setup an inbound rule within my nsg to allow all traffic from my application gateway ip address to my back end vnet.

The public ip address is created when the application gateway is configured. Is there a way to output this IP address and use it as a variable for a inbound rule on my nsg?

CodePudding user response：

I assume the name of the IP address is predictable (in your case you're defining it as a static IP). Terraform output sometimes doesn't get the IP address because it takes longer to actually get provisioned. Terraform public IP address block allows exporting of the IP address using the ip_address attribute.

Static IP

If using a static IP address you can actually just do:

destination_address_prefix = azurerm_public_ip.myagw_pip.ip_address

Dynamic IP

If you're using a dynamic IP address you could just use a data source to get the IP address and then parse it to your NSG rule:

data "azurerm_public_ip" "agw_pip" {
  name                = azurerm_public_ip.myagw_pip.name
  resource_group_name = azurerm_public_ip.myagw_pip.resource_group_name
}

I'm referencing the values of name and resource_group_name from the resource object just so Terraform sets an implicit dependency between them. That way it will query the IP address after it gets created.

After that you need to configure your NSG to something like:

destination_address_prefix = data.azurerm_public_ip.pip