My plan is to allow the protocols ICMP and TCP on the same security rule but I'm having problems related the "attribute value typ"
My Terraform code:
resource "azurerm_network_security_group" "example" {
name = "01-tf-SG"
location = azurerm_resource_group.main.location
resource_group_name = azurerm_resource_group.main.name
security_rule {
name = "test123"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = **["Icmp", "Tcp"]** ---> iT FAILS!!!
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "172.16.25.10/32"
destination_address_prefix = "10.0.1.10/32"
}
I didn't find any example in terraform repo: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/network_security_rule
Be able to use multiple protocols on the same security rule protocol field.
CodePudding user response:
As Mark B listed in his answer, you cannot provide a list for protocol. However you could use a dynamic block so it would create the two rules without having to define them both individually duplicating the code
resource "azurerm_network_security_group" "example" {
name = "01-tf-SG"
location = azurerm_resource_group.main.location
resource_group_name = azurerm_resource_group.main.name
dynamic "security_rule" {
for_each = toset("Icmp", "Tcp")
content {
name = "test123"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = security_rule.value
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "172.16.25.10/32"
destination_address_prefix = "10.0.1.10/32"
}
}
}
CodePudding user response:
The protocol attribute doesn't accept a list. You would either need to create two security rules, or use * for the protocol.
CodePudding user response:
Thanks @chris Doyle. Your solution is the most efficient.
Just note that you forgot the [ ] into toset function. So the final code would be:
resource "azurerm_network_security_group" "example" {
name = "01-tf-SG"
location = azurerm_resource_group.main.location
resource_group_name = azurerm_resource_group.main.name
dynamic "security_rule" {
for_each = toset(["Icmp", "Tcp"])
content {
name = "test123"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = security_rule.value
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "172.16.25.10/32"
destination_address_prefix = "10.0.1.10/32"
}
}
}Result:
# azurerm_network_security_group.example will be created
resource "azurerm_network_security_group" "example" {
id = (known after apply)
location = "westeurope"
name = "01-tf-SG"
resource_group_name = "RG_AZ_Terraform"
security_rule = [
{
access = "Allow"
description = ""
destination_address_prefix = "10.0.1.10/32"
destination_address_prefixes = []
destination_application_security_group_ids = []
destination_port_range = "*"
destination_port_ranges = []
direction = "Inbound"
name = "test123"
priority = 100
protocol = "Icmp"
source_address_prefix = "172.16.25.10/32"
source_address_prefixes = []
source_application_security_group_ids = []
source_port_range = "*"
source_port_ranges = []
},
{
access = "Allow"
description = ""
destination_address_prefix = "10.0.1.10/32"
destination_address_prefixes = []
destination_application_security_group_ids = []
destination_port_range = "*"
destination_port_ranges = []
direction = "Inbound"
name = "test123"
priority = 100
protocol = "Tcp"
source_address_prefix = "172.16.25.10/32"
source_address_prefixes = []
source_application_security_group_ids = []
source_port_range = "*"
source_port_ranges = []
},
]
}