I would like to allow traffic through a NSG from all local subnets (not including peered subnets). As I only have one address space, it seems like the most direct way to do this would be to use the address_space of the VNET as the source_address_prefix of the security rule.
resource "azurerm_resource_group" "west01-rg" {
name = "west01-rg"
location = "West US"
}
resource "azurerm_virtual_network" "virtual-network" {
name = "west01-vnet"
location = "${azurerm_resource_group.west01-rg.location}"
resource_group_name = "${azurerm_resource_group.west01-rg.name}"
address_space = ["10.10.20.0/21"]
}
resource "azurerm_subnet" "servers-subnet" {
name = "ServersNet"
resource_group_name = "${azurerm_resource_group.west01-rg.name}"
virtual_network_name = "${azurerm_virtual_network.virtual-network.name}"
address_prefix = "10.10.20.0/24"
}
resource "azurerm_network_security_group" "dc-nsg" {
name = "dc-nsg"
location = "${azurerm_resource_group.west01-rg.location}"
resource_group_name = "${azurerm_resource_group.west01-rg.name}"
security_rule {
name = "AllowCidrSubnet"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "*"
source_port_range = "*"
destination_port_range = "*"
source_address_prefix = "${azurerm_virtual_network.virtual-network.address_space}"
destination_address_prefix = "*"
}
tags {
environment = "Testing"
}
}
Per the documentation, this value can be in CIDR notation. However, my example above results in the error
Error: azurerm_network_security_group.dc: security_rule.0.source_address_prefix must be a single value, not a list
If I switch to source_address_prefixes, which should accept a list, I get this error
Error: azurerm_network_security_group.dcx: security_rule.0.source_address_prefixes: should be a list
So it seems the value is both a list and not a list. Should this work? Or should I be going about it a different way?
- Terraform v0.11.11
- provider.azurerm v1.21.0
