Azure Terraform NSG rule creation ERROR for DestinationAddressPrefix/DestinationAddressPrefixes as "AzureMonitor"

EDITED NEW POST TO ADD MORE CLARIFICATION:

In current architecture we run ansible playbook (infrastructure.yml) to deploy infrastructure in Azure. We are ABLE TO CREATE resources with no problems including many other NSG rules.

With new NSG rule, our terraform run fails with following information below:

I have Azurerm version as:

provider "azurerm" {
  version = "2.58.0"
  ...

Terraform version:

Terraform v0.13.4

I am able to create same rule through Azure CLI command as following:

az network nsg rule create -g 'MyGroup' --nsg-name 'MyNSG' -n 'AllowAzureMonitorOutbound' --priority 1200 --source-address-prefixes "*" --destination-address-prefixes AzureMonitor --destination-port-ranges 443  --direction Outbound --access Allow --protocol Tcp --description "AzureMonitor rule CLI creation."

But I am getting this ERROR while creating an NSG rule through Terraform :

**-- Original Error: Code="SecurityRuleParameterContainsUnsupportedValue" Message="Security rule parameter DestinationAddressPrefix for rule with Id /subscriptions/XXXXXXXXXXXXXX/resourceGroups/MyGroup/providers/Microsoft.Network/networkSecurityGroups/UMyNSG/securityRules/AllowAzureMonitorOutbound cannot specify existing VIRTUALNETWORK, INTERNET, AZURELOADBALANCER, '*' or system tags. Unsupported value used: AzureMonitor."** 

<------------- Code and HashicoVault values--------------->

The code snip for terraform:

resource "azurerm_network_security_group" "prx" {
  name                = "${var.prx_hosts.name}-NSG"
  resource_group_name = azurerm_resource_group.MYPROJECT.name
  location            = var.location
  dynamic "security_rule" {
    for_each = var.prx_hosts.security_group.rules
    content {
      name                         = security_rule.value.name
      description                  = security_rule.value.description
      access                       = security_rule.value.access
      direction                    = security_rule.value.direction
      protocol                     = security_rule.value.protocol
      priority                     = security_rule.value.priority
      source_address_prefix        = security_rule.value.source_address_prefixes == ["any"] ? "*" : null
      source_address_prefixes      = security_rule.value.source_address_prefixes == ["any"] ? null : tolist(security_rule.value.source_address_prefixes)
      destination_address_prefix   = security_rule.value.destination_address_prefixes == ["any"] ? "*" : null
      destination_address_prefixes = security_rule.value.destination_address_prefixes == ["any"] ? null : tolist(security_rule.value.destination_address_prefixes)
      source_port_range            = security_rule.value.source_port_ranges == ["any"] ? "*" : null
      source_port_ranges           = security_rule.value.source_port_ranges == ["any"] ? null : tolist(security_rule.value.source_port_ranges)
      destination_port_range       = security_rule.value.destination_port_ranges == ["any"] ? "*" : null
      destination_port_ranges      = security_rule.value.destination_port_ranges == ["any"] ? null : tolist(security_rule.value.destination_port_ranges)
    }
  }
}

The HashicoVault values we pass to terraform like:

        "security_group": {
          "name": "MY_PROJECT_NAME",
          "rules": [
            {
              "access": "allow",
              "description": "AzureMonitor rule CLI creation.",
              "destination_address_prefixes": ["AzureMonitor"],
              "destination_port_ranges": [
                443
              ],
              "direction": "Outbound",
              "name": "AllowAzureMonitorOutbound",
              "priority": 100,
              "protocol": "TCP",
              "source_address_prefixes": [
                "any"
              ],
              "source_port_ranges": [
                "any"
              ]
            }
          ]
        }