I am trying to create a NSG in Azure with Terraform.
Terraform Version is v0.15.2 with provider version azurerm v2.61.0
Here's the piece of code in my TF file.
resource "azurerm_network_security_group" "nsg" {
name = "SG"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
security_rule = [{
access = "Allow"
description = "SSH Rule"
destination_address_prefix = "*"
destination_address_prefixes = ["*"]
destination_port_range = "*"
destination_port_ranges = ["22"]
direction = "Inbound"
name = "SSH Rule"
priority = 100
protocol = "Tcp"
source_address_prefix = "*"
source_address_prefixes = ["*"]
source_port_range = "22"
source_port_ranges = ["22"]
source_application_security_group_ids = [""]
destination_application_security_group_ids = [""]
}]
}
Now when I run terraform plan & terraform apply, I get the expected output as:
* only one of "source_port_range" and "source_port_ranges" can be used per security rule
* only one of "destination_port_range" and "destination_port_ranges" can be used per security rule
* only one of "source_address_prefix" and "source_address_prefixes" can be used per security rule
* only one of "destination_address_prefix" and "destination_address_prefixes" can be used per security rule
Now when I keep only source_port_range, destination_port_range, source_address_prefix, destination_address_prefix fields & run terraform plan again, it gives me following error:
Inappropriate value for attribute "security_rule": element 0: attributes "destination_address_prefixes",
│ "destination_port_ranges", "source_address_prefixes", and "source_port_ranges" are required.
If I add those & remove the earlier ones, I get:
│ Inappropriate value for attribute "security_rule": element 0: attributes "destination_address_prefix", "destination_port_range",
│ "source_address_prefix", and "source_port_range" are required.
Why is this happening & how to get around with this issue?
Update
Took into consideration the point mentioned in the comment & made few changes to get it working.
Points to note:
- Even when it's mentioned Optional in the doc, Terraform needs all the keys in the security_rule block.
- Also, it doesn't allow Source/destination address_prefixes = ["*"] like this. Source/Destination address_prefix did the job.
- And where values are not mentioned, [] is expected instead of [""]
resource "azurerm_network_security_group" "nsg" {
name = "SG"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
security_rule = [{
access = "Allow"
description = "SSH Rule"
destination_address_prefix = "*"
destination_address_prefixes = []
destination_port_range = ""
destination_port_ranges = ["22"]
direction = "Inbound"
name = "SSH Rule"
priority = 100
protocol = "Tcp"
source_address_prefix = "*"
source_address_prefixes = []
source_port_range = "*"
source_port_ranges = []
source_application_security_group_ids = []
destination_application_security_group_ids = []
}]
}
