azureterraformazure-virtual-networknetwork-security-groupsterraform-provider-azure

Terraform Azure network security

I'm trying to configure a network security rule for a network security group in Azure via Terraform with multiple source addresses.

Based on the documentation https://www.terraform.io/docs/providers/azurerm/r/network_security_rule.html

However, I'm not able to get this to work nor can I find any examples for it:

https://www.terraform.io/docs/providers/azurerm/r/network_security_rule.html#source_address_prefixes

I get the Error:

Error: azurerm_network_security_rule.test0: "source_address_prefix": required field is not set Error: azurerm_network_security_rule.test0: : invalid or unknown key: source_address_prefixes

Here is my sample:

resource "azurerm_network_security_rule" "test0" {
name = "RDP"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
destination_port_range = "3389"
source_address_prefixes = "{200.160.200.30,200.160.200.60}"
destination_address_prefix = "VirtualNetwork"
network_security_group_name= "${azurerm_network_security_group.test.name}"
resource_group_name = "${azurerm_resource_group.test.name}"
}

Please let me know.

Thanks!

Solution

  • source_address_prefixes needs list of source address prefixes.

    Modify it as below:

    source_address_prefixes = ["200.160.200.30","200.160.200.60"]

    There also a mistake in azurerm_network_security_group.test.name, the correct type is azurerm_network_security_group.test0.name. The following tf file works for me.

    resource "azurerm_resource_group" "test0" {
  name     = "shuinsg"
  location = "West US"
}

resource "azurerm_network_security_group" "test0" {
  name                = "shuinsgtest"
  location            = "${azurerm_resource_group.test0.location}"
  resource_group_name = "${azurerm_resource_group.test0.name}"
}


resource "azurerm_network_security_rule" "test0" {
name = "RDP"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
destination_port_range = "3389"
source_address_prefixes = ["200.160.200.30","200.160.200.60"]
destination_address_prefix = "VirtualNetwork"
network_security_group_name= "${azurerm_network_security_group.test0.name}"
resource_group_name = "${azurerm_resource_group.test0.name}"
}

    Here is my test result.

    enter image description here