Dynamic Priority change when adding multiple IP Restriction for App Services on Azure using terraform
I'm looking a solution for changing the priority on a dynamic "ip_restriction" the code that I use is
variable "ip_address_list" {
type = list
default = ["20.20.20.3/32" , "10.10.10.2/32"]
}
site_config {
dynamic "ip_restriction" {
for_each = var.ip_address_list
content {
ip_address = cidrhost(ip_restriction.value, 0)
action = "Allow"
priority = 100
}
}
When using this code I got the following output
- ip_restriction= [
- {
- action= "Allow"
- headers= (known after apply)
- ip_address= "20.20.20.3"
- name= (known after apply)
- priority= 100
- service_tag= null
- virtual_network_subnet_id = null },
- {
- action= "Allow"
- headers= (known after apply)
- ip_address= "10.10.10.2"
- name= (known after apply)
- priority= 100
- service_tag= null
- virtual_network_subnet_id = null }, ]
Solution
You can use something like this:
locals {
ip_address_list = [
{
ip_add : "20.20.20.3/32",
prior : "100"
},
{
ip_add : "10.10.10.2/32",
prior : "101"
}
]
}
and then
site_config {
dynamic "ip_restriction" {
for_each = local.ip_address_list
content {
ip_address = ip_restriction.value["ip_add"]
action = "Allow"
priority = ip_restriction.value["prior"]
}
}
Output:
Note: Instead of declaring the variables you can declare the locals as given above and then use the site config block provided above.
Update: As per this Github issue @martinjt commented that it expects ipadd/32 as the subnet mask is not included in new versions . So, changed the above code by removing the cidrhost and did a apply it got deployed successfully.
Error: with cidrhost
After removing the cidrhost
- AWS Terraform Multiple deployments to single apigateway stage
- AWS Batch: Activating Previous Revisions marked as inactive
- How can I invalidate AWS CloudFront Distribution cache using Terraform?
- Terraform version error when deploying to AWS through jenkins?
- Unable to push image to ACR from terraform - could not get auth config (the credentialhelper did not work or was not found):
- Create kubernetes secret for docker registry - Terraform
- Lambda layer's contents don’t match the S3 object after deploying with Terraform
- how to refer to resources created with for_each in terraform
- How can we create same resource in multiple terraform providers?
- what is the privilege of the Postgres user created by gcp
- Why does terraformer not find plugin?
- How are data sources used in Terraform?
- Terraform docker_image Resource Fails With "invalid response status 403"
- Terraform Deployment of ECS Targets Failing
- Terraform retrieve existing aws_vpc object by id
- How to create a module for gitlab_user_runner and use the token every time a new runner is created in root
- What is the meaning of "authoritative" and "Non-authoritative" for GCP IAM bindings/members
- Azurerm: KeyVault Nested Item should contain 2 or 3 segments, got 10
- How can we split a terraform module into multiple modules
- Automate express route circuit gateway based on express route circuit provision status
- How to subdivide CIDR subnet in Terraform with cidrsubnet Function?
- Terraform AWS EKS add or edit nodes user_data
- Tofu/Terraform Docker provider error: failed to read downloaded context: failed to load cache key: Get "http://build-context-xxx": context not found
- Terraform AWS OpenSearch using Cognito module circular problem
- With Terraform, when using resource `aws_iam_access_key` and output to retrieve the secret key the result retrieved is "tostring(null)"
- Invalid template interpolation value
- Create cloudwatch scheduled expression based on a variable - expected expression but found "*"
- Concatenate a string with a variable
- Variables within variables
- Filter specific values in a list