Reputation: 1361
Use in terraform azurerm_app_service.outbound_ip_addresses in azurerm_app_service.ip_restriction
I have two azurerm_app_service. The first
resource "azurerm_app_service" "first" {
name = "${local.webAppFirstCloudName}"
location = "${azurerm_resource_group.rg.location}"
resource_group_name = "${azurerm_resource_group.rg.name}"
app_service_plan_id = "${azurerm_app_service_plan.plan.id}"
...
the above web app is reachable over the internet with a public ip.
The second is as well reachable over the internet with a public ip. But here I would like to set the ip address of the first webapp. So the second one is only reachable fort the first webapp.
Here is the description:
resource "azurerm_app_service" "second" {
name = "${local.webAppSecondCloudName}"
location = "${azurerm_resource_group.rg.location}"
resource_group_name = "${azurerm_resource_group.rg.name}"
app_service_plan_id = "${azurerm_app_service_plan.plan.id}"
tags = {
ApplicationName = "${var.applicationName}"
BU-CostCenter = "${var.buCostCenter}"
CostCenter = "${var.costCenter}"
ProjectNumber = "${var.projectNumber}"
Requester = "${var.requester}"
Environment = "${var.environment}"
Owner = "${var.owner}"
}
site_config {
scm_type = "LocalGit"
linux_fx_version = "JAVA|8-jre8"
ip_restriction = "${split(",", azurerm_app_service.webAppLsgCloud.outbound_ip_addresses)}"
}
app_settings = {
JAVA_OPTS = "-Xmx2G -Dspring.profiles.active=${var.stage} -Djava.net.preferIPOv4Stack=true -Dserver.port=80 -Dazure.cosmosdb.key=${azurerm_cosmosdb_account.db.primary_master_key} -Dazure.cosmosdb.uri=${azurerm_cosmosdb_account.db.endpoint} -Dazure.storage.account-name=${azurerm_storage_account.storage.name} -Dazure.storage.account-key=${azurerm_storage_account.storage.primary_access_key}"
WEBSITE_HTTPLOGGING_RETENTION_DAYS = "7"
}
}
after enter
PS C:\workspaces\intellij\terraform> terraform plan -var-file="cloud.dev.tfvars" -out=execution-plan
Acquiring state lock. This may take a few moments...
Error: azurerm_app_service.second: site_config.0.ip_restriction: should be a list
Anyone an idea how to transfer the list to a proper restriction format?
Upvotes: 0
Views: 1335
Answers (1)
Reputation: 1267
ip_restriction is a subblock in it's own right, see https://www.terraform.io/docs/providers/azurerm/r/app_service.html#ip_restriction
to use it correctly in terraform you would have something like
site_config {
scm_type = "LocalGit"
linux_fx_version = "JAVA|8-jre8"
ip_restriction {
ip_address = azurerm_app_service.webAppLsgCloud.outbound_ip_addresses
}
}
However, since webAppLsgCloud.outbound_ip_addresses is a list of addresses have either to use a set of blocks or as of terraform v0.12.0 use a dynamic block, something like:
site_config {
scm_type = "LocalGit"
linux_fx_version = "JAVA|8-jre8"
dynamic "ip_restriction" {
for_each = azurerm_app_service.webAppLsgCloud.outbound_ip_addresses
content {
ip_address = cidrhost(ip_restriction.value,0)
subnet_mask = cidrmask(ip_restriction.value)
}
}
}
Upvotes: 2
Related Questions
- How do you validate IP addresses in Terraform?
- Terraform Azure App Service - ip_restrictions
- Get inbound ip adress from azurerm_windows_web_app in Terraform
- Terraform/GCP, how to create a firewall rule to deny all traffic without specify IP ranges?
- Get a list of possible outbound ip addresses in terraform
- Dynamic Priority change when adding multiple IP Restriction for App Services on Azure using terraform
- azurerm_network_security_rule with variable source_address_prefix
- Terraform public ip output on Azure
- How to create Multiple IP addresses with terraform which are not in reserved IP address range?
- What is a valid ip range?