Reputation: 3198
Terraform: how to implement Application Security Groups in Azure RM
Problem
I discovered that I can integrate Application Security Groups (ASG) into a Network Interface when using the azurestack resource provider, but I cannot do so when using the azurerm resource provider.
My Understanding
I do not understand why I cannot. I actually do not understand the difference between Azure Stack and Azure RM. This article suggests that Azure Stack is for hybrid deployments and Azure RM (or Azure Provider) is for pure cloud deployments.
All the previous work that I and other colleagues have done has been with azurerm. I would prefer to stick with azurerm if I could. Or, if possible, I would like to "mix and match" azurerm and azurestack, using azurestack only when I have to, like in this case. But I'd really like to know why some things are only possible with one provider, since they both should have the same offering, with respect to pure Azure services.
Any Ideas?
Ultimately, though, I am just trying to solve the problem of attaching a network interface to a VM, where the NIC has associated ASGs. I would like to do this with azurerm if possible. I can do it with azurestack, as long as azurestack is compatible with other services launched through azurerm.
Upvotes: 1
Views: 1114
Answers (1)
Reputation: 2522
There is no need to use azurestack to associate NIC with ASGs
Terraform provider azurerm has resource called azurerm_network_interface_application_security_group_association
You just need to create ASG and associate it with NIC.
Example:
resource "azurerm_resource_group" "example" {
name = "example-resources"
location = "West Europe"
}
resource "azurerm_virtual_network" "example" {
name = "example-network"
address_space = ["10.0.0.0/16"]
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
}
resource "azurerm_subnet" "example" {
name = "internal"
resource_group_name = azurerm_resource_group.example.name
virtual_network_name = azurerm_virtual_network.example.name
address_prefixes = ["10.0.1.0/24"]
}
resource "azurerm_application_security_group" "example" {
name = "example-asg"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
}
resource "azurerm_network_interface" "example" {
name = "example-nic"
location = azurerm_resource_group.example.location
resource_group_name = azurerm_resource_group.example.name
ip_configuration {
name = "testconfiguration1"
subnet_id = azurerm_subnet.example.id
private_ip_address_allocation = "Dynamic"
}
}
resource "azurerm_network_interface_application_security_group_association" "example" {
network_interface_id = azurerm_network_interface.example.id
application_security_group_id = azurerm_application_security_group.example.id
}
Upvotes: 1
Related Questions
- Azure webapp security group access
- Assign a managed identity access to an application role using Terraform
- How to attach a security group to aws instance in terraform
- azure with terraform multiple rules for security group
- Terraform for aws security group create with name prefix
- Terraform AWS Security group self reference
- implementing Azure Application Security Group using Terraform
- Securing a "tiered" application in Azure
- Terraform Azure network security
- terraform application_security_group_ids invalid or unknown key