Cyborganizer
Reputation: 227
Associate the NSG with the subnet
I am confused as how to associate the NSG with the subnet within my configuration.
Created a data and azurerm_subnet_network_security_group_association block but I'm sure the config is not correct.
Is someone able to review my code and give me some guidance. Thanks
app1-data.tf
data "azurerm_subnet" "subnet_data" {
name = var.subnet_name
virtual_network_name = var.net_name
resource_group_name = var.resource_group_name
}
app1-networking_nsgs.tf
module "nsg-app1" {
source = "[email protected]:*/*"
nsg_name = var.nsg_name
resource_group_name = var.resource_group_name
location = var.location
nsg_security_rules = var.nsg_security_rules
}
# Associate the NSG with the subnet
resource "azurerm_subnet_network_security_group_association" "subnet_association" {
# subnet_id = var.subnet_id
subnet_id = data.azurerm_subnet.subnet_data.subnet.id
network_security_group_id = data.azurerm_network_security_group.nsg_data.id
# network_security_group_id = data.azurerm_network_security_group.nsg_data[0].id
}
module-subnet-main.tf
# Create the Subnet
resource "azurerm_subnet" "subnet" {
name = var.subnet_names
resource_group_name = var.resource_group_name
virtual_network_name = var.vnet_name
address_prefixes = var.subnet_cidr_list
}
module-subnet-outputs.tf
output "subnet_name" {
description = "Name of the created subnet"
value = azurerm_subnet.subnet.name
}
output "subnet_id" {
value = azurerm_subnet.subnet.id
}
output "subnet_cidr_list" {
value = azurerm_subnet.subnet.address_prefixes
}
module-subnet-variables.tf
variable "subnet_names" {
type = string
}
variable "resource_group_name" {
type = string
description = "name of resource group"
}
variable "subnet_cidr_list" {
type = list(any)
description = "Address prefixes of Subnet"
}
variable "vnet_name" {
type = string
description = "Name of Virtual Network"
}
module-nsg-main.tf
resource "azurerm_network_security_group" "nsg" {
name = var.nsg_name
resource_group_name = var.resource_group_name
location = var.location
# tags = var.tags
dynamic "security_rule" {
for_each = var.nsg_security_rules
content {
name = lookup(security_rule.value, "name", null)
priority = lookup(security_rule.value, "priority", null)
direction = lookup(security_rule.value, "direction", null)
access = lookup(security_rule.value, "access", null)
protocol = lookup(security_rule.value, "protocol", null)
source_port_range = lookup(security_rule.value, "source_port_range", null)
source_port_ranges = lookup(security_rule.value, "source_port_ranges", null)
destination_port_range = lookup(security_rule.value, "destination_port_range", null)
destination_port_ranges = lookup(security_rule.value, "destination_port_ranges", null)
source_address_prefix = lookup(security_rule.value, "source_address_prefix", null)
source_address_prefixes = lookup(security_rule.value, "source_address_prefixes", null)
destination_address_prefix = lookup(security_rule.value, "destination_address_prefix", null)
destination_address_prefixes = lookup(security_rule.value, "destination_address_prefixes", null)
source_application_security_group_ids = lookup(security_rule.value, "source_application_security_group_ids ", null)
destination_application_security_group_ids = lookup(security_rule.value, "destination_application_security_group_ids ", null)
}
}
}
module-nsg-outputs.tf
output "nsg_id" {
description = "The ID of the newly created Network Security Group"
value = azurerm_network_security_group.nsg.id
}
output "nsg_name" {
description = "The name of the new NSG"
value = azurerm_network_security_group.nsg.name
}
module-nsg-variables.tf
variable "resource_group_name" {
description = "description"
type = string
}
variable "location" {
description = "description"
type = string
# default = "West Europe"
}
variable "nsg_name" {
description = "description"
type = string
}
variable "nsg_security_rules" {
description = "A list of security rules to add to the security group. Each rule should be a map of values to add. See the Readme.md file for further details."
type = list(object({
name = string
priority = number
direction = string
access = string
protocol = string
source_port_range = string
destination_port_range = string
source_address_prefix = string
destination_address_prefix = string
}))
}
❯ terraform plan -var-file=dev.tfvars
Error: Unsupported attribute
│
│ on networking_nsgs.tf line 19, in resource "azurerm_subnet_network_security_group_association" "subnet_association":
│ 19: subnet_id = data.azurerm_subnet.subnet_data.subnet.id
│
│ This object has no argument, nested block, or exported attribute named "subnet".
╵
╷
│ Error: Reference to undeclared resource
│
│ on networking_nsgs.tf line 20, in resource "azurerm_subnet_network_security_group_association" "subnet_association":
│ 20: network_security_group_id = azurerm_network_security_group.nsg.id
│
│ A managed resource "azurerm_network_security_group" "nsg" has not been declared in the root module.
Upvotes: 1
Views: 1514
Answers (1)
Related Questions
- Adding service endpoints as part of subnet variables in network module in terraform
- Referencing a created subnet and associate it with a given EIP for a NLB (aws provider)
- Azure Subnet NSG Association using Terraform
- Unsupported argument .An argument named “subnet_id” is not expected here
- Terraform cidrsubnet function
- connect monitoring to ns1 record via terraform
- How to refer newly created subnets to another modules in terraforn azure
- How to deal with Terraform destroy operation when azure policy requires NSG on all subnets?
- How to create a NSG to an existing subnet with terraform on azure
- Terraform retrieve CIDR/Prefix from existing VNETs/subnets