Greetings,
I’m getting an error “already exists - to be managed via Terraform this resource needs to be imported into the State” when running terraform to create a Subnet with an NSG and a Route Table. The error is on the azurerm_subnet_network_security_group_association that I’m unable to figure out. It seems like it’s losing the state of the subnet so when the association is getting created it fails. The subnet is being created during the same run (new resources).
Error: A resource with the ID "/subscriptions/<sub>/resourceGroups/myapp-example-test/providers/Microsoft.Network/virtualNetworks/vnet-example-acc-wus2-01/subnets/snet-example-acc-wus2-01" already exists - to be managed via Terraform this resource needs to be imported into the State. Please see the resource documentation for "azurerm_subnet_network_security_group_association" for more information.
on modules/network_security_rule/main.tf line 15, in resource "azurerm_subnet_network_security_group_association" "sg_association":
15: resource "azurerm_subnet_network_security_group_association" "sg_association" {
modules/subnet/main.tf
resource "azurerm_subnet" "subnet" {
name = var.subnet_name
resource_group_name = var.rg_name
virtual_network_name = var.vnet_name
address_prefixes = var.address_space
}
modules/subnet/outputs.tf
output "subnet_id" {
value = azurerm_subnet.subnet.id
}
modules/network_security_rule/main.tf
resource "azurerm_network_security_rule" "security_rule" {
name = var.rule_name
priority = var.priority
direction = var.direction
access = var.access
protocol = var.protocol
source_port_range = var.source_port_range
destination_port_range = var.destination_port_range
source_address_prefixes = var.source_address_prefixes
destination_address_prefixes= var.destination_address_prefixes
resource_group_name = var.resource_group_name
network_security_group_name = var.network_security_group_name
}
resource "azurerm_subnet_network_security_group_association" "sg_association" {
subnet_id = var.subnet_id
network_security_group_id = var.network_security_group_id
}
main.tf
data "azurerm_client_config" "current" {}
resource "azurerm_resource_group" "example-app" {
name = var.rg_name
location = var.location
}
module "virtual_network" {
source = "./modules/virtual_network"
vnet_name = var.vnet_name
address_space = var.vnet_address_space
location = var.location
rg_name = var.rg_name
depends_on = [
azurerm_resource_group.example-app,
]
}
module "gateway_subnet" {
source = "./modules/subnet"
vnet_name = module.virtual_network.vnet_name
subnet_name = var.gateway_subnet_name
rg_name = var.rg_name
address_space = var.gateway_address_space
depends_on = [
module.virtual_network,
]
}
...
module "gateway_subnet_security_group" {
source = "./modules/network_security_group"
nsg_name = var.gateway_subnet_sg_name
location = var.location
rg_name = var.rg_name
subnet_id = module.gateway_subnet.subnet_id
standard_tags = var.standard_tags
depends_on = [
module.gateway_subnet,
]
}
...
module "allow_gateway_security_rule" {
source = "./modules/network_security_rule"
rule_name = var.inbound_gw_rule_name
priority = var.inbound_gw_priority
direction = var.inbound_gw_direction
access = var.inbound_gw_access
protocol = var.inbound_gw_protocol
source_port_range = var.inbound_gw_source_port_range
destination_port_range = var.inbound_gw_destination_port_range
source_address_prefixes = var.inbound_gw_source_address_prefixes
destination_address_prefixes= var.inbound_gw_destination_address_prefixes
resource_group_name = var.rg_name
network_security_group_name = var.gateway_subnet_sg_name
subnet_id = module.gateway_subnet.subnet_id
network_security_group_id = module.gateway_subnet_security_group.nsg_id
depends_on = [
module.gateway_subnet,
module.web_subnet_security_group,
]
}
...