Error using azurerm_network_service_tags address_prefixes with azurerm_network_security_rule source

I am trying to use the azurerm_network_service_tags.address_prefixes as source for the azurerm_network_security_rule. Because the nsg accepts only the address family classless inter-domain routing (CIDR) block (, for example) and the address_prefixes returns IP v6 addresses as well the nsg rule assignment fails with error -
*Original Error: Code=“ResourceCannotContainAddressPrefixesFromDifferentAddressFamilies” *

  • Inbound contains IP addresses or prefixes that belong to different address families. All IP addresses or prefixes in the resource should belong to the same address family.*
data "azurerm_network_service_tags" "example" {
  location        = "westcentralus"
  service         = "AzureKeyVault"
  location_filter = "northeurope"

resource "azurerm_network_security_rule" "example" {
  name                        = "test123"
  priority                    = 100
  direction                   = "Outbound"
  access                      = "Allow"
  protocol                    = "Tcp"
  source_port_range           = "*"
  destination_port_range      = "*"
  source_address_prefix       = data.azurerm_network_service_tags.example.address_prefixes
  destination_address_prefix  = "*"
  resource_group_name         =
  network_security_group_name =

Is there any way I can filter only CIDR address types from the terraform data azurerm_network_service_tags ?