Error using azurerm_network_service_tags address_prefixes with azurerm_network_security_rule source

premaarya · July 9, 2021, 4:37am

I am trying to use the azurerm_network_service_tags.address_prefixes as source for the azurerm_network_security_rule. Because the nsg accepts only the address family classless inter-domain routing (CIDR) block (10.0.0.0/24, for example) and the address_prefixes returns IP v6 addresses as well the nsg rule assignment fails with error -
*Original Error: Code=“ResourceCannotContainAddressPrefixesFromDifferentAddressFamilies” *

Inbound contains IP addresses or prefixes that belong to different address families. All IP addresses or prefixes in the resource should belong to the same address family.*

data "azurerm_network_service_tags" "example" {
  location        = "westcentralus"
  service         = "AzureKeyVault"
  location_filter = "northeurope"
}

resource "azurerm_network_security_rule" "example" {
  name                        = "test123"
  priority                    = 100
  direction                   = "Outbound"
  access                      = "Allow"
  protocol                    = "Tcp"
  source_port_range           = "*"
  destination_port_range      = "*"
  source_address_prefix       = data.azurerm_network_service_tags.example.address_prefixes
  destination_address_prefix  = "*"
  resource_group_name         = azurerm_resource_group.example.name
  network_security_group_name = azurerm_network_security_group.example.name
}

Is there any way I can filter only CIDR address types from the terraform data azurerm_network_service_tags ?

UrbanovichA · June 28, 2023, 8:14am

Hi
Im not sure, that its actual, but next worked for me:
data “azurerm_network_service_tags” “AzureCloud_eastus2” {
location = “eastus2”
service = “AzureCloud”
location_filter = “eastus2”
}

output “ipv4_cidrs” {
value = data.azurerm_network_service_tags.AzureCloud_eastus2.ipv4_cidrs
}

output “ipv6_cidrs” {
value = data.azurerm_network_service_tags.AzureCloud_eastus2.ipv6_cidrs
}

and for two NSG rules ive used next:
source_address_prefixes = data.azurerm_network_service_tags.AzureCloud_eastus2.ipv4_cidrs

source_address_prefixes = data.azurerm_network_service_tags.AzureCloud_eastus2.ipv6_cidrs

so it was created 2 nsg rules with addr prefixes from sevice tags like from weekly file from MS

Topic		Replies	Views
Azure RM Network Security Tags: what can they be? Terraform azure	1	584	May 10, 2021
Multiple address prefixes in network security group Azure	3	9068	May 15, 2022
Azurerm_subnet wont work with policy Terraform azure	0	499	May 25, 2022
Using multiple subnet exports in source_address_prefixes in network security group rules Azure	0	566	January 13, 2022
IP address does not belong to the range of subnet prefix Azure	0	586	February 28, 2022

Error using azurerm_network_service_tags address_prefixes with azurerm_network_security_rule source

Related topics