I am trying to create a few Azure resources like VNET, Subnet and an NSG. I am making use of for_each meta argument to create multiple subnets and NSG’s. But, I am not able to figure out how to associate them using “azurerm_subnet_network_security_group_association”. I am creating the output of subnet id’s and NSG id’s as a map, but I am not able to figure out how to create a association between subnet ID and NSG ID. For ex: I have a subnet created called “public_subnet” and I want to associate “public_nsg” to public subnet and likewise for private. For now, I just want the assignment to be driven by just the names.
child module main.tf:
resource "azurerm_virtual_network" "vnet" {
name = format("%s-%s-vnet", var.owner_custom, var.purpose_custom)
location = var.location
resource_group_name = format("rg-%s-%s", var.owner_custom, var.purpose_custom)
address_space = var.address_space
}
resource "azurerm_subnet" "subnet" {
for_each = var.subnets
name = each.value["name"]
address_prefixes = each.value["address_space"]
resource_group_name = format("rg-%s-%s", var.owner_custom, var.purpose_custom)
virtual_network_name = azurerm_virtual_network.vnet.name
}
resource "azurerm_network_security_group" "nsg" {
for_each = var.nsg
name = each.value["name"]
location = var.location
resource_group_name = format("rg-%s-%s", var.owner_custom, var.purpose_custom)
}
resource "azurerm_subnet_network_security_group_association" "nsg_association" {
subnet_id = #need help here
network_security_group_id = #need help here
}
child module variables.tf:
variable "owner_custom" {
description = "Short name of owner"
}
variable "purpose_custom" {
description = "Custom purpose"
}
variable "location" {
description = "Location where resource is to be created"
}
variable "address_space" {
type = list
description = "VNET CIDR Range"
}
variable "subnets" {
description = "A map to create multiple subnets"
type = map(object({
name = string
address_space = list(string)
}))
}
variable "nsg" {
description = "A map of NSGs"
type = map(object({
name = string
}))
}
child module output.tf:
output "vnet_id" {
value = azurerm_virtual_network.vnet.id
}
output "subnet_id" {
value = tomap({
for k, s in azurerm_subnet.subnet : k => s.id
})
}
output "nsg_id" {
value = tomap({
for k,s in azurerm_network_security_group.nsg: k => s.id
})
}
tfvars:
#Referenced common across modules
owner_custom = "raghav"
purpose_custom = "demo"
#Referenced in resource-group module
owner = "test@test.com"
purpose = "test"
location = "australiaeast"
org = "org"
#Referenced in network module
address_space = ["10.10.0.0/21"]
subnets = {
subnet1 = {
name = "public_subnet"
address_space = ["10.10.1.0/26"]
}
subnet2 = {
name = "private_subnet"
address_space = ["10.10.1.64/26"]
}
subnet3 = {
name = "privatelink_subnet"
address_space = ["10.10.1.128/26"]
}
subnet4 = {
name = "AzureFirewallSubnet"
address_space = ["10.10.1.192/26"]
}
}
nsg = {
public_nsg = {
name = "public_nsg"
}
private_nsg = {
name = "private_nsg"
}
}
azure
terraform