How to relate NSG and Network Watcher Flow Log


I’m trying to write a rule to enforce flow logs on NSGs. The flow logs use the network security group id in the terraform which is in the after_unknown in the mock.

I can add the tf and mock if required.

@wblanchard-concurren In this instance you probably want to look at using the tfconfig/v2 import instead of tfplan/v2.

I don’t have an example that I can share but at a high-level I think you want to check that the azurerm_network_watcher_flow_log references an NSG resource id which I believe is a required attribute.