Network_security_group_id with for each function

Terraform
5

HI thank for your answer I try but still not working did you try with multiple subnet ?
because with one it’s work for me but with two he won’t work
I change my nsg variables to locals.tf for all net resources create but the nsg association is still an issue for me. I used the way you advice me but for now no solution for me Grrrr

the error message :slight_smile:

Error: Invalid index

This value is null, so it does not have any attributes.


Error: Attempt to get attribute from null value

  on security.tf line 31, in resource "azurerm_subnet_network_security_group_association" "nsg-assosiation":
  31:   network_security_group_id = azurerm_network_security_group.core_net_nsgs[lookup(local.subnets, each.value.name, null).nsg].id
    |--**--------------**
**    | each.value.name is "snet-prd-weu-core-Shared-Infra-01"**
**    | local.subnets is object with 4 attributes**

This value is null, so it does not have any attributes.

what I did wrong ?

sample of the code :

locals {
location = "westeurope"

subnets = {
    snet-prd-weu-core-SharedInfra-01 = {
      name             = "snet-prd-weu-core-Shared-Infra-01"
      nsg              = "nsg-prd-weu-sub-shared-infra-01"
      adress_prefix    = ["10.98.225.0/24"] 

    }
    snet-prd-weu-core-ad-01 = {
      name             = "snet-prd-weu-core-ad-01"
      nsg              = "nsg-prd-weu-core-ad-01"
      adress_prefix    = ["10.98.239.160/27"]
    }

# Creating a network security group for all hub subnet
resource "azurerm_network_security_group" "core_net_nsgs" {
  for_each            = local.subnets
  name                = each.value.nsg
  location            = local.location
  resource_group_name = azurerm_resource_group.hub_resource_group.name
}

## Creating a security rule to deny inbound hub traffic 
resource "azurerm_network_security_rule" "deny_internet_inbound" {
  for_each = azurerm_network_security_group.core_net_nsgs
  name                       = "Deny-internet-Outbound"
  priority                   = "4096" #beetween 100 - 4096
  direction                  = "outbound"
  access                     = "Deny"
  protocol                   = "*"
  source_port_range          = "*"
  destination_port_range     = "*"
  source_address_prefix      = "VirtualNetwork"
  destination_address_prefix = "Internet"
  resource_group_name         = azurerm_resource_group.hub_resource_group.name
  network_security_group_name = each.value.name
}

#Associating the network security group with subnets core vnet

resource "azurerm_subnet_network_security_group_association" "nsg-assosiation" {
  for_each                  = azurerm_subnet.hub_subnets
  subnet_id                 = each.value.id
  network_security_group_id = azurerm_network_security_group.core_net_nsgs[lookup(local.subnets, each.value.name, null).nsg].id
}