Unable to use Local Values for security rule in azurerm_network_security_group

Hi everyone,

I am unable to use the security rules declared in locals in azurerm_network_security_group
I am running Terraform v0.13.2 and provider.azurerm v2.27.0

When I declared the security rule using the locals, it gives error below:

Inappropriate value for attribute “security_rule”: element 0: attributes
"description", “destination_address_prefixes”,
"destination_application_security_group_ids", “destination_port_range”,
"source_address_prefixes", “source_application_security_group_ids”, and
"source_port_ranges" are required.

I added the suggested attributes (though documentation stated they are optional) and still got new errors below:

Inappropriate value for attribute “security_rule”: element 0: attribute
"destination_port_range": string required.

It keeps throwing errors even with string declared values

What works
When I declared the security rules directly rather than use locals, it works fine. So I need to know if locals aren’t allowed for declaring security rules for azurerm_network_security_group

I need to find a way to avoid repeating the same values (security rule) multiple times in the configuration hence the need for local values.


locals {

Allow-SMB = {
name = "Allow-SMB"
priority = 2001
direction = "Inbound"
access = "Allow"
protocol = " *"
source_port_range = "* "
destination_port_ranges = ["139", "445"]
source_address_prefix = ""
destination_address_prefix = "*"

Allow-Internal-RPC = {
name                       = "Allow-Internal-RPC"
priority                   = 2003
direction                  = "Inbound"
access                     = "Allow"
protocol                   = "Tcp"
source_port_range          = "*"
destination_port_range     = "135"
source_address_prefix      = ""
destination_address_prefix = "*"


resource "azurerm_network_security_group" "common-services-nsg" {
name = "Common-Services-NSG"
location = azurerm_resource_group.common.location
resource_group_name = azurerm_resource_group.common.name
security_rule = [

I will appreciate your help.