Hi everyone,
I am unable to use the security rules declared in locals in azurerm_network_security_group
I am running Terraform v0.13.2 and provider.azurerm v2.27.0
When I declared the security rule using the locals, it gives error below:
Inappropriate value for attribute “security_rule”: element 0: attributes
"description", “destination_address_prefixes”,
"destination_application_security_group_ids", “destination_port_range”,
"source_address_prefixes", “source_application_security_group_ids”, and
"source_port_ranges" are required.
I added the suggested attributes (though documentation stated they are optional) and still got new errors below:
Inappropriate value for attribute “security_rule”: element 0: attribute
"destination_port_range": string required.
It keeps throwing errors even with string declared values
What works
When I declared the security rules directly rather than use locals, it works fine. So I need to know if locals aren’t allowed for declaring security rules for azurerm_network_security_group
I need to find a way to avoid repeating the same values (security rule) multiple times in the configuration hence the need for local values.
Terraform
locals {
Allow-SMB = {
name = "Allow-SMB"
priority = 2001
direction = "Inbound"
access = "Allow"
protocol = " *"
source_port_range = "* "
destination_port_ranges = ["139", "445"]
source_address_prefix = "10.0.0.0/24"
destination_address_prefix = "*"
}
Allow-Internal-RPC = {
name = "Allow-Internal-RPC"
priority = 2003
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "135"
source_address_prefix = "10.0.0.0/8"
destination_address_prefix = "*"
}
}
resource "azurerm_network_security_group" "common-services-nsg" {
name = "Common-Services-NSG"
location = azurerm_resource_group.common.location
resource_group_name = azurerm_resource_group.common.name
security_rule = [
local.Allow-SMB,
local.Allow-Internal-RPC
]
}
I will appreciate your help.
Thanks