Learning Terraform as I build and need some help. I have 2 sets of Azure subnets prod and nonprod. I have a list variable “environments” that can have any combination of dev, uat and prod. I create Azure application security groups(asg) based on the list values. I need to create a network security group rule to allow azure load balancer to access port 443 to the asg that are created.
I need destination_application_security_group_ids logic like:
if subnet == prod then asg == prod (production is always created)
else if subnet == nonprod and create dev == true and create uat == true then asg == dev and uat
else if subnet == nonprod and create dev == true and create uat == false then asg == dev
else asg == uat
resource "azurerm_application_security_group" "web_asg" {
count = length(var.environments)
name = format("${var.azure_resource_prefix}-%s-web-asg", element(var.environments, count.index))
location = var.resource_group.location
resource_group_name = var.resource_group.name
}
resource "azurerm_network_security_rule" "web_inbound_443" {
count = length(var.network_segments)
name = format("%s-web-443", element(var.network_segments, count.index))
priority = "1001"
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "443"
source_address_prefix = "AzureLoadBalancer" #
destination_application_security_group_ids = element(var.network_segments, count.index) == "prod" ? [azurerm_application_security_group.web_asg["2"].id] : [azurerm_application_security_group.web_asg["0"].id, azurerm_application_security_group.web_asg["1"].id]
resource_group_name = var.resource_group.name
network_security_group_name = element(azurerm_network_security_group.web_nsg[*].name, count.index)
depends_on = [
azurerm_application_security_group.web_asg, azurerm_network_security_group.web_nsg
]
}