Terraform Azure network security

Asked 31/1, 2018 at 19:1 Answered 2/2, 2018 at 1:54

Solved azure terraform azure-virtual-network network-security-groups terraform-provider-azure

I'm trying to configure a network security rule for a network security group in Azure via Terraform with multiple source addresses.

Based on the documentation https://www.terraform.io/docs/providers/azurerm/r/network_security_rule.html

However, I'm not able to get this to work nor can I find any examples for it:

https://www.terraform.io/docs/providers/azurerm/r/network_security_rule.html#source_address_prefixes

I get the Error:

Error: azurerm_network_security_rule.test0: "source_address_prefix": required field is not set Error: azurerm_network_security_rule.test0: : invalid or unknown key: source_address_prefixes

Here is my sample:

resource "azurerm_network_security_rule" "test0" {
name = "RDP"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
destination_port_range = "3389"
source_address_prefixes = "{200.160.200.30,200.160.200.60}"
destination_address_prefix = "VirtualNetwork"
network_security_group_name= "${azurerm_network_security_group.test.name}"
resource_group_name = "${azurerm_resource_group.test.name}"
}

Please let me know.

Thanks!

Mascagni answered 31/1, 2018 at 19:1 Comment(1)

Hi, do you solve it? Can I help you more? – Frit 9/2, 2018 at 1:36

source_address_prefixes needs list of source address prefixes.

Modify it as below:

source_address_prefixes = ["200.160.200.30","200.160.200.60"]

There also a mistake in azurerm_network_security_group.test.name, the correct type is azurerm_network_security_group.test0.name. The following tf file works for me.

resource "azurerm_resource_group" "test0" {
  name     = "shuinsg"
  location = "West US"
}

resource "azurerm_network_security_group" "test0" {
  name                = "shuinsgtest"
  location            = "${azurerm_resource_group.test0.location}"
  resource_group_name = "${azurerm_resource_group.test0.name}"
}


resource "azurerm_network_security_rule" "test0" {
name = "RDP"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
destination_port_range = "3389"
source_address_prefixes = ["200.160.200.30","200.160.200.60"]
destination_address_prefix = "VirtualNetwork"
network_security_group_name= "${azurerm_network_security_group.test0.name}"
resource_group_name = "${azurerm_resource_group.test0.name}"
}

Here is my test result.

Frit answered 2/2, 2018 at 1:54 Comment(9)

When you ask an Azure question, you had better add tag azure, you will get the answer more quickly. – Frit 2/2, 2018 at 1:56

Thanks @shengbao-shui-msft. I tried the exact same code you had pasted above and it fails with the exact same errors still. {Error: azurerm_network_security_rule.test0: "source_address_prefix": required field is not set Error: azurerm_network_security_rule.test0: : invalid or unknown key: source_address_prefixes} – Mascagni 2/2, 2018 at 21:10

what version of Terraform are you using? I'm running version v0.11.2 installed via Chocolatey. – Mascagni 2/2, 2018 at 21:16

I use v0.11.3. I am sure the tf file works for me. – Frit 5/2, 2018 at 1:3

I suggest you could use the latest terrform. Also, what is your provider "azurerm" ? – Frit 5/2, 2018 at 2:14

I upload my nsg.tf to Github, maybe you could check it. I also post my test result. – Frit 5/2, 2018 at 2:18

provider "Azurerm" v1.0.1, I will try the latest as you have v1.1.0 – Mascagni 6/2, 2018 at 13:0

@Shengboa Success: After updating the Azurerm Provider version, that fixed the issue! Thanks for all your help! – Mascagni 6/2, 2018 at 14:3

I'm pretty sure this is the syntax when using PowerShell, not Terraform (although Terraform does support JSON syntax, which this is, but maybe not for this property). – Baptistry 15/1, 2021 at 9:6

An "address_prefix" is a string values representing a CIDR e.g. 10.0.0.0/24. So in your case source_address_prefix = "200.160.200.30/32" and destination_address_prefix = "${azurerm_virtual_network.test.address_space.0}" depending on what you want to refer to.

Gaspar answered 1/2, 2018 at 14:22 Comment(4)

Thanks @GiulioVian <br/> However, I received the following error: <br/> "Error: azurerm_network_security_group.test: security_rule.2.source_address_prefix must be a single value, not a list" – Mascagni 1/2, 2018 at 18:19

I haven't checked the exact syntax (some resources want a list, some a single value): edit the answer – Gaspar 1/2, 2018 at 18:27

Also tried source_address_prefixes: Error: azurerm_network_security_group.test: security_rule.2: invalid or unknown key: source_address_prefixes – Mascagni 1/2, 2018 at 18:31

@Mascagni The root reason source_address_prefixes needs a list type. "" this is a string type. See my answer. – Frit 2/2, 2018 at 2:1

Recommended topics

Hot tags