Module to create a network security group in Microsoft Azure. This module implements a hierarchical structure for network security group rules and is designed to pair with terraform-azurerm-dxvnet, which leads to fewer errors or misassociations of one list to another list incorrectly.
Associating network security groups is optionally supported within the module or can be facilitated separately.
In order to use this with the terraform-azurerm-dxvnet module, I add a list of subnets inside of a map of the NSGs when I create a variable in the root module:
variable "network_security_groups" {
default = {
"nsg-subnet-frontend" = {
rules = {
"AllowHttpsInbound" = {
priority = 100
direction = "Inbound"
description = ""
access = "Allow"
protocol = "Tcp"
source_address_prefix = "VirtualNetwork"
source_port_range = "*"
destination_address_prefix = "VirtualNetwork"
destination_port_range = "443"
}
}
subnets = ["frontend"]
}
}
}
This allows me to assign the NSG to any number of subnets. Since these are just the names of the subnets (the key used in the VNET module), we need to build a new structure grabbing the the subnet IDs:
locals {
nsg_subnet_ids = {for k, v in var.network_security_groups : k => {for kk, vv in module.vnet.subnets : kk => vv.id if contains(v.subnets, kk)}}
}
This map uses the subnet as the key, then has a list of the subnet ID.
Name | Version |
---|---|
terraform | >= 1.3.0 |
Name | Version |
---|---|
azurerm | 3.30.0 |
No modules.
Name | Type |
---|---|
azurerm_network_security_group.nsg | resource |
azurerm_network_security_rule.rules | resource |
azurerm_subnet_network_security_group_association.assoc | resource |
Name | Description | Type | Default | Required |
---|---|---|---|---|
location | Location to deploy network security group. | string |
n/a | yes |
name | Network security group name. | string |
n/a | yes |
resource_group_name | Resource group name to deploy network security group. | string |
n/a | yes |
rules | Set of rules to include in network security group. | map(object({ |
{} |
no |
subnets | Subnet and ids to attach network security group. | map(string) |
{} |
no |
tags | Tags to assign to network security group. | map |
{ |
no |
Name | Description |
---|---|
id | Network security group id |
location | Network security group location |
name | Network security group name |
rules | Network security group rules |