Follow

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use
Follow
Facebook Twitter Instagram Youtube
Contact

Terraform – Security rules creation with count

byMR
December 22, 2022

I need to create a security rule for only one network security group.
The first rule is for all network security group. The second must be for only the first network security group (index 0).

I think I need a conditional expression but I don’t know how to made it.

resource "azurerm_network_security_group" "terra_nsg" {
  count               = length(local.nsg_names)

  name                = element(local.nsg_names, count.index)  
  location            = var.azure_region
  resource_group_name = azurerm_resource_group.terra_rgo.name

  security_rule {
    name                        = "rule1"
    direction                   = "Inbound"
    access                      = "Allow"
    priority                    = 100
    protocol                    = "Tcp"
    source_port_range           = "*"
    destination_port_range      = 3389
    source_address_prefix       = "1.2.3.4"
    destination_address_prefix  = "*"
  }

  security_rule { # => This one : I would like to set it for only azurerm_network_security_group.terra_nsg[0].id (for "nsg01")
    name                       = "rule2"
    priority                   = 110
    direction                  = "Inbound"
    access                     = "Allow"
    protocol                   = "Tcp"
    source_port_range          = "*"
    destination_port_range     = "443"
    source_address_prefix      = "*"
    destination_address_prefix = "*"
  }
}

The local variable :

MEDevel.com: Open-source for Healthcare and Education

Collecting and validating open-source software for healthcare, education, enterprise, development, medical imaging, medical records, and digital pathology.

Visit Medevel 

nsg_names      = [ "nsg01", "nsg02", "nsg03" ]

Thank you.

>Solution :

This can probably be done by using for_each meta-argument [1] along with the dynamic block:

resource "azurerm_network_security_group" "terra_nsg" {
  count               = length(local.nsg_names)

  name                = element(local.nsg_names, count.index)  
  location            = var.azure_region
  resource_group_name = azurerm_resource_group.terra_rgo.name

  security_rule {
    name                        = "rule1"
    direction                   = "Inbound"
    access                      = "Allow"
    priority                    = 100
    protocol                    = "Tcp"
    source_port_range           = "*"
    destination_port_range      = 3389
    source_address_prefix       = "1.2.3.4"
    destination_address_prefix  = "*"
  }

  dynamic "security_rule" {
    for_each = count.index == 0 ? [1] : []
    content {
      name                       = "rule2"
      priority                   = 110
      direction                  = "Inbound"
      access                     = "Allow"
      protocol                   = "Tcp"
      source_port_range          = "*"
      destination_port_range     = "443"
      source_address_prefix      = "*"
      destination_address_prefix = "*"
    }
  }
}

[1] https://developer.hashicorp.com/terraform/language/meta-arguments/for_each

[2] https://developer.hashicorp.com/terraform/language/expressions/dynamic-blocks

byMR
Published
Add a comment

Leave a Reply

Keep Up to Date with the Most Important News

By pressing the Subscribe button, you confirm that you have read and are agreeing to our Privacy Policy and Terms of Use

Read more

Discover more from Dev solutions

Subscribe now to keep reading and get access to the full archive.

Continue reading