terraformterraform-provider-azureterraform0.12+azure-rm
How to create Network Security Group for all subnets in loop with Terraform on Azure
Objective: Trying to create network security group for all subnets in vnet in Azure via Terraform with loop
Code that I am using:
Main.tf:
resource "azurerm_network_security_group" "nsg" {
for_each = var.subnets
name = lower("nsg_${each.key}_in")
resource_group_name = var.resource_group_name
location = var.location
tags = merge({ "ResourceName" = lower("nsg_${each.key}_in") }, var.tags, )
dynamic "security_rule" {
for_each = concat(lookup(each.value, "nsg_inbound_rules", []), lookup(each.value, "nsg_outbound_rules", []))
content {
name = security_rule.value[0] == "" ? "Default_Rule" : security_rule.value[0]
priority = security_rule.value[1]
direction = security_rule.value[2] == "" ? "Inbound" : security_rule.value[2]
access = security_rule.value[3] == "" ? "Allow" : security_rule.value[3]
protocol = security_rule.value[4] == "" ? "Tcp" : security_rule.value[4]
source_port_range = "*"
destination_port_range = security_rule.value[5] == "" ? "*" : security_rule.value[5]
source_address_prefix = security_rule.value[6] == "" ? element(each.value.subnet_address_prefix, 0) : security_rule.value[6]
destination_address_prefix = security_rule.value[7] == "" ? element(each.value.subnet_address_prefix, 0) : security_rule.value[7]
description = "${security_rule.value[2]}_Port_${security_rule.value[5]}"
}
}
}
resource "azurerm_subnet_network_security_group_association" "nsg-assoc" {
for_each = var.subnets
subnet_id = azurerm_subnet.snet[each.key].id
network_security_group_id = azurerm_network_security_group.nsg[each.key].id
}
variables.tf:
variable "subnets" {
type = map(object({
name = string
}))
default = {
"s1" = { name = "dns_snet"},
"s2" = { name = "common_snet"},
"s3" = { name = "gw_snet"},
"s4" = { name = "clientdata_snet"}
}
}
Error I am getting
Error: Unsupported attribute
│
│ on main.tf line 167, in resource "azurerm_subnet" "snet":
│ 167: name = lower(format("snet-%s-${var.hub_vnet_name}-${var.location}", each.value.subnet_name))
│ ├────────────────
│ │ each.value is object with 1 attribute "name"
│
│ This object does not have an attribute named "subnet_name"
Please suggest where I am doing mistake ? Thanks in advance.
Solution
Reproduce in my environment, Its working fine. Below is the code you can make use of it and do changes in names of variables as per your requirement.
main.tf
provider "azurerm" {
features{}
}
data "azurerm_resource_group" "example" {
name = "v-rasXXXXree"
}
resource "azurerm_virtual_network" "example" {
name = "example-network"
location = data.azurerm_resource_group.example.location
resource_group_name = data.azurerm_resource_group.example.name
address_space = ["10.0.0.0/16"]
tags = {
environment = "Production"
}
}
resource "azurerm_subnet" "snet" {
for_each = var.subnets
resource_group_name = data.azurerm_resource_group.example.name
virtual_network_name = azurerm_virtual_network.example.name
name = each.value["name"]
address_prefixes = each.value["address_prefixes"]
}
resource "azurerm_network_security_group" "nsg" {
for_each = var.subnets
name = lower("nsg_${each.key}_in")
resource_group_name = data.azurerm_resource_group.example.name
location = data.azurerm_resource_group.example.location
#tags = merge({ "ResourceName" = lower("nsg_${each.key}_in") }, var.tags, )
dynamic "security_rule" {
for_each = concat(lookup(each.value, "nsg_inbound_rules", []), lookup(each.value, "nsg_outbound_rules", []))
content {
name = security_rule.value[0] == "" ? "Default_Rule" : security_rule.value[0]
priority = security_rule.value[1]
direction = security_rule.value[2] == "" ? "Inbound" : security_rule.value[2]
access = security_rule.value[3] == "" ? "Allow" : security_rule.value[3]
protocol = security_rule.value[4] == "" ? "Tcp" : security_rule.value[4]
source_port_range = "*"
destination_port_range = security_rule.value[5] == "" ? "*" : security_rule.value[5]
source_address_prefix = security_rule.value[6] == "" ? element(each.value.subnet_address_prefix, 0) : security_rule.value[6]
destination_address_prefix = security_rule.value[7] == "" ? element(each.value.subnet_address_prefix, 0) : security_rule.value[7]
description = "${security_rule.value[2]}_Port_${security_rule.value[5]}"
}
}
}
resource "azurerm_subnet_network_security_group_association" "nsg-assoc" {
for_each = var.subnets
subnet_id = azurerm_subnet.snet[each.key].id
network_security_group_id = azurerm_network_security_group.nsg[each.key].id
}
variable.tf
variable "subnets" {
type=map(any)
default = {
subnet_1 = {
name="subnet_1"
address_prefixes=["10.0.1.0/24"]
}
subnet_2={
name="subnet-2"
address_prefixes=["10.0.2.0/24"]
}
subnet_3={
name="subnet_3"
address_prefixes=["10.0.3.0/24"]
}
}
}
Ouput
- Unable to use VARs from a tfvars file in Terraform
- How to deal with "Error: Duplicate object key" in Terraform
- Error: Failure when executing a Terraform Resource creation request
- Google Cloud credentials with Terraform
- Terraform unknown provider packages
- How to get IP address from of an RDS host?
- Terraform lambda source_code_hash update with same code
- How to override default chart values in terraform using helm provider?
- How do i create a new revision of a task definition instead of creating a new task definition itself using Terraform
- Error 400: Request contains an invalid argument while creating google_cloudbuild_trigger resource in Terraform from github source
- terraform destroy needs original terraform code to destroy?
- Create proper resource names using terraform for_each
- Azure ACI cannot pull image from public docker registry (Possible bug)
- What does "~>" mean in terraform required_providers version?
- How to recreate EC2 instances of an autoscaling group with terraform?
- How to enable "Use for Hive table metadata" in "AWS Glue Data Catalog settings" using Terraform?
- How to use array as input in terragrunt which accepts only as string in terraform
- Unexpected JWT alg received, expected RS256, got: HS256
- terraform tags for list variable not working
- Terraform 13, Validate variable base on the value of another
- How do I reference a resource created from different module in my current module?
- Terraform - GCP - Import project IAM member
- Creating an Azure Linux VM with Ubuntu 20.04 with Terraform
- Terraform: Merge two tuples/lists to create a map
- Terraform doesn't allow to use variable when creating resource. How to go around?
- Authenticating using the Azure CLI is only supported as a User (not a Service Principal)
- Terraform outputs 'Error: Variables not allowed' when doing a plan
- Issue with Azure key vault and Azure storage account deployment
- temporary_name_for_rotation must be specified when changing any of the following properties: pod_subnet_id
- Why is TF build failing with "Error refreshing state: HTTP remote state endpoint requires auth"?