Search code examples
terraformterraform-provider-azure

Terraform - Security rules creation with count

I need to create a security rule for only one network security group. The first rule is for all network security group. The second must be for only the first network security group (index 0).

I think I need a conditional expression but I don't know how to made it.

resource "azurerm_network_security_group" "terra_nsg" {
  count               = length(local.nsg_names)

  name                = element(local.nsg_names, count.index)  
  location            = var.azure_region
  resource_group_name = azurerm_resource_group.terra_rgo.name

  security_rule {
    name                        = "rule1"
    direction                   = "Inbound"
    access                      = "Allow"
    priority                    = 100
    protocol                    = "Tcp"
    source_port_range           = "*"
    destination_port_range      = 3389
    source_address_prefix       = "1.2.3.4"
    destination_address_prefix  = "*"
  }

  security_rule { # => This one : I would like to set it for only azurerm_network_security_group.terra_nsg[0].id (for "nsg01")
    name                       = "rule2"
    priority                   = 110
    direction                  = "Inbound"
    access                     = "Allow"
    protocol                   = "Tcp"
    source_port_range          = "*"
    destination_port_range     = "443"
    source_address_prefix      = "*"
    destination_address_prefix = "*"
  }
}

The local variable :

nsg_names      = [ "nsg01", "nsg02", "nsg03" ]

Thank you.

Solution

  • This can probably be done by using for_each meta-argument [1] along with the dynamic block:

    resource "azurerm_network_security_group" "terra_nsg" {
  count               = length(local.nsg_names)

  name                = element(local.nsg_names, count.index)  
  location            = var.azure_region
  resource_group_name = azurerm_resource_group.terra_rgo.name

  security_rule {
    name                        = "rule1"
    direction                   = "Inbound"
    access                      = "Allow"
    priority                    = 100
    protocol                    = "Tcp"
    source_port_range           = "*"
    destination_port_range      = 3389
    source_address_prefix       = "1.2.3.4"
    destination_address_prefix  = "*"
  }

  dynamic "security_rule" {
    for_each = count.index == 0 ? [1] : []
    content {
      name                       = "rule2"
      priority                   = 110
      direction                  = "Inbound"
      access                     = "Allow"
      protocol                   = "Tcp"
      source_port_range          = "*"
      destination_port_range     = "443"
      source_address_prefix      = "*"
      destination_address_prefix = "*"
    }
  }
}

    [1] https://developer.hashicorp.com/terraform/language/meta-arguments/for_each

    [2] https://developer.hashicorp.com/terraform/language/expressions/dynamic-blocks