I am unable to see the dynamic rules getting created in Azure Network Security Group (NSG). My template looks ok from validation checks. However, when i run the terraform apply the NSG creates without the custom rules i put under dynamic rules section. Since this is part of a module i have to use some logic for iteration.
Below is my code from module.tf file
resource "azurerm_network_security_group" "nsg" {
for_each = var.subnet_prefix
name = lower("nsg_${each.key}_in")
resource_group_name = var.vnet_resourcegroup
location = var.location
dynamic "security_rule" {
for_each = lookup (each.value, "nsg_rules", [])
content {
name = lookup(security_rule.value,"name",null)
description = lookup(security_rule.value, "description", null)
priority = lookup(security_rule.value,"priority",null)
direction = lookup(security_rule.value,"direction",null)
access = lookup(security_rule.value,"access",null)
protocol = lookup(security_rule.value,"protocol",null)
source_port_range = "*"
destination_port_range = lookup(security_rule.value,"destination_port_range",null)
source_address_prefix = lookup(security_rule.value,"source_address_prefix",null)
destination_address_prefix = lookup(security_rule.value,"destination_address_prefix",null)
}
}
}
The values will be coming from a terraform.tfvars file , which i have declared as under. For compliance i have removed the original values with random text.
subnet_prefix = {
sa0 = {
prefix = "dc-subnet"
address_space = ["XXXXXX"]
nsg_name = "nsg0"
nsg_rules = [
{
name = "rule1"
description = "XXXXXX"
priority = 220
direction = "Outbound"
access = "Allow"
protocol = "*"
source_port_range = "*"
source_port_ranges = null
destination_port_range = *
destination_port_ranges = null
source_address_prefix = "*"
source_address_prefixes = null
destination_address_prefix = "X.X.X.X/26"
destination_address_prefixes = null
source_application_security_group_names = []
destination_application_security_group_names = []
}
]
}
}
