Terraform Azure network security

问题

I'm trying to configure a network security rule for a network security group in Azure via Terraform with multiple source addresses.

Based on the documentation https://www.terraform.io/docs/providers/azurerm/r/network_security_rule.html

However, I'm not able to get this to work nor can I find any examples for it:

https://www.terraform.io/docs/providers/azurerm/r/network_security_rule.html#source_address_prefixes

I get the Error:

Error: azurerm_network_security_rule.test0: "source_address_prefix": required field is not set Error: azurerm_network_security_rule.test0: : invalid or unknown key: source_address_prefixes

Here is my sample:

resource "azurerm_network_security_rule" "test0" {
name = "RDP"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
destination_port_range = "3389"
source_address_prefixes = "{200.160.200.30,200.160.200.60}"
destination_address_prefix = "VirtualNetwork"
network_security_group_name= "${azurerm_network_security_group.test.name}"
resource_group_name = "${azurerm_resource_group.test.name}"
}

Please let me know.

Thanks!

回答1:

source_address_prefixes needs list of source address prefixes.

Modify it as below:

source_address_prefixes = ["200.160.200.30","200.160.200.60"]

There also a mistake in azurerm_network_security_group.test.name, the correct type is azurerm_network_security_group.test0.name. The following tf file works for me.

resource "azurerm_resource_group" "test0" {
  name     = "shuinsg"
  location = "West US"
}

resource "azurerm_network_security_group" "test0" {
  name                = "shuinsgtest"
  location            = "${azurerm_resource_group.test0.location}"
  resource_group_name = "${azurerm_resource_group.test0.name}"
}


resource "azurerm_network_security_rule" "test0" {
name = "RDP"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
destination_port_range = "3389"
source_address_prefixes = ["200.160.200.30","200.160.200.60"]
destination_address_prefix = "VirtualNetwork"
network_security_group_name= "${azurerm_network_security_group.test0.name}"
resource_group_name = "${azurerm_resource_group.test0.name}"
}

Here is my test result.

回答2:

An "address_prefix" is a string values representing a CIDR e.g. 10.0.0.0/24. So in your case source_address_prefix = "200.160.200.30/32" and destination_address_prefix = "${azurerm_virtual_network.test.address_space.0}" depending on what you want to refer to.

来源：https://stackoverflow.com/questions/48549577/terraform-azure-network-security