Terraform Azure network security

Question

I'm trying to configure a network security rule for a network security group in Azure via Terraform with multiple source addresses.

Based on the documentation https://www.terraform.io/docs/providers/azurerm/r/network_security_rule.html

However, I'm not able to get this to work nor can I find any examples for it:

https://www.terraform.io/docs/providers/azurerm/r/network_security_rule.html#source_address_prefixes

I get the Error:

Error: azurerm_network_security_rule.test0: "source_address_prefix": required field is not set Error: azurerm_network_security_rule.test0: : invalid or unknown key: source_address_prefixes

Here is my sample:

resource "azurerm_network_security_rule" "test0" {
name = "RDP"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
destination_port_range = "3389"
source_address_prefixes = "{200.160.200.30,200.160.200.60}"
destination_address_prefix = "VirtualNetwork"
network_security_group_name= "${azurerm_network_security_group.test.name}"
resource_group_name = "${azurerm_resource_group.test.name}"
}

Please let me know.

Thanks!

Hi, do you solve it? Can I help you more? – Shui shengbao Feb 09 '18 at 01:36 — Shui shengbao, Feb 09 '18 at 01:36

Shui shengbao · Accepted Answer · 2018-02-05T02:17:02.923

7

source_address_prefixes needs list of source address prefixes.

Modify it as below:

source_address_prefixes = ["200.160.200.30","200.160.200.60"]

There also a mistake in azurerm_network_security_group.test.name, the correct type is azurerm_network_security_group.test0.name. The following tf file works for me.

resource "azurerm_resource_group" "test0" {
  name     = "shuinsg"
  location = "West US"
}

resource "azurerm_network_security_group" "test0" {
  name                = "shuinsgtest"
  location            = "${azurerm_resource_group.test0.location}"
  resource_group_name = "${azurerm_resource_group.test0.name}"
}


resource "azurerm_network_security_rule" "test0" {
name = "RDP"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
destination_port_range = "3389"
source_address_prefixes = ["200.160.200.30","200.160.200.60"]
destination_address_prefix = "VirtualNetwork"
network_security_group_name= "${azurerm_network_security_group.test0.name}"
resource_group_name = "${azurerm_resource_group.test0.name}"
}

Here is my test result.

edited Feb 05 '18 at 02:17

answered Feb 02 '18 at 01:54

Shui shengbao

18,746
3
27
45

When you ask an Azure question, you had better add tag `azure`, you will get the answer more quickly. – Shui shengbao Feb 02 '18 at 01:56
Thanks @shengbao-shui-msft. I tried the exact same code you had pasted above and it fails with the exact same errors still. {Error: azurerm_network_security_rule.test0: "source_address_prefix": required field is not set Error: azurerm_network_security_rule.test0: : invalid or unknown key: source_address_prefixes} – Parvez Feb 02 '18 at 21:10
what version of Terraform are you using? I'm running version v0.11.2 installed via Chocolatey. – Parvez Feb 02 '18 at 21:16
I use `v0.11.3`. I am sure the tf file works for me. – Shui shengbao Feb 05 '18 at 01:03
I suggest you could use the latest terrform. Also, what is your `provider "azurerm"` ? – Shui shengbao Feb 05 '18 at 02:14
I upload my [nsg.tf to Github](https://gist.githubusercontent.com/Walter-Shui/ef77796f0e3b19330ac14c121de45570/raw/26e997d5d70ec0435b9d2bed701b46624a7739ce/nsg.tf), maybe you could check it. I also post my test result. – Shui shengbao Feb 05 '18 at 02:18
provider "Azurerm" v1.0.1, I will try the latest as you have v1.1.0 – Parvez Feb 06 '18 at 13:00
@Shengboa Success: After updating the Azurerm Provider version, that fixed the issue! Thanks for all your help! – Parvez Feb 06 '18 at 14:03
I'm pretty sure this is the syntax when using PowerShell, not Terraform (although Terraform does support JSON syntax, which this is, but maybe not for this property). – Ted Stresen-Reuter Jan 15 '21 at 09:06

Giulio Vian · Answer 2 · 2018-02-01T18:28:07.577

1

An "address_prefix" is a string values representing a CIDR e.g. 10.0.0.0/24. So in your case source_address_prefix = "200.160.200.30/32" and destination_address_prefix = "${azurerm_virtual_network.test.address_space.0}" depending on what you want to refer to.

edited Feb 01 '18 at 18:28

answered Feb 01 '18 at 14:22

Giulio Vian

8,248
2
33
41

1

Thanks @GiulioVian
However, I received the following error:
"Error: azurerm_network_security_group.test: security_rule.2.source_address_prefix must be a single value, not a list" – Parvez Feb 01 '18 at 18:19
1

I haven't checked the exact syntax (some resources want a list, some a single value): edit the answer – Giulio Vian Feb 01 '18 at 18:27
Also tried source_address_prefixes: Error: azurerm_network_security_group.test: security_rule.2: invalid or unknown key: source_address_prefixes – Parvez Feb 01 '18 at 18:31
1

@Parvez The root reason `source_address_prefixes` needs a list type. `""` this is a string type. See my answer. – Shui shengbao Feb 02 '18 at 02:01

Terraform Azure network security

2 Answers2