Skip to content

Latest commit

 

History

History
89 lines (69 loc) · 5.08 KB

README.md

File metadata and controls

89 lines (69 loc) · 5.08 KB

terraform-azurerm-dxnsg

Module to create a network security group in Microsoft Azure. This module implements a hierarchical structure for network security group rules and is designed to pair with terraform-azurerm-dxvnet, which leads to fewer errors or misassociations of one list to another list incorrectly.

Associating network security groups is optionally supported within the module or can be facilitated separately.

Usage

In order to use this with the terraform-azurerm-dxvnet module, I add a list of subnets inside of a map of the NSGs when I create a variable in the root module:

variable "network_security_groups" {
  default = {
    "nsg-subnet-frontend" = {
      rules = {
        "AllowHttpsInbound" = {
          priority                    = 100
          direction                   = "Inbound"
          description                 = ""
          access                      = "Allow"
          protocol                    = "Tcp"
          source_address_prefix       = "VirtualNetwork"
          source_port_range           = "*"
          destination_address_prefix  = "VirtualNetwork"
          destination_port_range      = "443"
        }
      }
      subnets = ["frontend"]
    }
  }
}

This allows me to assign the NSG to any number of subnets. Since these are just the names of the subnets (the key used in the VNET module), we need to build a new structure grabbing the the subnet IDs:

locals {
  nsg_subnet_ids = {for k, v in var.network_security_groups : k => {for kk, vv in module.vnet.subnets : kk => vv.id if contains(v.subnets, kk)}}
}

This map uses the subnet as the key, then has a list of the subnet ID.

Requirements

Name Version
terraform >= 1.3.0

Providers

Name Version
azurerm 3.30.0

Modules

No modules.

Resources

Name Type
azurerm_network_security_group.nsg resource
azurerm_network_security_rule.rules resource
azurerm_subnet_network_security_group_association.assoc resource

Inputs

Name Description Type Default Required
location Location to deploy network security group. string n/a yes
name Network security group name. string n/a yes
resource_group_name Resource group name to deploy network security group. string n/a yes
rules Set of rules to include in network security group.
map(object({
access = string
description = optional(string)
destination_address_prefix = optional(string, "")
destination_address_prefixes = optional(list(string), [])
destination_application_security_group_ids = optional(list(string))
destination_port_range = optional(string)
destination_port_ranges = optional(list(string), [])
direction = string
priority = number
protocol = optional(string, "
")
source_address_prefix = optional(string, "")
source_address_prefixes = optional(list(string), [])
source_application_security_group_ids = optional(list(string))
source_port_range = optional(string, "
")
source_port_ranges = optional(list(string), [])
}))
{} no
subnets Subnet and ids to attach network security group. map(string) {} no
tags Tags to assign to network security group. map
{
"CreatedBy": "Terraform",
"Module": "terraform-azurerm-dxnsg"
}
no

Outputs

Name Description
id Network security group id
location Network security group location
name Network security group name
rules Network security group rules