resource "azurerm_network_security_group" "nsg" {
name = var.nsg_name
location = var.location
resource_group_name = var.rg_name
tags = var.tags
timeouts {
create = "5m"
delete = "10m"
}
}
resource "azurerm_network_interface_security_group_association" "this" {
count = var.associate_with_nic && var.nic_id != null ? 1 : 0
network_interface_id = var.nic_id
network_security_group_id = azurerm_network_security_group.nsg.id
timeouts {
create = "5m"
delete = "10m"
}
}
resource "azurerm_subnet_network_security_group_association" "this" {
count = var.associate_with_subnet == true ? 1 : 0
subnet_id = var.subnet_id
network_security_group_id = azurerm_network_security_group.nsg.id
timeouts {
create = "5m"
delete = "10m"
}
}
resource "azurerm_network_security_rule" "rules" {
for_each = local.final_nsg_rules
name = each.key
priority = each.value.priority
direction = each.value.direction
access = each.value.access
protocol = each.value.protocol
source_port_range = each.value.source_port_range
destination_port_range = each.value.destination_port_range
source_address_prefix = each.value.source_address_prefix
destination_address_prefix = each.value.destination_address_prefix
resource_group_name = azurerm_network_security_group.nsg.resource_group_name
network_security_group_name = azurerm_network_security_group.nsg.name
}
No requirements.
| Name | Version |
|---|---|
| azurerm | n/a |
No modules.
| Name | Type |
|---|---|
| azurerm_network_interface_security_group_association.this | resource |
| azurerm_network_security_group.nsg | resource |
| azurerm_network_security_rule.rules | resource |
| azurerm_subnet_network_security_group_association.this | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| apply_standard_rules | Whether to apply the standard NSG rules or not. | bool |
true |
no |
| associate_with_nic | Whether the NSG should be associated with a nic | bool |
false |
no |
| associate_with_subnet | Whether the NSG should be associated with a subnet | bool |
false |
no |
| custom_nsg_rules | Custom NSG rules to apply if apply_standard_rules is set to false. | map(object({ |
{} |
no |
| location | The location for this resource to be put in | string |
n/a | yes |
| nic_id | The ID of a NIC if the association is triggered | string |
null |
no |
| nsg_name | The name of the resource to be created | string |
n/a | yes |
| rg_name | The name of the resource group, this module does not create a resource group, it is expecting the value of a resource group already exists | string |
n/a | yes |
| subnet_id | The ID of the subnet for the NSG to be attached to | string |
null |
no |
| tags | The tags assigned to the resource | map(string) |
n/a | yes |
| Name | Description |
|---|---|
| final_nsg_rules | The NSG rules list assigned as a variable |
| nsg_id | The ID of the NSG |
| nsg_name | The name of the NSG |
| nsg_network_interface_security_group_association_ids | The IDs of the Network Interface Security Group Associations |
| nsg_rg_name | The name of the resource group the nsg is in |
| nsg_subnet_association_ids | The IDs of the Subnet Network Security Group Associations |