-
Notifications
You must be signed in to change notification settings - Fork 4.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support for setting nsg association when creating azurerm_subnet #11187
Comments
I've run into this exact same scenario where Azure Policy prevents you from separating out creating NSGs from the subnets. I looked back in the history and saw that this once possible but was deprecated (see #1933 ) several years back. I'm thinking the only option here would be to allow you to either specify NSGs within the subnet or as a separate association resource. If you used both bad things would happen. This would match how subnets can be either standalone or part of vnet but not both. Before I go ahead and code that up does anyone have any objections or better suggestions? |
@tombuildsstuff I think you were the one who originally implemented all these changes. Care to weigh in? |
hi @sturwin As @tj-corrigan has mentioned this field has been intentionally removed in #3054 to workaround issues within the Azure Platform during the deletion of resources, as such this field has been intentionally removed and isn't something we plan to reintroduce. Instead #9022 is tracking adding an example of how to use Azure Policy with the separate resources, which'll fix this Azure Policy issue - as such whilst I'd like to thank you for opening this issue I'm going to close this in favour of #9022 - would you mind subscribing to that issue for updates? Thanks! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Community Note
Description
Please can we add the security_group or security_group_id field back into azurerm_subnet. Using azurerm_subnet_network_security_group_association is nice, but it doesn't work when the client has a security policy in place which denies the creation of a subnet without an associated NSG.
You can create the association if you use the "subnet" block in a azurerm_virtual_network, so why not have it as an option on azurerm_subnet?
Thanks!
New or Affected Resource(s)
Potential Terraform Configuration
References
The text was updated successfully, but these errors were encountered: