Terraform Azure网络安全

Question

我试图通过Terraform为Azure中的网络安全组配置具有多个源地址的网络安全规则。

基于文档的rule.html

然而，我无法让它发挥作用，也找不到任何例子：

prefixes

我知道错误：

错误: azurerm_network_security_rule.test0："source_address_prefix"：必需字段未设置错误: azurerm_network_security_rule.test0：：无效或未知键: source_address_prefixes

这是我的样本：

resource "azurerm_network_security_rule" "test0" {
name = "RDP"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
destination_port_range = "3389"
source_address_prefixes = "{200.160.200.30,200.160.200.60}"
destination_address_prefix = "VirtualNetwork"
network_security_group_name= "${azurerm_network_security_group.test.name}"
resource_group_name = "${azurerm_resource_group.test.name}"
}

请让我知道。

谢谢!

Answer 1

source_address_prefixes需要源地址前缀列表。

修改如下：

source_address_prefixes = ["200.160.200.30","200.160.200.60"]

azurerm_network_security_group.test.name中也有一个错误，正确的类型是azurerm_network_security_group.test0.name。下面的tf文件适用于我。

resource "azurerm_resource_group" "test0" {
  name     = "shuinsg"
  location = "West US"
}

resource "azurerm_network_security_group" "test0" {
  name                = "shuinsgtest"
  location            = "${azurerm_resource_group.test0.location}"
  resource_group_name = "${azurerm_resource_group.test0.name}"
}


resource "azurerm_network_security_rule" "test0" {
name = "RDP"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
destination_port_range = "3389"
source_address_prefixes = ["200.160.200.30","200.160.200.60"]
destination_address_prefix = "VirtualNetwork"
network_security_group_name= "${azurerm_network_security_group.test0.name}"
resource_group_name = "${azurerm_resource_group.test0.name}"
}

这是我的测试结果。

​

​

Answer 2

"address_prefix“是表示CIDR (例如10.0.0.0/24 )的字符串值。因此，在您的例子中，source_address_prefix = "200.160.200.30/32"和destination_address_prefix = "${azurerm_virtual_network.test.address_space.0}"取决于您想要引用的内容。