network_security_group_id not expected in azurerm_network_interface



  • I'm following a lecture on terraform for azure. They add a property network_security_group_id to an azurerm_network_interface

    resource "azurerm_network_interface" "demo-instance" {
        name                        = "${var.prefix}-instance1"
        location                    = var.location
        resource_group_name         = azurerm_resource_group.demo.name
        network_security_group_id   = azurerm_network_security_group.allow-ssh.id
    
    ip_configuration {
      .....
    }
    

    }

    But 'terraform plan' spits out

    Error: Unsupported argument │ │ on instance.tf line 43, in resource "azurerm_network_interface" "demo-instance": │ 43:
    network_security_group_id = azurerm_network_security_group.allow-ssh.id │ │ An argument named "network_security_group_id" is not expected here.

    I'm guessing that this has moved somewhere else in some version, but I can't find the setting in the docs anywhere.

    Where does network_security_group_id belong?

    resource "azurerm_network_security_group" "allow-ssh" {
        name                    = "${var.prefix}-allow-ssh"
        location                = var.location
        resource_group_name     = azurerm_resource_group.demo.name
    
    security_rule {
        name                    = "SSH"
        priority                = 1001
        direction               = "Inbound"
        access                  = "Allow"
        protocol                = "Tcp"
        source_port_range       = "*"
        destination_port_range  = var.ssh-source-address
        destination_address_prefix  = "*"
    }
    

    }

    Just removing these resources and settings and it works anyway. The resources get created and I'm able to login with a key. So is this not needed anymore at all?



  • Found the answer, this has changed at some point.

    What's needed is a network_security_group_association which relates to a subnet_id and a network_security_group_id (the one that was in the network_security_group before)

    resource "azurerm_subnet" "subnet-internal-1" {
      name                 = "${var.prefix}-internal-1"
      resource_group_name  = azurerm_resource_group.geofriends.name
      virtual_network_name = azurerm_virtual_network.vn.name
      address_prefixes     = ["10.0.0.0/24"]
    }
    

    resource "azurerm_network_security_group" "allow-ssh" {
    name = "${var.prefix}-allow-ssh"
    location = var.location
    resource_group_name = azurerm_resource_group.geofriends.name

    security_rule {
    name = "SSH"
    priority = 1001
    direction = "Inbound"
    access = "Allow"
    protocol = "Tcp"
    source_port_range = var.ssh-source-address
    destination_port_range = var.ssh-destination-address
    source_address_prefix = var.ssh-source-address
    destination_address_prefix = var.ssh-destination-address
    }
    }

    resource "azurerm_subnet_network_security_group_association" "sec-group-association" {
    subnet_id = azurerm_subnet.subnet-internal-1.id
    network_security_group_id = azurerm_network_security_group.allow-ssh.id
    }

    Now the subnet subnet-internal-1 contains the allow ssh security_group




Suggested Topics

  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2
  • 2