将NSG与子网相关联

我对如何将NSG与配置中的子网相关联感到困惑。

创建了一个数据和azurerm_subnet_network_security_group_association块，但我确信配置不正确。

有人能够审查我的代码并给我一些指导吗。感谢

app1数据.tf

data "azurerm_subnet" "subnet_data" {
name                 = var.subnet_name
virtual_network_name = var.net_name
resource_group_name = var.resource_group_name
}

app1-networking_nsgs.tf

module "nsg-app1" {
source = "git@gitlab.com:*/*"
nsg_name            = var.nsg_name
resource_group_name = var.resource_group_name
location            = var.location
nsg_security_rules = var.nsg_security_rules
}

# Associate the NSG with the subnet
resource "azurerm_subnet_network_security_group_association" "subnet_association" {
# subnet_id                 = var.subnet_id
subnet_id                 = data.azurerm_subnet.subnet_data.subnet.id
network_security_group_id = data.azurerm_network_security_group.nsg_data.id
# network_security_group_id = data.azurerm_network_security_group.nsg_data[0].id
}

模块子网主.tf

# Create the Subnet
resource "azurerm_subnet" "subnet" {
name                 = var.subnet_names
resource_group_name  = var.resource_group_name
virtual_network_name = var.vnet_name
address_prefixes     = var.subnet_cidr_list
}

模块子网输出。tf

output "subnet_name" {
description = "Name of the created subnet"
value       = azurerm_subnet.subnet.name
}
output "subnet_id" {
value = azurerm_subnet.subnet.id
}
output "subnet_cidr_list" {
value = azurerm_subnet.subnet.address_prefixes
}

模块子网变量。tf

variable "subnet_names" {
type = string
}
variable "resource_group_name" {
type        = string
description = "name of resource group"
}
variable "subnet_cidr_list" {
type        = list(any)
description = "Address prefixes of Subnet"
}
variable "vnet_name" {
type        = string
description = "Name of Virtual Network"
}

模块nsg-main.tf

resource "azurerm_network_security_group" "nsg" {
name                = var.nsg_name
resource_group_name = var.resource_group_name
location            = var.location
# tags                = var.tags
dynamic "security_rule" {
for_each = var.nsg_security_rules
content {
name                                       = lookup(security_rule.value, "name", null)
priority                                   = lookup(security_rule.value, "priority", null)
direction                                  = lookup(security_rule.value, "direction", null)
access                                     = lookup(security_rule.value, "access", null)
protocol                                   = lookup(security_rule.value, "protocol", null)
source_port_range                          = lookup(security_rule.value, "source_port_range", null)
source_port_ranges                         = lookup(security_rule.value, "source_port_ranges", null)
destination_port_range                     = lookup(security_rule.value, "destination_port_range", null)
destination_port_ranges                    = lookup(security_rule.value, "destination_port_ranges", null)
source_address_prefix                      = lookup(security_rule.value, "source_address_prefix", null)
source_address_prefixes                    = lookup(security_rule.value, "source_address_prefixes", null)
destination_address_prefix                 = lookup(security_rule.value, "destination_address_prefix", null)
destination_address_prefixes               = lookup(security_rule.value, "destination_address_prefixes", null)
source_application_security_group_ids      = lookup(security_rule.value, "source_application_security_group_ids ", null)
destination_application_security_group_ids = lookup(security_rule.value, "destination_application_security_group_ids ", null)
}
}
}

模块nsg输出。tf

output "nsg_id" {
description = "The ID of the newly created Network Security Group"
value       = azurerm_network_security_group.nsg.id
}
output "nsg_name" {
description = "The name of the new NSG"
value       = azurerm_network_security_group.nsg.name
}

模块nsg变量.tf

variable "resource_group_name" {
description = "description"
type        = string
}
variable "location" {
description = "description"
type        = string
# default     = "West Europe"
}
variable "nsg_name" {
description = "description"
type        = string
}
variable "nsg_security_rules" {
description = "A list of security rules to add to the security group. Each rule should be a map of values to add. See the Readme.md file for further details."
type = list(object({
name                       = string
priority                   = number
direction                  = string
access                     = string
protocol                   = string
source_port_range          = string
destination_port_range     = string
source_address_prefix      = string
destination_address_prefix = string
}))
}

❯地形平面图-var文件=dev.tfvars

Error: Unsupported attribute
│ 
│   on networking_nsgs.tf line 19, in resource "azurerm_subnet_network_security_group_association" "subnet_association":
│   19:     subnet_id                 = data.azurerm_subnet.subnet_data.subnet.id
│ 
│ This object has no argument, nested block, or exported attribute named "subnet".
╵
╷
│ Error: Reference to undeclared resource
│ 
│   on networking_nsgs.tf line 20, in resource "azurerm_subnet_network_security_group_association" "subnet_association":
│   20:     network_security_group_id = azurerm_network_security_group.nsg.id
│ 
│ A managed resource "azurerm_network_security_group" "nsg" has not been declared in the root module.

subnet_id                 = data.azurerm_subnet.subnet_data.id