The name of the resource group in which to create the network security group.
string
n/a
yes
location
The location/region where the network security group is created.
string
n/a
yes
tags
A mapping of tags to assign to the resource.
map(string)
{}
no
inbound_rules
List of objects that represent the configuration of each inbound rule.
list(object({}))
[]
no
outbound_rules
List of objects that represent the configuration of each outbound rule.
list(object({}))
[]
no
The inbound_rules and outbound_rules supports the following:
Name
Description
Type
Default
Required
name
The name of the network security rule.
string
n/a
yes
priority
The value can be between 100 and 65500. The priority number must be unique for each rule in the collection.
number
n/a
yes
access
Specifies whether network traffic is allowed or denied. Possible values are Allow and Deny.
string
n/a
yes
protocol
Network protocol this rule applies to. Possible values include Tcp, Udp, Icmp, or * (which matches all).
string
n/a
yes
source_address_prefix
CIDR or source IP range or * to match any IP. Tags such as VirtualNetwork, AzureLoadBalancer and Internet can also be used. This is required if source_address_prefixes is not specified.
string
null
no
source_address_prefixes
List of source address prefixes. Tags may not be used. This is required if source_address_prefix is not specified.
list(string)
null
no
source_application_security_group_ids
A List of source Application Security Group IDs.
list(string)
null
no
source_port_range
Source Port or Range. Integer or range between 0 and 65535 or * to match any. This is required if source_port_ranges is not specified.
string
null
no
source_port_ranges
List of source ports or port ranges. This is required if source_port_range is not specified.
list(string)
null
no
destination_address_prefix
CIDR or destination IP range or * to match any IP. Tags such as VirtualNetwork, AzureLoadBalancer and Internet can also be used. This is required if destination_address_prefixes is not specified.
string
null
no
destination_address_prefixes
List of destination address prefixes. Tags may not be used. This is required if destination_address_prefix is not specified.
list(string)
null
no
destination_application_security_group_ids
A List of destination Application Security Group IDs.
list(string)
null
no
destination_port_range
Destination Port or Range. Integer or range between 0 and 65535 or * to match any. This is required if destination_port_ranges is not specified.
string
null
no
destination_port_ranges
List of destination ports or port ranges. This is required if destination_port_range is not specified.
list(string)
null
no
description
A description for this rule. Restricted to 140 characters.
string
null
no
Outputs
The following outputs are exported:
Name
Description
Sensitive
id
The network security group configuration ID.
no
name
The name of the network security group.
no
resource_group_name
The name of the resource group in which to create the network security group.
no
location
The location/region where the network security group is created.
no
tags
The tags assigned to the resource.
no
inbound_rules
Blocks containing configuration of each inbound security rule.
no
outbound_rules
Blocks containing configuration of each outbound security rule.