Support for azurerm_subnet to configure route table association, nsg association
Closed this issue ยท 2 comments
Is there an existing issue for this?
- I have searched the existing issues
Community Note
- Please vote on this issue by adding a ๐ reaction to the original issue to help the community and maintainers prioritize this request
- Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
- If you are interested in working on this issue or have submitted a pull request, please leave a comment
Description
According to enterprise scale set design by Microsoft, exists 2 policies that are part of best practices and prevent creation of subnets without nsg, subnets without route tables:
https://www.azadvertizer.net/azpolicyadvertizer/Deny-Subnet-Without-Nsg.html
https://www.azadvertizer.net/azpolicyadvertizer/Deny-Subnet-Without-Udr.html
When these policies applied, it impossible to create/modify subnet in terraform cause "subnet_network_security_group_association" and "subnet_route_table_association" are separate resources, that require subnet to be created. So "azurerm_subnet" cannot do same as can be done in az cli, az powershell, ARM Templates and bicep - create resource with association to nsg and route table via 1 step.
New or Affected Resource(s)/Data Source(s)
azurerm_subnet
Potential Terraform Configuration
resource "azurerm_subnet" "example" {
name = "example-subnet"
resource_group_name- = azurerm_resource_group.example.name
virtual_network_name = azurerm_virtual_network.example.name
address_prefixes = ["10.0.1.0/24"]
network_security_group_id = azurerm_network_security_group.example.id
route_table_id = azurerm_route_table.example.id
}
}
References
No response
hi @Dushelov
This field has been intentionally removed from the azurerm_subnet
resource to workaround issues within the Azure Platform during the deletion of resources, as this field has been intentionally removed unfortunately this isn't something we plan to reintroduce.
Instead #9022 is tracking adding an example of how to use Azure Policy with the separate resources, and #3917 is tracking adding additional fields within the azurerm_virtual_network
resource - as such whilst I'd like to thank you for opening this issue I'm going to close this in favour of #9022 - would you mind subscribing to that issue for updates?
Thanks!
I'm going to lock this issue because it has been closed for 30 days โณ. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.