Support for azurerm_subnet to configure route table association, nsg association

Question

Support for azurerm_subnet to configure route table association, nsg association

Closed this issue 2 years ago · 2 comments

Deleted user commented 2 years ago

Is there an existing issue for this?

I have searched the existing issues

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

According to enterprise scale set design by Microsoft, exists 2 policies that are part of best practices and prevent creation of subnets without nsg, subnets without route tables:
https://www.azadvertizer.net/azpolicyadvertizer/Deny-Subnet-Without-Nsg.html
https://www.azadvertizer.net/azpolicyadvertizer/Deny-Subnet-Without-Udr.html
When these policies applied, it impossible to create/modify subnet in terraform cause "subnet_network_security_group_association" and "subnet_route_table_association" are separate resources, that require subnet to be created. So "azurerm_subnet" cannot do same as can be done in az cli, az powershell, ARM Templates and bicep - create resource with association to nsg and route table via 1 step.

New or Affected Resource(s)/Data Source(s)

azurerm_subnet

Potential Terraform Configuration

resource "azurerm_subnet" "example" {
  name                      = "example-subnet"
  resource_group_name-      = azurerm_resource_group.example.name
  virtual_network_name      = azurerm_virtual_network.example.name
  address_prefixes          = ["10.0.1.0/24"]
  network_security_group_id = azurerm_network_security_group.example.id
  route_table_id            = azurerm_route_table.example.id
  }
}

References

No response

Answer 1 · 2022-05-24T09:49:41.000Z

hi @Dushelov

This field has been intentionally removed from the azurerm_subnet resource to workaround issues within the Azure Platform during the deletion of resources, as this field has been intentionally removed unfortunately this isn't something we plan to reintroduce.

Instead #9022 is tracking adding an example of how to use Azure Policy with the separate resources, and #3917 is tracking adding additional fields within the azurerm_virtual_network resource - as such whilst I'd like to thank you for opening this issue I'm going to close this in favour of #9022 - would you mind subscribing to that issue for updates?

Thanks!

Answer 2 · 2022-06-24T02:34:24.000Z

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.