使用Terraform更新Azure KeyVault的防火墙规则

时间:2019-11-28 11:54:19

标签: azure terraform

我创建了具有默认防火墙规则的Azure KeyVault。现在,我想更新防火墙规则,以使用Terraform添加一些IP地址。我知道要获取当前的KeyVault和资源组。但是我发现用新的IP地址(防火墙)更新KeyVault十分困难。 

provider "azurerm" {
  version = "=1.36.0"
  subscription_id = "7e7f55d3-f30a-4bfd-a6be-1c59594b8592"
}

data "azurerm_resource_group" "rg_name" {
  name = "ITQIG-eu-rsv-sangamn-dev"
}

data "azurerm_key_vault" "kv_name" {
  name                = "manjugtestkv"
  resource_group_name = "${data.azurerm_resource_group.rg_name.name}"
}

1 个答案:

答案 0 :(得分:0)

您将需要使用创建密钥仓库的资源:

让我们假设您的keyvualt是在terraform文档中定义的。我删除了不相关的属性。

为了允许列出IP地址,您需要在network_acls块中定义它们:

resource "azurerm_key_vault" "example" {
  name                        = "testvault"
  ...

  access_policy {
    ...
  }

  network_acls {
    # The Default Action to use when no rules match from ip_rules / 
    # virtual_network_subnet_ids. Possible values are Allow and Deny
    default_action = "Deny"

    # Allows all azure services to acces your keyvault. Can be set to 'None'
    bypass         = "AzureServices"

    # The list of allowed ip addresses.
    ip_rules       = ["1.1.1.1","2.2.2.2"]

  }
}
相关问题
最新问题