Question 238651 in Azure Question posted in
The official documentation to get you started can be found here.

Error while provisioning Azure resources with Terraform using Azure Services

My code to create a Terraform configuration.

Code:

resource "azurerm_resource_group" "example" {
  name     = "example-resource-group"
  location = "West US"
}

resource "azurerm_virtual_network" "example" {
  name                = "example-vnet"
  address_space       = ["10.0.0.0/16"]
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
}

resource "azurerm_subnet" "example" {
  name                 = "example-subnet"
  resource_group_name  = azurerm_resource_group.example.name
  virtual_network_name = azurerm_virtual_network.example.name
  address_prefixes     = ["10.0.1.0/24"]
}

resource "azurerm_network_security_group" "example" {
  name                = "example-nsg"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
}

resource "azurerm_network_security_rule" "example" {
  name                        = "example-nsg-rule"
  priority                    = 100
  direction                   = "Inbound"
  access                      = "Allow"
  protocol                    = "Tcp"
  source_port_range           = "*"
  destination_port_range      = "22"
  source_address_prefix       = "*"
  destination_address_prefix  = "*"
  resource_group_name         = azurerm_resource_group.example.name
  network_security_group_name = azurerm_network_security_group.example.name
}

My error here is

Error: Error creating/updating Network Security Rule
"example-nsg-rule" (Resource Group "example-resource-group"):
network.SecurityRulesClient#CreateOrUpdate: Failure sending request:
StatusCode=400 — Original Error: Code="InvalidRequestFormat"
Message="Cannot parse the request." Details=[{"Message":"The request
body is invalid. Please provide a valid request body."}]

I suspect there might be an issue with the configuration or a missing parameter.
Could someone please review the code and provide insights into the error?

Tags:

2

Answers


  1. 0

    OK, so normally in a single terraform file the order of declaration is not important, but before you create a security rule make sure NSG and resource group exist or is declared before.

    I also saw an alert in their documentation regarding this:

    Terraform currently provides both a standalone Network Security Rule resource, and allows for Network Security Rules to be defined in-line within the Network Security Group resource. At this time you cannot use a Network Security Group with in-line Network Security Rules in conjunction with any Network Security Rule resources. Doing so will cause a conflict of rule settings and will overwrite rules.

    Login or Signup to reply.
  2. 0

    I Tried to provision the resources with terraform using the following code and was able to provision the resources without any issues with some changes in the code.

    Based on the error message provided, there might be an issue with the request body for the network security rule. Upon reviewing the destination_Address_prefixes parameter in the azurerm_security_rule resource block this parameter specifies the destination IP address range for the network security rule.

    To overcome this we need to specify the destination_address_prefixes parameter with a valid IP address range.

    My terraform configuration:

    provider "azurerm" {
 features{}
}

data "azurerm_resource_group" "main" {
  name = "v-bolliv"
}
resource "azurerm_virtual_network" "vnet"{
  name                = "demovk-vnet"
  address_space = ["10.0.0.0/16"]
  location            = data.azurerm_resource_group.main.location
  resource_group_name = data.azurerm_resource_group.main.name
}
resource "azurerm_subnet" "snet' {
  name = "demosubnetvk"
  resource_group_name = data.azurerm_resource_group.main.name
  virtual network_name = azurerm_virtual_network.name
  address_prefixes = ["10.0.0.0/24"]
}
resource "azurerm_network_security_group" "example" {
  name                = "acceptanceTestSecurityGroup1"
  location            = data.azurerm_resource_group.main.location
  resource_group_name = data.azurerm_resource_group.main.name
}
resource "azurerm_network_security_rule" "example" {
  name                        = "demovk1901"
  priority                    = 100
  direction                   = "Inbound"
  access                      = "Allow"
  protocol                    = "Tcp"
  source_port_range           = "*"
  destination_port_range      = "*"
  source_address_prefix       = "*"
  destination_address_prefixes  = ["10.0.0.0/24"]
  resource_group_name         = data.azurerm_resource_group.main.name
  network_security_group_name = azurerm_network_security_group.example.name
}

    Output

    enter image description here

    enter image description here

    Login or Signup to reply.
Please signup or login to give your own answer.

Back To Top
Search