Skip to content

Terraform Syntax Error in Application Gateway NSG Rule - destination_address_prefixes #35

New issue
New issue
Open
#32
Open
Terraform Syntax Error in Application Gateway NSG Rule - destination_address_prefixes#35
#32
Labels
Needs: Immediate Attention ‼️Immediate attention of module owner / AVM team is neededNeeds: Triage 🔍Maintainers need to triage stillStatus: Response Overdue 🚩When an issue/PR has not been responded to for X amount of days
@ckellywilson

Description

@ckellywilson
ckellywilson
opened on Oct 27, 2025

Summary

The Application Gateway Network Security Group (NSG) management rule appgw_rule01 uses incorrect Terraform azurerm provider syntax for the destination address configuration, causing Terraform validation errors during deployment.

Problem Description

In the Application Gateway NSG configuration file locals.networking.nsgs.tf, the management rule incorrectly uses:

# Current (Incorrect) Configuration
destination_address_prefixes = "*"  # ❌ Wrong property name for single value

When specifying a single destination address value like "*", the correct Terraform azurerm provider property name is destination_address_prefix (singular), not destination_address_prefixes (plural).

Technical Details

  • Property Issue: destination_address_prefixes expects an array of strings ["*"]
  • Correct Usage: For a single wildcard value "*", use destination_address_prefix (singular)
  • Terraform Provider: azurerm provider syntax requirements
  • Azure Compliance: The rule should allow all destinations ("*") as per Microsoft documentation

Error Impact

  • Terraform Validation Failures: The deployment fails with Terraform syntax validation errors
  • Module Unusability: Users cannot successfully apply the Terraform module
  • CI/CD Pipeline Failures: Automated deployments fail during the validation phase
  • Developer Experience: Inconsistent and confusing error messages during development

Expected Behavior

The Application Gateway NSG management rule should:

  1. Use correct Terraform azurerm provider syntax
  2. Successfully pass Terraform validation
  3. Allow management traffic to all destinations as required by Azure Application Gateway
  4. Deploy without syntax errors

Current Configuration

  • File: locals.networking.nsgs.tf
  • Rule: appgw_rule01 (Allow-AppGW_Management)
  • Current property: destination_address_prefixes = "*"
  • Port Range: 65200-65535
  • Direction: Inbound

Required Fix

Update the property name in the NSG rule configuration:

# Correct Configuration
destination_address_prefix = "*"  # ✅ Correct property name for single value

Validation

The fix should:

  • ✅ Pass Terraform validation (terraform validate)
  • ✅ Pass Terraform plan without errors
  • ✅ Maintain security compliance with Azure Application Gateway requirements
  • ✅ Allow proper management traffic on ports 65200-65535 from GatewayManager service tag

References

Priority

Medium - This is a syntax error that prevents successful deployment but doesn't affect existing deployments.

Labels

  • bug
  • terraform
  • syntax-error
  • application-gateway
  • nsg
  • infrastructure

Metadata

Metadata

Assignees

No one assigned

    Labels

    Needs: Immediate Attention ‼️Immediate attention of module owner / AVM team is neededNeeds: Triage 🔍Maintainers need to triage stillStatus: Response Overdue 🚩When an issue/PR has not been responded to for X amount of days

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions