Corrected security rule definitions

ColinBeebyHEE · ColinBeebyHEE · commit fbe95e3604d5 · 2025-07-01T10:56:20.000+01:00
diff --git a/LearningHub.Nhs.MessageQueueProcessor/Terraform/main.tf b/LearningHub.Nhs.MessageQueueProcessor/Terraform/main.tf
@@ -74,160 +74,126 @@ resource "azurerm_network_security_group" "nsg" {
     priority                   = 101
     protocol                   = "*"
     destinationPortRange       = "*"
-    destinationPortRanges"     = []
+    destinationPortRanges      = []
     destinationAddressPrefix   = "10.0.1.0/24"
-    destinationAddressPrefixes": []
+    destinationAddressPrefixes = []
     sourceAddressPrefix        =  "*"
     sourceAddressPrefixes      = []
     sourcePortRange            = "*"
     sourcePortRanges           = []
   }
   security_rule {
-    access  = "Allow",
-    description  = "Allow MI internal inbound traffic",
-    destinationAddressPrefix  = "10.0.1.0/24",
-    destinationAddressPrefixes": [],
-    destinationPortRange  = "*",
-    destinationPortRanges": [],
-    direction  = "Inbound",
-    etag  = "W/\"ced64a9b-9b81-4d82-8a67-5e98052479e8\"",
-    id  = "/subscriptions/66516f71-f3d4-4911-b900-c6e4690a5b15/resourceGroups/LearningHub-MessageQueueProcessor-Dev/providers/Microsoft.Network/networkSecurityGroups/ManagedInstanceNSG/securityRules/Microsoft.Sql-managedInstances_UseOnly_mi-internal-in-10-0-1-0-24-v11",
-    name  = "Microsoft.Sql-managedInstances_UseOnly_mi-internal-in-10-0-1-0-24-v11",
-    priority": 101,
-    protocol  = "*",
-    provisioningState  = "Succeeded",
-    resourceGroup  = "LearningHub-MessageQueueProcessor-Dev",
-    sourceAddressPrefix  = "10.0.1.0/24",
-    sourceAddressPrefixes": [],
-    sourcePortRange  = "*",
-    sourcePortRanges": [],
-    type  = "Microsoft.Network/networkSecurityGroups/securityRules"
+    name                       = "Microsoft.Sql-managedInstances_UseOnly_mi-internal-in-10-0-1-0-24-v11",
+    description                = "Allow MI internal inbound traffic",
+    direction                  = "Inbound",
+    access                     = "Allow",
+    priority                   = 101,
+    protocol                   = "*",
+    destinationPortRange       = "*",
+    destinationPortRanges      = [],
+    destinationAddressPrefix   = "10.0.1.0/24",
+    destinationAddressPrefixes =  [],
+    sourceAddressPrefix        = "10.0.1.0/24",
+    sourceAddressPrefixes      = [],
+    sourcePortRange            = "*",
+    sourcePortRanges           = []
   }
   security_rule {
-    access  = "Allow",
-    description  = "Allow communication with Azure Active Directory over https",
-    destinationAddressPrefix  = "AzureActiveDirectory",
-    destinationAddressPrefixes": [],
-    destinationPortRange  = "443",
-    destinationPortRanges": [],
-    direction  = "Outbound",
-    etag  = "W/\"ced64a9b-9b81-4d82-8a67-5e98052479e8\"",
-    id  = "/subscriptions/66516f71-f3d4-4911-b900-c6e4690a5b15/resourceGroups/LearningHub-MessageQueueProcessor-Dev/providers/Microsoft.Network/networkSecurityGroups/ManagedInstanceNSG/securityRules/Microsoft.Sql-managedInstances_UseOnly_mi-aad-out-10-0-1-0-24-v11",
-    name  = "Microsoft.Sql-managedInstances_UseOnly_mi-aad-out-10-0-1-0-24-v11",
-    priority": 101,
-    protocol  = "Tcp",
-    provisioningState  = "Succeeded",
-    resourceGroup  = "LearningHub-MessageQueueProcessor-Dev",
-    sourceAddressPrefix  = "10.0.1.0/24",
-    sourceAddressPrefixes": [],
-    sourcePortRange  = "*",
-    sourcePortRanges": [],
-    type  = "Microsoft.Network/networkSecurityGroups/securityRules"
+    name                       = "Microsoft.Sql-managedInstances_UseOnly_mi-aad-out-10-0-1-0-24-v11",
+    description                = "Allow communication with Azure Active Directory over https",
+    direction                  = "Outbound",
+    access                     = "Allow",
+    priority                   = 101,
+    protocol                   = "Tcp",
+    destinationAddressPrefix   = "AzureActiveDirectory",
+    destinationAddressPrefixes =  [],
+    destinationPortRange       = "443",
+    destinationPortRanges      = [],
+    sourceAddressPrefix        = "10.0.1.0/24",
+    sourceAddressPrefixes      = [],
+    sourcePortRange            = "*",
+    sourcePortRanges           = []
   }
   security_rule {
-    access  = "Allow",
-    description  = "Allow communication with the One DS Collector over https",
-    destinationAddressPrefix  = "OneDsCollector",
-    destinationAddressPrefixes": [],
-    destinationPortRange  = "443",
-    destinationPortRanges": [],
-    direction  = "Outbound",
-    etag  = "W/\"ced64a9b-9b81-4d82-8a67-5e98052479e8\"",
-    id  = "/subscriptions/66516f71-f3d4-4911-b900-c6e4690a5b15/resourceGroups/LearningHub-MessageQueueProcessor-Dev/providers/Microsoft.Network/networkSecurityGroups/ManagedInstanceNSG/securityRules/Microsoft.Sql-managedInstances_UseOnly_mi-onedsc-out-10-0-1-0-24-v11",
-    name  = "Microsoft.Sql-managedInstances_UseOnly_mi-onedsc-out-10-0-1-0-24-v11",
-    priority": 102,
-    protocol  = "Tcp",
-    provisioningState  = "Succeeded",
-    resourceGroup  = "LearningHub-MessageQueueProcessor-Dev",
-    sourceAddressPrefix  = "10.0.1.0/24",
-    sourceAddressPrefixes": [],
-    sourcePortRange  = "*",
-    sourcePortRanges": [],
-    type  = "Microsoft.Network/networkSecurityGroups/securityRules"
+    name                       = "Microsoft.Sql-managedInstances_UseOnly_mi-onedsc-out-10-0-1-0-24-v11",
+    description                = "Allow communication with the One DS Collector over https",
+    access                     = "Allow",
+    direction                  = "Outbound",
+    priority                   =  102,
+    protocol                   = "Tcp",
+    destinationAddressPrefix   = "OneDsCollector",
+    destinationAddressPrefixes = [],
+    destinationPortRange       = "443",
+    destinationPortRanges      = [],
+    sourceAddressPrefix        = "10.0.1.0/24",
+    sourceAddressPrefixes      = [],
+    sourcePortRange            = "*",
+    sourcePortRanges           = []
   }
   security_rule {
-    access  = "Allow",
-    description  = "Allow MI internal outbound traffic",
-    destinationAddressPrefix  = "10.0.1.0/24",
-    destinationAddressPrefixes": [],
-    destinationPortRange  = "*",
-    destinationPortRanges": [],
-    direction  = "Outbound",
-    etag  = "W/\"ced64a9b-9b81-4d82-8a67-5e98052479e8\"",
-    id  = "/subscriptions/66516f71-f3d4-4911-b900-c6e4690a5b15/resourceGroups/LearningHub-MessageQueueProcessor-Dev/providers/Microsoft.Network/networkSecurityGroups/ManagedInstanceNSG/securityRules/Microsoft.Sql-managedInstances_UseOnly_mi-internal-out-10-0-1-0-24-v11",
-    name  = "Microsoft.Sql-managedInstances_UseOnly_mi-internal-out-10-0-1-0-24-v11",
-    priority": 103,
-    protocol  = "*",
-    provisioningState  = "Succeeded",
-    resourceGroup  = "LearningHub-MessageQueueProcessor-Dev",
-    sourceAddressPrefix  = "10.0.1.0/24",
-    sourceAddressPrefixes": [],
-    sourcePortRange  = "*",
-    sourcePortRanges": [],
-    type  = "Microsoft.Network/networkSecurityGroups/securityRules"
+    name                       = "Microsoft.Sql-managedInstances_UseOnly_mi-internal-out-10-0-1-0-24-v11",
+    description                = "Allow MI internal outbound traffic",
+    access                     = "Allow",
+    direction                  = "Outbound",
+    priority                   = 103,
+    protocol                   = "*",
+    destinationAddressPrefix   = "10.0.1.0/24",
+    destinationAddressPrefixes = [],
+    destinationPortRange       = "*",
+    destinationPortRanges      = [],
+    sourceAddressPrefix        = "10.0.1.0/24",
+    sourceAddressPrefixes      = [],
+    sourcePortRange            = "*",
+    sourcePortRanges           = [],
   }
   security_rule {
-    access  = "Allow",
-    description  = "Allow outbound communication with storage over HTTPS",
-    destinationAddressPrefix  = "Storage.uksouth",
-    destinationAddressPrefixes": [],
-    destinationPortRange  = "443",
-    destinationPortRanges": [],
-    direction  = "Outbound",
-    etag  = "W/\"ced64a9b-9b81-4d82-8a67-5e98052479e8\"",
-    id  = "/subscriptions/66516f71-f3d4-4911-b900-c6e4690a5b15/resourceGroups/LearningHub-MessageQueueProcessor-Dev/providers/Microsoft.Network/networkSecurityGroups/ManagedInstanceNSG/securityRules/Microsoft.Sql-managedInstances_UseOnly_mi-strg-p-out-10-0-1-0-24-v11",
-    name  = "Microsoft.Sql-managedInstances_UseOnly_mi-strg-p-out-10-0-1-0-24-v11",
-    priority": 104,
-    protocol  = "*",
-    provisioningState  = "Succeeded",
-    resourceGroup  = "LearningHub-MessageQueueProcessor-Dev",
-    sourceAddressPrefix  = "10.0.1.0/24",
-    sourceAddressPrefixes": [],
-    sourcePortRange  = "*",
-    sourcePortRanges": [],
-    type  = "Microsoft.Network/networkSecurityGroups/securityRules"
+    name                       = "Microsoft.Sql-managedInstances_UseOnly_mi-strg-p-out-10-0-1-0-24-v11",
+    description                = "Allow outbound communication with storage over HTTPS",
+    access                     = "Allow",
+    direction                  = "Outbound",
+    priority                   = 104,
+    protocol                   = "*",
+    destinationAddressPrefix   = "Storage.uksouth",
+    destinationAddressPrefixes = [],
+    destinationPortRange       = "443",
+    destinationPortRanges      = [],
+    sourceAddressPrefix        = "10.0.1.0/24",
+    sourceAddressPrefixes      = [],
+    sourcePortRange            = "*",
+    sourcePortRanges           = [],
   }
   security_rule {
-    access  = "Allow",
-    description  = "Allow outbound communication with storage over HTTPS",
-    destinationAddressPrefix  = "Storage.ukwest",
-    destinationAddressPrefixes": [],
-    destinationPortRange  = "443",
-    destinationPortRanges": [],
-    direction  = "Outbound",
-    etag  = "W/\"ced64a9b-9b81-4d82-8a67-5e98052479e8\"",
-    id  = "/subscriptions/66516f71-f3d4-4911-b900-c6e4690a5b15/resourceGroups/LearningHub-MessageQueueProcessor-Dev/providers/Microsoft.Network/networkSecurityGroups/ManagedInstanceNSG/securityRules/Microsoft.Sql-managedInstances_UseOnly_mi-strg-s-out-10-0-1-0-24-v11",
-    name  = "Microsoft.Sql-managedInstances_UseOnly_mi-strg-s-out-10-0-1-0-24-v11",
-    priority": 105,
-    protocol  = "*",
-    provisioningState  = "Succeeded",
-    resourceGroup  = "LearningHub-MessageQueueProcessor-Dev",
-    sourceAddressPrefix  = "10.0.1.0/24",
-    sourceAddressPrefixes": [],
-    sourcePortRange  = "*",
-    sourcePortRanges": [],
-    type  = "Microsoft.Network/networkSecurityGroups/securityRules"
+    name                       = "Microsoft.Sql-managedInstances_UseOnly_mi-strg-s-out-10-0-1-0-24-v11",
+    description                = "Allow outbound communication with storage over HTTPS",
+    access                     = "Allow",
+    direction                  = "Outbound",
+    priority                   = 105,
+    protocol                   = "*",
+    provisioningState          = "Succeeded",
+    destinationAddressPrefix   = "Storage.ukwest",
+    destinationAddressPrefixes = [],
+    destinationPortRange       = "443",
+    destinationPortRanges      = [],
+    sourceAddressPrefix        = "10.0.1.0/24",
+    sourceAddressPrefixes      = [],
+    sourcePortRange            = "*",
+    sourcePortRanges           = []
   }
   security_rule {
-    access  = "Allow",
-    description  = "Allow AzureCloud outbound https traffic",
-    destinationAddressPrefix  = "AzureCloud",
-    destinationAddressPrefixes": [],
-    destinationPortRange  = "443",
-    destinationPortRanges": [],
-    direction  = "Outbound",
-    etag  = "W/\"ced64a9b-9b81-4d82-8a67-5e98052479e8\"",
-    id  = "/subscriptions/66516f71-f3d4-4911-b900-c6e4690a5b15/resourceGroups/LearningHub-MessageQueueProcessor-Dev/providers/Microsoft.Network/networkSecurityGroups/ManagedInstanceNSG/securityRules/Microsoft.Sql-managedInstances_UseOnly_mi-optional-azure-out-10-0-1-0-24",
-    name  = "Microsoft.Sql-managedInstances_UseOnly_mi-optional-azure-out-10-0-1-0-24",
-    priority": 100,
-    protocol  = "Tcp",
-    provisioningState  = "Succeeded",
-    resourceGroup  = "LearningHub-MessageQueueProcessor-Dev",
-    sourceAddressPrefix  = "10.0.1.0/24",
-    sourceAddressPrefixes": [],
-    sourcePortRange  = "*",
-    sourcePortRanges": [],
-    type  = "Microsoft.Network/networkSecurityGroups/securityRules"
+    name                       = "Microsoft.Sql-managedInstances_UseOnly_mi-optional-azure-out-10-0-1-0-24",
+    description                = "Allow AzureCloud outbound https traffic",
+    access                     = "Allow",
+    direction                  = "Outbound",
+    priority                   = 100,
+    protocol                   = "Tcp",
+    destinationAddressPrefix   = "AzureCloud",
+    destinationAddressPrefixes =  [],
+    destinationPortRange       = "443",
+    destinationPortRanges      = [],
+    sourceAddressPrefix        = "10.0.1.0/24",
+    sourceAddressPrefixes      = [],
+    sourcePortRange            = "*",
+    sourcePortRanges           = []
   }
 }
 
