feat: 1.2.0 add option to enforce network_rules on storage account

radomarina · radomarina · commit e23416945073 · 2024-11-12T13:12:16.000+02:00
diff --git a/eventdriven.tf b/eventdriven.tf
@@ -13,6 +13,13 @@ resource "azurerm_storage_account" "current" {
   location                         = var.location
   name                             = "${module.naming.storage_account.name}${var.prefix != "" ? regex("\\w+", var.prefix) : ""}firefly${var.suffix != "" ? regex("\\w+", var.suffix) : ""}"
   resource_group_name              = local.resource_group_name
+  dynamic "network_rules" {
+    for_each = var.enforce_storage_network_rules ? [1] : []
+    content {
+      default_action = "Deny"
+      ip_rules = var.firefly_eips
+    }
+  }
   tags                             = local.tags
 }
 
diff --git a/vars.tf b/vars.tf
@@ -110,6 +110,11 @@ variable "client_secret" {
   type = string
 }
 
+variable "enforce_storage_network_rules" {
+  type = bool
+  default = false
+}
+
 variable "firefly_eips" {
   type = list(string)
   default = [
