attach nat to all subnets

examples/azure/sonar_deployment/networking.tf

@@ -81,12 +81,13 @@ resource "azurerm_nat_gateway" "nat_gw" {
   idle_timeout_in_minutes = 10
 }
 
-resource "azurerm_subnet_nat_gateway_association" "nat_gw_vnet_association" {
-  subnet_id      = module.network[0].vnet_subnets[0]
-  nat_gateway_id = azurerm_nat_gateway.nat_gw.id
-}
-
 resource "azurerm_nat_gateway_public_ip_association" "nat_gw_public_ip_association" {
   nat_gateway_id       = azurerm_nat_gateway.nat_gw.id
   public_ip_address_id = azurerm_public_ip.nat_gw_public_ip.id
 }
+
+resource "azurerm_subnet_nat_gateway_association" "nat_gw_vnet_association" {
+  count          = length(local.subnet_prefixes)
+  subnet_id      = module.network[0].vnet_subnets[count.index]
+  nat_gateway_id = azurerm_nat_gateway.nat_gw.id
+}

modules/azurerm/agentless-gw/variables.tf

@@ -35,13 +35,16 @@ variable "subnet_id" {
   }
 }
 
-
 variable "security_group_ids" {
   type        = list(string)
-  description = "AWS security group Ids to attach to the instance. If provided, no security groups are created and all allowed_*_cidrs variables are ignored."
+  description = "Security group ids to attach to the instance. If provided, no security groups are created and all allowed_*_cidrs variables are ignored."
+  validation {
+    condition     = length(var.security_group_ids) == 0 || length(var.security_group_ids) == 1
+    error_message = "Can't contain more than a single element"
+  }
   validation {
-    condition     = alltrue([for item in var.security_group_ids : substr(item, 0, 3) == "sg-"])
-    error_message = "One or more of the security group Ids list is invalid. Each item should be in the format of 'sg-xx..xxx'"
+    condition     = alltrue([for item in var.security_group_ids : can(regex(".*Microsoft.Network/networkSecurityGroups/.*", item))])
+    error_message = "One or more of the security group ids list is invalid. Each item should match the pattern '.*Microsoft.Network/networkSecurityGroups/<network-security-group-name>"
   }
   default = []
 }

modules/azurerm/hub/variables.tf

@@ -37,10 +37,14 @@ variable "subnet_id" {
 
 variable "security_group_ids" {
   type        = list(string)
-  description = "Security group Ids to attach to the instance. If provided, no security groups are created and all allowed_*_cidrs variables are ignored."
+  description = "Security group ids to attach to the instance. If provided, no security groups are created and all allowed_*_cidrs variables are ignored."
   validation {
-    condition     = alltrue([for item in var.security_group_ids : substr(item, 0, 3) == "sg-"])
-    error_message = "One or more of the security group Ids list is invalid. Each item should be in the format of 'sg-xx..xxx'"
+    condition     = length(var.security_group_ids) == 0 || length(var.security_group_ids) == 1
+    error_message = "Can't contain more than a single element"
+  }
+  validation {
+    condition     = alltrue([for item in var.security_group_ids : can(regex(".*Microsoft.Network/networkSecurityGroups/.*", item))])
+    error_message = "One or more of the security group ids list is invalid. Each item should match the pattern '.*Microsoft.Network/networkSecurityGroups/<network-security-group-name>"
   }
   default = []
 }

modules/azurerm/sonar-base-instance/variables.tf

@@ -46,7 +46,7 @@ variable "security_groups_config" {
 
 variable "security_group_ids" {
   type        = list(string)
-  description = "AWS security group Ids to attach to the instance. If provided, no security groups are created and all allowed_*_cidrs variables are ignored."
+  description = "security group ids to attach to the instance. If provided, no security groups are created and all allowed_*_cidrs variables are ignored."
   validation {
     condition     = length(var.security_group_ids) == 0 || length(var.security_group_ids) == 1
     error_message = "Can't contain more than a single element"