Open schwichti opened 1 year ago
This is a needed change. It is common to have a centrally managed providing resource and multiple consuming resources. Ideally, the consuming resources can grant themselves access to the providing resource by attaching their own firewall rules and permissions. For permissions, it is possible to use a separate azurerm_key_vault_access_policy
or an azurerm_role_assignment
(depending of the authorization model) to achieve said behaviour. However, for network access, this is currently not possible. It would be great to have a separate azurerm_keyvault_firewall_rule
resource that allows adding IPs
and/or subnets
to the ACL of the keyvault. For reference, this is possible with storage accounts using the azurerm_storage_account_network_rules resource and for sql servers using the azurerm_mssql_virtual_network_rule
. It would be great if Key Vault had the same capabilities.
Is there an existing issue for this?
Community Note
Description
I want to manage my keyvault and secrets outside of Terraform, but would like to add firewall rules to the existing keyvault.
New or Affected Resource(s)/Data Source(s)
azurerm_keyvault_firewall_rule
Potential Terraform Configuration
References
No response