terraform.azure.automation/modules/azure_nsg/main.tf

terraform {
  required_version = "~> 0.12.21"
  required_providers {
    azurerm = "~> 1.44"
  }
}

resource "azurerm_network_security_group" "aznsg" {
  count = length(var.nsgs)

  name                = var.nsgs[count.index].name
  resource_group_name = var.nsgs[count.index].resource_group_name
  location            = var.nsgs[count.index].location
  tags                = var.nsgs[count.index].tags

  dynamic "security_rule" {
    for_each = var.nsgs[count.index].security_rules
    content {
      name                                = security_rule.key
      description                         = security_rule.value.description
      protocol                            = security_rule.value.protocol #Tcp, Udp, Icmp, or *
      source_port_range                   = security_rule.value.source_port_range # [Integer or range between 0 and 65535 or *]
      destination_port_range              = security_rule.value.destination_port_range # [Integer or range between 0 and 65535 or *]
      source_address_prefix               = security_rule.value.source_address_prefix # [CIDR or destination IP range or * or tags such as ‘VirtualNetwork’, ‘AzureLoadBalancer’ and ‘Internet’ ]
      destination_address_prefix          = security_rule.value.destination_address_prefix # [CIDR or destination IP range or * or tags such as ‘VirtualNetwork’, ‘AzureLoadBalancer’ and ‘Internet’ ]
      access                              = security_rule.value.access #Allow or Deny
      priority                            = security_rule.value.priority
      direction                           = security_rule.value.direction #Inbound or Outbound.
    }
  }
  depends_on = [var.aznsg_depends_on]
}