resource "azurerm_network_security_group" "aci" { name = "${var.nsg_name}-aci" location = var.location resource_group_name = var.resource_group_name tags = var.tags security_rule { name = "AllowStorage" priority = 3000 direction = "Outbound" access = "Allow" protocol = "*" source_port_range = "*" destination_port_range = "*" source_address_prefix = "VirtualNetwork" destination_address_prefix = "Storage" } security_rule { name = "DenyPrivateEndpoints" priority = 3096 direction = "Outbound" access = "Deny" protocol = "*" source_port_range = "*" destination_port_range = "*" source_address_prefix = "*" destination_address_prefix = "10.6.3.0/24" } security_rule { name = "AllowInternet" priority = 4096 direction = "Outbound" access = "Allow" protocol = "*" source_port_range = "*" destination_port_range = "*" source_address_prefix = "*" destination_address_prefix = "Internet" } } resource "azurerm_subnet_network_security_group_association" "aci_association" { count = length(var.aci_subnet_ids) subnet_id = var.aci_subnet_ids[count.index] network_security_group_id = azurerm_network_security_group.aci.id }