Hello @Kaushalendra Kumar ,
Thank you for the update.
I understand that you would like to add IP groups in your firewall policy rule collection group using Terraform.
I couldn't find any existing code block to do this using Terraform but if we look into the resource "azurerm_firewall_network_rule_collection", we can see it supports source_ip_groups & destination_ip_groups arguments in the form of IP Group IDs for the rule.
The resource "azurerm_firewall_policy_rule_collection_group" contains the Network/NAT/Application rule collections and that is where you specify the IP groups.
1) Create an Azure IP Group.
Refer : https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/ip_group
2)Create "azurerm_firewall_policy_rule_collection_group" with Network/NAT/Application rule collections which has reference to the above created IP group by it's resource ID.
Refer : https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall_policy_rule_collection_group
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/firewall_network_rule_collection
Example Code Block:
resource "azurerm_firewall_policy_rule_collection_group" "example" {
name = "example-fwpolicy-rcg"
firewall_policy_id = azurerm_firewall_policy.example.id
priority = 500
network_rule_collection {
name = "network_rule_collection1"
priority = 400
action = "Deny"
rule {
name = "network_rule_collection1_rule1"
protocols = ["TCP", "UDP"]
source_addresses = []
destination_addresses = []
destination_ports = ["80"]
source_ip_groups = ["/subscriptions/xxx/resourceGroups/xxxRG/providers/Microsoft.Network/ipGroups/sipgxxx"]
destination_ip_groups = ["/subscriptions/xxx/resourceGroups/xxxRG/providers/Microsoft.Network/ipGroups/dipgxxx"]
}
}
ARM template reference : https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.network/azurefirewall-create-with-firewallpolicy-ipgroups
Kindly let us know if the above helps or you need further assistance on this issue.
Please "Accept the answer" if the information helped you. This will help us and others in the community as well.