Support for specifying existing public IP id instead of having module generate it

[ArunasFalcon]

Is there an existing issue for this?

• I have searched the existing issues

Description

For some firewall policy rules it's necessary to know the firewall public IP. This creates a circular dependency:

• FW public IP created by this module
• needs to be referenced in firewall policy / rule collections
• firewall policy / rule collections must already exist to be assigned to firewall when creating it through this module

New or Affected Resource(s)/Data Source(s)

avm_ptn_hubnetworking (module hub_firewalls in main.firewall.tf)

Potential Terraform Configuration

Suggestion:

Update firewall / ip_configurations / public_ip_config block, add parameter public_ip_id, in the module code if the public_ip_id value is set simply directly assign it to the firewall and disregard any other params in the block, if it's not set proceed with IP creation like it's done right now.

Note: the avm-res-network-azurefirewall module already supports directly passing a public IP resource id, see here: https://github.com/Azure/terraform-azurerm-avm-res-network-azurefirewall/blob/main/variables.tf in "firewall_ip_configuration"

References

No response

[matt-FFFFFF]

Thanks for raising @ArunasFalcon we will prioritize

[ArunasFalcon]

@matt-FFFFFF I have actually already forked the repo and implemented the change. I'm still testing deployment but could do a PR soon.

[matt-FFFFFF]

That would be fantastic - many thanks!