Terraform で Web Apps の送信 IP アドレスを別の Web Apps のアクセス制限に入れてみた

provider "azurerm" {
  features {}
}

variable "prefix" {
  type    = string
  default = "mnrwebfn"
}

resource "azurerm_resource_group" "rg" {
  name     = "${var.prefix}-rg"
  location = "japaneast"
}

resource "azurerm_service_plan" "plan" {
  name                = "${var.prefix}-plan"
  resource_group_name = azurerm_resource_group.rg.name
  location            = azurerm_resource_group.rg.location
  os_type             = "Linux"
  sku_name            = "B1"
}

resource "azurerm_linux_web_app" "web" {
  name                = "${var.prefix}-web"
  resource_group_name = azurerm_resource_group.rg.name
  location            = azurerm_resource_group.rg.location
  service_plan_id     = azurerm_service_plan.plan.id

  site_config {}
}

resource "azurerm_linux_web_app" "fun" {
  name                = "${var.prefix}-fun"
  resource_group_name = azurerm_resource_group.rg.name
  location            = azurerm_resource_group.rg.location
  service_plan_id     = azurerm_service_plan.plan.id

  site_config {
    dynamic "ip_restriction" {
      for_each = azurerm_linux_web_app.web.possible_outbound_ip_address_list
      content {
        ip_address = "${ip_restriction.value}/32"
        priority   = index(azurerm_linux_web_app.web.possible_outbound_ip_address_list, ip_restriction.value) + 200
      }
    }
  }
}