From 7567a0433bc9a9656c93ecf573fd0ab51a4ee8ad Mon Sep 17 00:00:00 2001
From: "Xavier Pillons (MSFT)" <xpillons@microsoft.com>
Date: Fri, 29 Mar 2024 15:10:49 +0100
Subject: [PATCH] fiw when no bastion is specified

---
 tf/network_security_group.tf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tf/network_security_group.tf b/tf/network_security_group.tf
index cb8472e1..506d0354 100644
--- a/tf/network_security_group.tf
+++ b/tf/network_security_group.tf
@@ -108,7 +108,7 @@ resource "azurerm_subnet_network_security_group_association" "netapp" {
 }
 
 resource "azurerm_subnet_network_security_group_association" "bastion" {
-  count                     = local.create_nsg ? 1 : 0
+  count                     = local.create_nsg ? (local.no_bastion_subnet ? 0 : 1) : 0
   subnet_id                 = local.create_bastion_subnet ? azurerm_subnet.bastion[0].id : data.azurerm_subnet.bastion[0].id
   network_security_group_id = azurerm_network_security_group.common[0].id
 }