Adds IP whitelisting to storage buckets

terraform/modules/bucket/main.tf

@@ -13,7 +13,7 @@ resource "azurerm_storage_account" "bucket" {
   network_rules {
     default_action             = var.policy
     virtual_network_subnet_ids = var.subnet_ids
-    #ip_rules = ["66.220.238.246/30"]
+    ip_rules                   = values(var.whitelist)
   }
 }
 

terraform/modules/bucket/variables.tf

@@ -40,3 +40,9 @@ variable "policy" {
   default     = "Deny"
   type        = string
 }
+
+variable "whitelist" {
+  type        = map
+  description = "A map of whitelisted IPs and CIDR ranges. For single IPs, Azure expects just the IP, NOT a /32."
+  default     = {}
+}