[英]How can I set the security group rule description with Terraform?
It looks like you can now set security group rule descriptions . 看来您现在可以设置安全组规则描述 。 This is super useful for maintaining whitelists for administrative access.
这对于维护用于管理访问的白名单非常有用。
I can set the description in the AWS console but can't figure out how to set it with Terraform. 我可以在AWS控制台中设置描述,但无法弄清楚如何使用Terraform进行描述。
My assumption was that if the AWS API allows for it, Terraform can just do it without explicit support for it in the Terraform code. 我的假设是,如果AWS API允许这样做,则Terraform可以在没有Terraform代码中显式支持的情况下完成此任务。 Perhaps that's wishful thinking and we'll have to wait for Terraform to support the new feature, or perhaps I'm just doing it wrong.
也许那是一厢情愿的想法,我们将不得不等待Terraform支持该新功能,或者我只是做错了。
I tried simply declaring the description property in the rule declaration (like you would for the description of the security group itself): 我尝试仅在规则声明中声明description属性(就像对安全组本身的描述一样):
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["123.456.789.123"]
description = "some rule description"
}
Terraform bails in the plan stage with: Terraform在计划阶段使用以下方法来保全:
aws_security_group.somegroup: ingress.0: invalid or unknown key: description
aws_security_group.somegroup:入口0:无效或未知密钥:说明
I also tried setting tags within the rule declaration (like you would for setting the name of the security group): 我还尝试在规则声明中设置标签(就像设置安全组名称一样):
ingress {
from_port = 22
...
tags {
"Description" = "some rule description"
}
}
Terraform bails in the plan stage with: Terraform在计划阶段使用以下方法来保全:
aws_security_group.somegroup: ingress.0: invalid or unknown key: tags
aws_security_group.somegroup:ingress.0:无效或未知密钥:标签
Seems that you do not use Terraform api correctly. 似乎您没有正确使用Terraform api。
You can not set description
to aws_security_group_rule
resource. 您无法将
description
设置为aws_security_group_rule
资源。
aws_security_group_rule
on Terraform.io Terraform.io上的
aws_security_group_rule
resource "aws_security_group_rule" "allow_all" {
type = "ingress"
from_port = 0
to_port = 65535
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
prefix_list_ids = ["pl-12c4e678"]
security_group_id = "sg-123456"
}
You can set description
to aws_security_group
resource. 您可以将
description
设置为aws_security_group
资源。
aws_security_group
on Terraform.io Terraform.io上的
aws_security_group
From their Docs: 从他们的文档中:
resource "aws_security_group" "allow_all" {
name = "allow_all"
description = "Allow all inbound traffic"
ingress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
prefix_list_ids = ["pl-12c4e678"]
}
}
aws_security_group
's description
property should be declared outside of ingress
and egress
declarations, in its root scope aws_security_group
的description
属性应在其根范围内的ingress
和egress
声明之外声明
截至目前,您的代码应该是有效的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.