如何使用Terraform设置安全组规则描述?
[英]How can I set the security group rule description with Terraform?
问题描述
It looks like you can now set security group rule descriptions . 
看来您现在可以设置安全组规则描述 。 This is super useful for maintaining whitelists for administrative access. 这对于维护用于管理访问的白名单非常有用。
I can set the description in the AWS console but can't figure out how to set it with Terraform. 我可以在AWS控制台中设置描述,但无法弄清楚如何使用Terraform进行描述。
My assumption was that if the AWS API allows for it, Terraform can just do it without explicit support for it in the Terraform code. 我的假设是,如果AWS API允许这样做,则Terraform可以在没有Terraform代码中显式支持的情况下完成此任务。 Perhaps that's wishful thinking and we'll have to wait for Terraform to support the new feature, or perhaps I'm just doing it wrong. 也许那是一厢情愿的想法,我们将不得不等待Terraform支持该新功能,或者我只是做错了。
I tried simply declaring the description property in the rule declaration (like you would for the description of the security group itself): 我尝试仅在规则声明中声明description属性(就像对安全组本身的描述一样):
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["123.456.789.123"]
description = "some rule description"
}
Terraform bails in the plan stage with: Terraform在计划阶段使用以下方法来保全:
aws_security_group.somegroup: ingress.0: invalid or unknown key: description
I also tried setting tags within the rule declaration (like you would for setting the name of the security group): 我还尝试在规则声明中设置标签(就像设置安全组名称一样):
ingress {
from_port = 22
...
tags {
"Description" = "some rule description"
}
}
Terraform bails in the plan stage with: Terraform在计划阶段使用以下方法来保全:
aws_security_group.somegroup: ingress.0: invalid or unknown key: tags
2 个解决方案
解决方案1
1 2017-08-31 22:16:06
Seems that you do not use Terraform api correctly. 似乎您没有正确使用Terraform api。
You can not set description to aws_security_group_rule resource. 您无法将description设置为aws_security_group_rule资源。
aws_security_group_rule on Terraform.io Terraform.io上的aws_security_group_rule
resource "aws_security_group_rule" "allow_all" {
type = "ingress"
from_port = 0
to_port = 65535
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
prefix_list_ids = ["pl-12c4e678"]
security_group_id = "sg-123456"
}
You can set description to aws_security_group resource. 您可以将description设置为aws_security_group资源。
aws_security_group on Terraform.io Terraform.io上的aws_security_group
From their Docs: 从他们的文档中:
resource "aws_security_group" "allow_all" {
name = "allow_all"
description = "Allow all inbound traffic"
ingress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
prefix_list_ids = ["pl-12c4e678"]
}
}
aws_security_group 's description property should be declared outside of ingress and egress declarations, in its root scope aws_security_group的description属性应在其根范围内的ingress和egress声明之外声明
解决方案2
1 已采纳 2017-12-12 12:13:07
截至目前,您的代码应该是有效的。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.