[英]invalid CIDR address in terraform aws_security_group resource with cidr_blocks from file
I'm trying to create a security group ingress rule from a file containing a list of CIDRs in the following format:我正在尝试从包含以下格式的 CIDR 列表的文件创建安全组入口规则:
"127.0.0.1/32",
"127.0.0.1/32",
"127.0.0.1/32"
The CIDRs are retrieved from the file as follows:从文件中检索 CIDR,如下所示:
cidrs = "${split(",", file("${path.module}/cidrs"))}"
and passed to the aws_security_group
resource as a (list) variable:并作为(列表)变量传递给aws_security_group
资源:
resource "aws_security_group" "test" {
...
ingress {
...
cidr_blocks = "${var.cidrs}"
}
}
running terraform plan
results in the following error:运行terraform plan
导致以下错误:
[ERROR] root.test: eval: *terraform.EvalValidateResource, err:
Warnings: []. Errors: [
"ingress.2.cidr_blocks.0" must contain a valid CIDR, got error parsing:
invalid CIDR address: "127.0.0.1/32"
"ingress.2.cidr_blocks.1" must contain a valid CIDR, got error parsing:
invalid CIDR address: "127.0.0.1/32"
"ingress.2.cidr_blocks.2" must contain a valid CIDR, got error parsing:
invalid CIDR address: "127.0.0.1/32"
]
So it seems like the contents or the file are converted into a list or 3 cidr blocks that look correct, but terraform fails to parse any of them.因此,内容或文件似乎被转换为一个列表或 3 个看起来正确的 cidr 块,但 terraform 无法解析其中任何一个。
However, if I assign cidr_blocks = ["127.0.0.1/32", "127.0.0.1/32", "127.0.0.1/32"]
everything seems to work fine.但是,如果我分配cidr_blocks = ["127.0.0.1/32", "127.0.0.1/32", "127.0.0.1/32"]
一切似乎都正常。
Assigning a list to the variable cidrs = ["127.0.0.1/32", "127.0.0.1/32", "127.0.0.1/32"]
works fine, as well.将列表分配给变量cidrs = ["127.0.0.1/32", "127.0.0.1/32", "127.0.0.1/32"]
可以正常工作。 The issue seems to be caused by ${split(",", file())
问题似乎是由${split(",", file())
[INFO] Terraform version: 0.11.0 ec9d4f1d0f90e8ec5148f94b6d634eb542a4f0ce+CHANGES
I was trying to allow traffic from ALB, where I need to pass another security group add to Allow traffic from ALB.我试图允许来自 ALB 的流量,我需要将另一个安全组添加到允许来自 ALB 的流量。 So my error was most similar to your question so adding as an answer might help someone else as I did not find well answer.所以我的错误与您的问题最相似,因此添加答案可能会帮助其他人,因为我没有找到很好的答案。
If you want to add another security group in the whitelist section so then it can help.如果您想在白名单部分添加另一个安全组,那么它会有所帮助。
ingress {
from_port = 0
to_port = 65535
protocol = "tcp"
security_groups = ["${aws_security_group.alb_secuirty_group.id}"]
description = "HTTP"
}
I Edited my last answer:我编辑了我的最后一个答案:
If you need it from a comma separated file, theres no need to split values, just make it a list with []如果您需要从逗号分隔的文件中获取它,则无需拆分值,只需将其设为带有 [] 的列表
cidr_blocks = ["${var.cidrs}"]
or simpler或更简单的
cidr_blocks = ["${file("cidrs.scv")"}]
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.