Terraform:如何从 VPC id 获取 VPC CIDR?
[英]Terraform: How to get the VPC CIDR from VPC id?
问题描述
I'm trying to source the PIV4_CIDR for a given VPC, using the aws_vpcs data-source to identify the VPC first and get the CIDR from ID - is it possible?
我正在尝试为给定 VPC 获取PIV4_CIDR ,使用 aws_vpcs 数据源首先识别 VPC 并从 ID 获取 CIDR - 可能吗?
Just a bit of background, for some design reason, we have services in different VPC.只是一点背景,出于某种设计原因,我们在不同的 VPC 中有服务。 Say, eg.说,例如。 I have three VPCs: xxxprod-n , xxxprod-l and xxxprod-h and I want to add a SG rule for the entire subnet to allow access to a specific port.我有三个 VPC: xxxprod-n 、 xxxprod-l和xxxprod-h ,我想为整个子网添加 SG 规则以允许访问特定端口。 This is what I tried:这是我尝试过的:
data "aws_vpcs" "prod" {
tags = {
Name = "${var.project}prd-*"
}
}
resource "aws_security_group_rule" "pa-allow" {
count = length(data.aws_vpcs.prod.ids)
type = "ingress"
from_port = 8140
to_port = 8140
protocol = "tcp"
cidr_blocks = [sort(data.aws_vpcs.prod.ids)[count.index].cidr_block]
security_group_id = aws_security_group.secg.id
description = "allow from ${sort(data.aws_vpcs.prod.ids)[count.index]}"
}
I get the error:我得到错误:
Error: Unsupported attribute
on../../modules/mgt/ec2.tf line 42, in resource "aws_security_group_rule" "pa-allow": 42: cidr_blocks = [sort(data.aws_vpcs.prod.ids)[count.index].cidr_block]
This value does not have any attributes.
I tried that, based on this page: https://www.terraform.io/docs/providers/aws/d/vpc.html , thinking aws_vpc and aws_vpcs will do similar sort of thing but it seem doesn't. I tried that, based on this page: https://www.terraform.io/docs/providers/aws/d/vpc.html , thinking aws_vpc and aws_vpcs will do similar sort of thing but it seem doesn't. Any idea how do I do that?知道我该怎么做吗?
2 个解决方案
解决方案1
1 已采纳 2019-07-19 15:27:32
You can get SET (not list) of vpcs using data.aws_vpcs. 您可以使用data.aws_vpcs获得vpc的SET (而非列表)。 (I think the document is wrong...) Then you can get data.aws_vpc list using data.aws_vpcs, and you can get cidr blocks of them. (我认为文档是错误的...)然后,您可以使用data.aws_vpcs获取data.aws_vpc列表,并可以获取其中的cidr块。
data "aws_vpcs" "prod" {
tags = {
Name = "${var.project}prd-*"
}
}
data "aws_vpc" "prod" {
count = length(data.aws_vpcs.prod.ids)
id = tolist(data.aws_vpcs.prod.ids)[count.index]
}
resource "aws_security_group_rule" "pa-allow" {
count = length(data.aws_vpcs.prod.ids)
type = "ingress"
from_port = 8140
to_port = 8140
protocol = "tcp"
cidr_blocks = [data.aws_vpc.prod[count.index].cidr_block]
security_group_id = aws_security_group.secg.id
description = "allow from ${tolist(data.aws_vpcs.prod.ids)[count.index]}"
}
解决方案2
0 2022-04-14 08:41:28
As for today, you don't need to use the list approach anymore, it is not specified in the documentation but you can do something like this:至于今天,您不再需要使用列表方法,文档中未指定它,但您可以执行以下操作:
data "aws_vpc" "main" {
id = <your_vpc_id>
}
And then you can access it data.aws_vpc.main.cidr_block , it is not specified in the attributes referece , but it is there.然后您可以访问它data.aws_vpc.main.cidr_block ,它没有在属性referece 中指定,但它就在那里。
Terraform version: 1.0.11 Terraform 版本:1.0.11
AWS Provider version: 4.9.0 AWS 提供商版本:4.9.0
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.