Terraform 将现有安全组添加到新的 Auto Scaling ec2 组

Question

I want to add an existing Security Group defined in the VPC to an EC2 Auto Scaling Group. There is no LB defined. This example creates a single EC2 instance for now.

Terraform documentation shows that this is possible for EC2 instances using sg_attachment

resource "aws_network_interface_sg_attachment" "bastion" {
  security_group_id    = var.sg_id
  network_interface_id = aws_autoscaling_group.bastion.primary_network_interface_id
}

But I get the following error, probably because I'm using Auto-scaling groups instead:

Error: Unsupported attribute

on ......\\modules\\ec2_auto_scaling_group\\bastion.tf line 51, in resource "aws_network_interface_sg_attachment" "bastion": 51:
network_interface_id = aws_autoscaling_group.bastion.primary_network_interface_id

This object has no argument, nested block, or exported attribute named "primary_network_interface_id".

I've seen the autoscaling group attachment - https://www.terraform.io/docs/providers/aws/r/autoscaling_attachment.html

But this doesn't refer to security groups at all.

Of course - I could implicitly specify a new security group with all the same rules, or just declare an ec2 instance instead. But when creating an autoscaling group on the console - you get the option to import existing Security groups. So I'd like to think that terraform has an equivalent.

Answer 1

It appears I've overlooked previous settings:

resource "aws_launch_configuration" "bastion" {
  # Launch configuration can't be updated, (provisioning)
  # in order to update the resource will be destroyed and rebuilt

  name_prefix = var.bastion_name_prefix

  image_id = data.aws_ami.RHEL_77.id 
  instance_type = var.bastion_instance_type
  key_name = aws_key_pair.bastion.key_name
  associate_public_ip_address = true
  enable_monitoring = false
  security_groups = [var.vpc_main_sg_id,aws_security_group.bastion.id]

  lifecycle {
      create_before_destroy = true
  }
}

Adding a security group to aws_launch_configuration, fixed the issue.