[英]Terraform add existing security group to new auto scaling ec2 group
I want to add an existing Security Group defined in the VPC to an EC2 Auto Scaling Group.我想将 VPC 中定义的现有安全组添加到 EC2 Auto Scaling 组。 There is no LB defined.
没有定义 LB。 This example creates a single EC2 instance for now.
此示例暂时创建了一个 EC2 实例。
Terraform documentation shows that this is possible for EC2 instances using sg_attachment Terraform 文档显示这对于使用 sg_attachment 的 EC2 实例是可能的
resource "aws_network_interface_sg_attachment" "bastion" {
security_group_id = var.sg_id
network_interface_id = aws_autoscaling_group.bastion.primary_network_interface_id
}
But I get the following error, probably because I'm using Auto-scaling groups instead:但是我收到以下错误,可能是因为我使用的是自动缩放组:
Error: Unsupported attribute
错误:不支持的属性
on ......\\modules\\ec2_auto_scaling_group\\bastion.tf line 51, in resource "aws_network_interface_sg_attachment" "bastion": 51:
在......\\modules\\ec2_auto_scaling_group\\bastion.tf 第 51 行,在资源“aws_network_interface_sg_attachment”“堡垒”中:51:
network_interface_id = aws_autoscaling_group.bastion.primary_network_interface_idnetwork_interface_id = aws_autoscaling_group.bastion.primary_network_interface_id
This object has no argument, nested block, or exported attribute named "primary_network_interface_id".
此对象没有参数、嵌套块或名为“primary_network_interface_id”的导出属性。
I've seen the autoscaling group attachment - https://www.terraform.io/docs/providers/aws/r/autoscaling_attachment.html我看过自动缩放组附件 - https://www.terraform.io/docs/providers/aws/r/autoscaling_attachment.html
But this doesn't refer to security groups at all.但这根本不是指安全组。
Of course - I could implicitly specify a new security group with all the same rules, or just declare an ec2 instance instead.当然 - 我可以隐式指定一个具有所有相同规则的新安全组,或者只是声明一个 ec2 实例。 But when creating an autoscaling group on the console - you get the option to import existing Security groups.
但是在控制台上创建自动缩放组时 - 您可以选择导入现有的安全组。 So I'd like to think that terraform has an equivalent.
所以我想认为 terraform 有一个等价物。
It appears I've overlooked previous settings:看来我忽略了以前的设置:
resource "aws_launch_configuration" "bastion" {
# Launch configuration can't be updated, (provisioning)
# in order to update the resource will be destroyed and rebuilt
name_prefix = var.bastion_name_prefix
image_id = data.aws_ami.RHEL_77.id
instance_type = var.bastion_instance_type
key_name = aws_key_pair.bastion.key_name
associate_public_ip_address = true
enable_monitoring = false
security_groups = [var.vpc_main_sg_id,aws_security_group.bastion.id]
lifecycle {
create_before_destroy = true
}
}
Adding a security group to aws_launch_configuration, fixed the issue.将安全组添加到 aws_launch_configuration,修复了该问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.