Terraform 配置未使用其他文件中的 output 来获取已创建的资源,而是尝试重新创建它并失败(安全组 ID)
[英]Terraform config isn't using output from other file for already created resource, instead tries to recreate it and fails (security group id)
问题描述
In terraform/aws/global/vpc/security_groups.tf I have the below code to create my bastion security group, and the output.tf file as well which is below.
在 terraform/aws/global/vpc/security_groups.tf 我有以下代码来创建我的堡垒安全组,以及 output.tf 文件,如下所示。 But in terraform/aws/layers/bastion/main.tf (code also below) I reference that security group as I need its security group ID to create my EC2 instance, the issue I have is that rather than getting the ID from the already existing security group created by the /vpc/security_groups.tf config it tries to create the whole security group and the run obviously fails because it already exists.但是在 terraform/aws/layers/bastion/main.tf (代码也在下面)中,我引用了该安全组,因为我需要它的安全组 ID 来创建我的 EC2 实例,我遇到的问题是,而不是从已经由 /vpc/security_groups.tf 配置创建的现有安全组它尝试创建整个安全组并且运行显然失败,因为它已经存在。 How can I change my code to get the ID of the existing SG?如何更改我的代码以获取现有 SG 的 ID? I don't want to create my SG in the same config file as my instance, some of my security groups are shared between different resources.我不想在与我的实例相同的配置文件中创建我的 SG,我的一些安全组在不同资源之间共享。 I am using Terraform Cloud and VPC has its own workspace, so I assume this could actually be an issue with the states being different.. is there a work around for this?我正在使用 Terraform 云和 VPC 有自己的工作区,所以我认为这实际上可能是状态不同的问题.. 有解决办法吗?
terraform/aws/global/vpc/security_groups.tf terraform/aws/global/vpc/security_groups.tf
provider "aws" {
region = "eu-west-1"
}
resource "aws_security_group" "bastion" {
name = "Bastion_Terraform"
description = "Bastion SSH access Terraform"
vpc_id = "vpc-12345"
ingress {
description = "Bastion SSH"
from_port = ##
to_port = ##
protocol = "##"
cidr_blocks = ["1.2.3.4/56"]
}
ingress {
description = "Bastion SSH"
from_port = ##
to_port = ##
protocol = "##"
cidr_blocks = ["1.2.3.4/0"]
}
egress {
description = "Access to "
from_port = ##
to_port = ##
protocol = "tcp"
security_groups = ["sg-12345"]
}
egress {
description = "Access to ##"
from_port = ##
to_port = ##
protocol = "tcp"
security_groups = ["sg-12345"]
}
tags = {
Name = "Bastion Terraform"
}
}
terraform/aws/global/vpc/outputs.tf terraform/aws/global/vpc/outputs.tf
output "bastion-sg" {
value = aws_security_group.bastion.id
}
terraform/aws/layers/bastion/main.tf terraform/aws/layers/bastion/main.tf
provider "aws" {
region = var.region
}
module "vpc" {
source = "../../global/vpc"
}
module "ec2-instance" {
source = "terraform-aws-modules/ec2-instance/aws"
name = "bastion"
instance_count = 1
ami = var.image_id
instance_type = var.instance_type
vpc_security_group_ids = ["${module.vpc.bastion-sg}"]
subnet_id = var.subnet
iam_instance_profile = var.iam_role
tags = {
Layer = "Bastion"
}
}
1 个解决方案
解决方案1
1 2020-06-22 15:28:52
When you have a child module block like this in a TF module:当您在 TF 模块中有这样的子模块块时:
module "ec2-instance" {
source = "terraform-aws-modules/ec2-instance/aws"
name = "bastion"
instance_count = 1
ami = var.image_id
instance_type = var.instance_type
vpc_security_group_ids = ["${module.vpc.bastion-sg}"]
subnet_id = var.subnet
iam_instance_profile = var.iam_role
tags = {
Layer = "Bastion"
}
}
It doesn't just reference that child module, it instatiates a completely new instance of it unique only to the parent module and its state.它不只是引用该子模块,它创建了一个全新的实例,它仅对父模块及其 state 唯一。 Think of this not like an assignment or a pointer but the construction of a whole new instance of the module (using the module as a template) with all of its resources created again.认为这不是赋值或指针,而是构建一个全新的模块实例(使用模块作为模板),并再次创建其所有资源。
You will need to either directly reference the outputs of the child module in the parent module that has its module block or you will need to use a terraform_remote_state data source or Terragrunt dependency to load the outputs from the state file.您将需要在具有其模块块的父模块中直接引用子模块的输出,或者您需要使用 terraform_remote_state 数据源或 Terragrunt 依赖项从 state 文件加载输出。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.