[英]How to append or delete the ingress/egress rule for a security group using Terraform?
Is there a way to manage AWS security Groups in Terraform to edit rules for an existing SG?有没有办法管理 Terraform 中的 AWS 安全组来编辑现有 SG 的规则?
eg: If I provision a new instance the ingress rules of an existing SG is updated to allow the newly provisioned instance.例如:如果我提供一个新实例,现有 SG 的入口规则会更新以允许新提供的实例。 The SG also needs to update when an instance terminates.当实例终止时,SG 也需要更新。
Feel free to suggest other common practices if not directly supported via Terraform.如果不通过 Terraform 直接支持,请随意提出其他常见做法。
Yes, you can add and remove individual rules to existing security groups (SGs).是的,您可以向现有安全组 (SG) 添加和删除单个规则。 This can be done in two steps:这可以分两步完成:
data "aws_security_group" "selected" {
id = <group-id-of-existing-sg>
}
resource "aws_security_group_rule" "example" {
type = "ingress"
from_port = 0
to_port = 65535
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
security_group_id = data.aws_security_group.selected.id
}
If your instance is created in same TF file as the SG rule, upon terraform destroy
both the instance and the rule will get destroyed.如果您的实例是在与 SG 规则相同的 TF 文件中创建的,则在terraform destroy
两个实例时,该规则将被销毁。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.