如何使用 append 或删除安全组的入口/出口规则 Terraform?
[英]How to append or delete the ingress/egress rule for a security group using Terraform?
问题描述
Is there a way to manage AWS security Groups in Terraform to edit rules for an existing SG?
有没有办法管理 Terraform 中的 AWS 安全组来编辑现有 SG 的规则?
eg: If I provision a new instance the ingress rules of an existing SG is updated to allow the newly provisioned instance.例如:如果我提供一个新实例,现有 SG 的入口规则会更新以允许新提供的实例。 The SG also needs to update when an instance terminates.当实例终止时,SG 也需要更新。
Feel free to suggest other common practices if not directly supported via Terraform.如果不通过 Terraform 直接支持,请随意提出其他常见做法。
1 个解决方案
解决方案1
3 已采纳 2021-02-10 11:28:18
Yes, you can add and remove individual rules to existing security groups (SGs).是的,您可以向现有安全组 (SG) 添加和删除单个规则。 This can be done in two steps:这可以分两步完成:
- Get data source for an existing SG using aws_security_group :使用aws_security_group获取现有 SG 的数据源:
data "aws_security_group" "selected" {
id = <group-id-of-existing-sg>
}
- Create aws_security_group_rule resource to add a new rule to the SG from step 1:创建aws_security_group_rule资源以将新规则从步骤 1 添加到 SG:
resource "aws_security_group_rule" "example" {
type = "ingress"
from_port = 0
to_port = 65535
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
security_group_id = data.aws_security_group.selected.id
}
If your instance is created in same TF file as the SG rule, upon terraform destroy both the instance and the rule will get destroyed.如果您的实例是在与 SG 规则相同的 TF 文件中创建的,则在terraform destroy两个实例时,该规则将被销毁。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.