堆栈内存溢出
  简体   繁体   English

有条件地使用 terraform 中的计数创建 aws_security_group_rule

[英]Conditionally create aws_security_group_rule with count in terraform

 原文  2021-07-28 05:42:31       amazon-web-services/ terraform/ terraform-provider-aws/ terraform0.12+

问题描述

I have following code in my terraform script我的 terraform 脚本中有以下代码

variable "sg_ingress_rules" {
  type = map(map(any))
  default = {
    port_22   = { from = 22, to = 22, proto = "tcp", cidr = "0.0.0.0/0", desc = "Allow port 22 from all" }
    port_3306 = { from = 3306, to = 3306, proto = "tcp", cidr = "10.0.0.0/8", desc = "Allow port 3306 from all" }
    port_3307 = { from = 3307, to = 3307, proto = "tcp", cidr = "10.0.0.0/8", desc = "Allow port 3307 from all" },
    port_3308 = { from = 3308, to = 3308, proto = "tcp", cidr = "10.0.0.0/8", desc = "Allow port 3308 from all" },
    port_9103 = { from = 9103, to = 9103, proto = "tcp", cidr = "10.0.0.0/8", desc = "Allow port 9103 from all" },
  }
}

resource "aws_security_group_rule" "mysql_ingress_rules" {
  for_each          = var.sg_ingress_rules
  type              = "ingress"
  from_port         = each.value.from
  to_port           = each.value.to
  protocol          = each.value.proto
  cidr_blocks       = [each.value.cidr]
  description       = each.value.desc
  security_group_id = aws_security_group.this[*].id
}

Now I want to conditionally create this rule only if I am creating mysql instance.现在我只想在创建 mysql 实例时有条件地创建此规则。 It would not create any rule if launch_mysql is false.如果 launch_mysql 为 false,则不会创建任何规则。 I tried this approach which is obviously wrong as you can't use both count and for_each.我尝试了这种方法,这显然是错误的,因为您不能同时使用 count 和 for_each。

resource "aws_security_group_rule" "mysql_ingress_rules" {
  count             = var.launch_mysql ? 1 : 0
  for_each          = var.sg_ingress_rules
  type              = "ingress"
  from_port         = each.value.from
  to_port           = each.value.to
  protocol          = each.value.proto
  cidr_blocks       = [each.value.cidr]
  description       = each.value.desc
  security_group_id = var.launch_mysql ? join("", aws_security_group.this[*].id) : "null"
}

I am using terraform version 1.0.2.我正在使用 terraform 版本 1.0.2。

I am not able to think of any other way.我想不出任何其他方式。 Can someone please help me on this?有人可以帮我吗?

1 个解决方案

解决方案1
 2 已采纳  2021-07-28 05:52:04

You can do this as follows:您可以按如下方式执行此操作:

resource "aws_security_group_rule" "mysql_ingress_rules" {

  for_each          = var.launch_mysql ? var.sg_ingress_rules : {}

  type              = "ingress"
  from_port         = each.value.from
  to_port           = each.value.to
  protocol          = each.value.proto
  cidr_blocks       = [each.value.cidr]
  description       = each.value.desc
  security_group_id = aws_security_group.this[*].id
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 将包含自身和安全组 ID 的 aws_security_group_rule 添加到安全组 - Add an aws_security_group_rule that contains self and a security group id to a security group aws_security_group_rule 属性 cidr_blocks 和 source_security_group_id 的冲突问题 - conflicting issue for aws_security_group_rule attributes cidr_blocks and source_security_group_id AWS 和 Terraform - 安全组中的默认出口规则 - AWS and Terraform - Default egress rule in security group 带有 Terraform 的 AWS - 安全组规则中的安全组参数 - AWS with Terraform - security groups argument inside a security group rule 如何使用 terraform 创建允许来自任何地方的 RDP 端口的 aws 安全组规则? - How to create an aws security group rule allowing RDP ports from anywhere using terraform? Terraform aws 安全组 revoke_rule_on_delete? - Terraform aws security group revoke_rule_on_delete? 使用 Terraform (AWS) 将安全组添加到另一个安全组的入站规则作为源 - Add a Security Group to the Inbound Rule of another Security Group as a Source with Terraform (AWS) 将 csvdecode 放入安全组规则 terraform - Putting csvdecode in security group rule terraform 从Java中的另一个安全组创建AWS安全组入站规则 - Create Aws Security Group Inbound Rule from another security group in java 使用 Terraform 创建 AWS 资源组 - Create an AWS Resource Group with Terraform
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM