[英]Conditionally create aws_security_group_rule with count in terraform
I have following code in my terraform script我的 terraform 脚本中有以下代码
variable "sg_ingress_rules" {
type = map(map(any))
default = {
port_22 = { from = 22, to = 22, proto = "tcp", cidr = "0.0.0.0/0", desc = "Allow port 22 from all" }
port_3306 = { from = 3306, to = 3306, proto = "tcp", cidr = "10.0.0.0/8", desc = "Allow port 3306 from all" }
port_3307 = { from = 3307, to = 3307, proto = "tcp", cidr = "10.0.0.0/8", desc = "Allow port 3307 from all" },
port_3308 = { from = 3308, to = 3308, proto = "tcp", cidr = "10.0.0.0/8", desc = "Allow port 3308 from all" },
port_9103 = { from = 9103, to = 9103, proto = "tcp", cidr = "10.0.0.0/8", desc = "Allow port 9103 from all" },
}
}
resource "aws_security_group_rule" "mysql_ingress_rules" {
for_each = var.sg_ingress_rules
type = "ingress"
from_port = each.value.from
to_port = each.value.to
protocol = each.value.proto
cidr_blocks = [each.value.cidr]
description = each.value.desc
security_group_id = aws_security_group.this[*].id
}
Now I want to conditionally create this rule only if I am creating mysql instance.现在我只想在创建 mysql 实例时有条件地创建此规则。 It would not create any rule if launch_mysql is false.
如果 launch_mysql 为 false,则不会创建任何规则。 I tried this approach which is obviously wrong as you can't use both count and for_each.
我尝试了这种方法,这显然是错误的,因为您不能同时使用 count 和 for_each。
resource "aws_security_group_rule" "mysql_ingress_rules" {
count = var.launch_mysql ? 1 : 0
for_each = var.sg_ingress_rules
type = "ingress"
from_port = each.value.from
to_port = each.value.to
protocol = each.value.proto
cidr_blocks = [each.value.cidr]
description = each.value.desc
security_group_id = var.launch_mysql ? join("", aws_security_group.this[*].id) : "null"
}
I am using terraform version 1.0.2.我正在使用 terraform 版本 1.0.2。
I am not able to think of any other way.我想不出任何其他方式。 Can someone please help me on this?
有人可以帮我吗?
You can do this as follows:您可以按如下方式执行此操作:
resource "aws_security_group_rule" "mysql_ingress_rules" {
for_each = var.launch_mysql ? var.sg_ingress_rules : {}
type = "ingress"
from_port = each.value.from
to_port = each.value.to
protocol = each.value.proto
cidr_blocks = [each.value.cidr]
description = each.value.desc
security_group_id = aws_security_group.this[*].id
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.