堆栈内存溢出
  简体   繁体   English

Terraform:成功创建资源(aws_security_group),但它采用来自所有给定安全组的入口/出口规则

[英]Terraform: create resource(aws_security_group) successfully but it takes ingress/egress rules from all given security groups

 原文  2022-06-10 20:34:16       amazon-web-services/ terraform/ aws-security-group

问题描述

My code will create security groups as well as ingress/egress as we give the list of security groups and rules in the dev.tfvars file The code ran successfully but created security groups takes ingress/egress rules from all given security groups.我的代码将创建安全组以及入口/出口,因为我们在 dev.tfvars 文件中提供了安全组和规则列表代码运行成功但创建的安全组采用所有给定安全组的入口/出口规则。

./security.tf ./security.tf

resource "aws_security_group" "sg" {
  count = length(var.vpc_config.security_groups)
  name = var.vpc_config.security_groups[count.index].name
  description = var.vpc_config.security_groups[count.index].description
  vpc_id = var.vpc_id


  dynamic "ingress" {
    for_each = var.vpc_config.security_groups
    content {
      from_port = ingress.value.ingress.from_port
      to_port   = ingress.value.ingress.to_port
      protocol  = ingress.value.ingress.protocol
      cidr_blocks = ingress.value.ingress.cidr_block
    }
  }

  dynamic "egress" {
    for_each = var.vpc_config.security_groups
    content {
      from_port = egress.value.egress.from_port
      to_port   = egress.value.egress.to_port
      protocol  = egress.value.egress.protocol
      cidr_blocks = egress.value.egress.cidr_block
    }
  }
 
  tags = {
    Name        = var.vpc_config.security_groups[count.index].name
    Environment = var.vpc_config.environment
  }
}

./dev.tfvars ./dev.tfvars

vpc_config = {

    security_groups = [ {
          name        = "sg_1"
          description = "security group 1"
          ingress = {
            from_port   = 80
            to_port     = 80
            protocol    = "tcp"
            cidr_block  = ["0.0.0.0/0"]
          }
          egress = {
            from_port   = 0
            to_port     = 0
            protocol    = "-1"
            cidr_block  = ["0.0.0.0/0"]
          }
        },
        {
          name        = "sg_2"
          description = "security group 2"
          ingress = {
            from_port   = 21
            to_port     = 21
            protocol    = "tcp"
            cidr_block  = ["0.0.0.0/0"]
          }
          egress = {
            from_port   = 443
            to_port     = 443
            protocol    = "http"
            cidr_block  = ["0.0.0.0/0"]
          }
        }
        ]
}

It will create two security groups with one ingress and one egress each but it creates two security groups with two ingress and two egress each.它将创建两个安全组,每个安全组有一个入口和一个出口,但它会创建两个安全组,每个安全组有两个入口和两个出口。

1 个解决方案

解决方案1
 1  2022-06-10 21:23:42

If your goal is to create a 2 security groups, each having a certain ingress and egress rules explicitly defined, you do not want to have dynamic blocks.如果您的目标是创建 2 个安全组,每个安全组都有明确定义的特定入口和出口规则,则您不希望有动态块。 With dynamic blocks, you will create an inner loop, which is not what you would want.使用动态块,您将创建一个内部循环,这不是您想要的。

I recommend using only one for_each at the resource level and no dynamic blocks:我建议在资源级别只使用一个for_each并且不要使用动态块:

resource "aws_security_group" "sg" {
  for_each = {
    for sg in var.vpc_config.security_groups : sg.name => sg
  }
  name        = each.value.name
  description = each.value.description
  vpc_id      = var.vpc_id


  ingress {
    from_port   = each.value.ingress.from_port
    to_port     = each.value.ingress.to_port
    protocol    = each.value.ingress.protocol
    cidr_blocks = each.value.ingress.cidr_block

  }

  egress {
    from_port   = each.value.egress.from_port
    to_port     = each.value.egress.to_port
    protocol    = each.value.egress.protocol
    cidr_blocks = each.value.egress.cidr_block

  }

  tags = {
    Name        = each.value.name
    Environment = var.vpc_config.environment
  }
}

If you want to use count , you can do it as follows:如果你想使用count ,你可以这样做:

resource "aws_security_group" "sg" {
  count       = length(var.vpc_config.security_groups)
  name        = var.vpc_config.security_groups[count.index].name
  description = var.vpc_config.security_groups[count.index].description
  vpc_id      = var.vpc_id


  ingress {
    from_port   = var.vpc_config.security_groups[count.index].ingress.from_port
    to_port     = var.vpc_config.security_groups[count.index].ingress.to_port
    protocol    = var.vpc_config.security_groups[count.index].ingress.protocol
    cidr_blocks = var.vpc_config.security_groups[count.index].ingress.cidr_block

  }

  egress {
    from_port   = var.vpc_config.security_groups[count.index].egress.from_port
    to_port     = var.vpc_config.security_groups[count.index].egress.to_port
    protocol    = var.vpc_config.security_groups[count.index].egress.protocol
    cidr_blocks = var.vpc_config.security_groups[count.index].egress.cidr_block

  }

  tags = {
    Name        = var.vpc_config.security_groups[count.index].name
    Environment = var.vpc_config.environment
  }
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用多个 eip 和 ec2 实例创建 terraform aws_security_group? - How can I create terraform aws_security_group with multiple eip and ec2 instances? AWS Workspace 安全组出口要求 - AWS Workspace Security Group Egress Requirments 在 AWS 安全组中创建多个规则 - Create multiple rules in AWS security Group 在 Terraform 嵌套循环中创建 AWS 安全组 - Creating AWS Security Groups in a Terraform Nested Loop 使用 Terraform 创建 AWS 资源组 - Create an AWS Resource Group with Terraform terraform aws:创建安全组时的协议不正确 - terraform aws: Incorrect protocol in creating a security group AWS 安全组不在 VPC 错误中,出现 Terraform - AWS Security Group not in VPC error with Terraform 如何找到所有 AWS 安全组中未使用的安全组? - How to find Unused Security Groups of all AWS Security Groups? 动态变量值-in-terraform-for-aws-security-groups - dynamic variable-values-in-terraform-for-aws-security-groups AWS 安全组 - AWS security groups
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM