堆栈内存溢出
  简体   繁体   English

动态变量值-in-terraform-for-aws-security-groups

[英]dynamic variable-values-in-terraform-for-aws-security-groups

 原文  2022-11-23 10:11:47       amazon-web-services/ terraform/ amazon-eks

问题描述

Hi am working terraform code where am creating eks cluster and rds with security group for rds ad cluster also in rds security group am using dynamic method create ingress in that some using cidr some of security group am able to create cidr am stuck at security groupa您好,我正在使用 terraform 代码,其中我正在为 rds 广告集群创建 eks 集群和 rds 安全组,也在 rds 安全组中,我使用动态方法创建入口,因为一些使用 cidr 一些安全组能够创建 cidr 我卡在安全组 a

variable.tf
variable "ingress_rules" {
  default     = {
    "indian vpn ingress rule" = {
      "description" = "India  CIDR"
      "from_port"   = "1521"
      "to_port"     = "1521"
      "protocol"    = "tcp"
      "cidr_blocks" = ["192.34.890.0/24"]
    },
   "eks node ingress rule" = {
      "description" = "EKS Nodes SG"
      "from_port"   = "1521"
      "to_port"     = "1521"
      "protocol"    = "tcp"
      "security_groups" = ["module.eks.worker_security_group_id"]
    }

mani.tf曼尼特夫

esource "aws_security_group" "rds_sg" {
    name    = "${var.cluster_name}-rds-sg"
    vpc_id  = var.vpc_id
    
    dynamic "ingress" {
    for_each = var.ingress_rules
    content {
      description      = lookup(ingress.value, "description", null)
      from_port        = lookup(ingress.value, "from_port", null)
      to_port          = lookup(ingress.value, "to_port", null)
      protocol         = lookup(ingress.value, "protocol", null)
      cidr_blocks      = lookup(ingress.value, "cidr_blocks", null)
      security_groups  = lookup(ingress.value, "security_groups", null)
    }
  }

How to define ["module.eks.worker_security_group_id"] in varibale tf my eks module define in main.tf如何在 varibale tf 中定义 ["module.eks.worker_security_group_id"] 我的 eks 模块在 main.tf 中定义

2 个解决方案

解决方案1
 0  2022-11-23 10:17:44

You can't do that.你不能那样做。 TF does not support dynamic variables. TF 不支持动态变量。 The only thing you can do is to use locals instead.您唯一可以做的就是改用locals In local variables you can use dynamic content.在局部变量中,您可以使用动态内容。

解决方案2
 0 已采纳  2022-11-23 16:19:14

I think there is a misunderstanding on the differences between input variables and local variables here.我认为这里对输入变量和局部变量的区别存在误解。

input variables, can have a default value if not value is provided but they must be static.输入变量,如果没有提供值,可以有一个默认值,但它们必须是 static。

local variables can be dynamic.局部变量可以是动态的。

So, for your case, since the "ingress_rules" has already been defined and it is not going to change, but it must be build dynamically, it would be better to build it inside the "locals" block.因此,对于您的情况,由于已经定义了“ingress_rules”并且不会更改,但它必须动态构建,因此最好在“locals”块内构建它。

locals {
  ingress_rules = {
    ***
    ***
  }
}

To access it, use local.ingress_rules要访问它,请使用 local.ingress_rules

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在 Terraform 嵌套循环中创建 AWS 安全组 - Creating AWS Security Groups in a Terraform Nested Loop 使用动态块通过 Terraform 引用 AWS 中的安全组 - Referencing Security Group in AWS via Terraform using Dynamic Block AWS 安全组 - AWS security groups Terraform:成功创建资源(aws_security_group),但它采用来自所有给定安全组的入口/出口规则 - Terraform: create resource(aws_security_group) successfully but it takes ingress/egress rules from all given security groups terraform aws:创建安全组时的协议不正确 - terraform aws: Incorrect protocol in creating a security group AWS 安全组不在 VPC 错误中,出现 Terraform - AWS Security Group not in VPC error with Terraform Terraform - 授权VPC对等连接之间的安全组 - Terraform - Authorizing Security Groups Between VPC Peering Connection 识别 AWS 安全组中的重叠 IP - Identify overlapping IPs in AWS Security Groups Terraform aws 秘密 - 嵌套 object 变量 - Terraform aws secrets - nested object variable 在 Dockerfile 或通过 terraform 设置 $_HANDLER 环境变量 AWS Lambda - Set $_HANDLER environment variable AWS Lambda in Dockerfile or via terraform
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM