stackoom
  简体   繁体   中英

How can I set the security group rule description with Terraform?

 原文  2017-08-31 18:35:05       amazon-web-services/ terraform/ network-security-groups

Question

It looks like you can now set security group rule descriptions . This is super useful for maintaining whitelists for administrative access.

I can set the description in the AWS console but can't figure out how to set it with Terraform.

My assumption was that if the AWS API allows for it, Terraform can just do it without explicit support for it in the Terraform code. Perhaps that's wishful thinking and we'll have to wait for Terraform to support the new feature, or perhaps I'm just doing it wrong.

I tried simply declaring the description property in the rule declaration (like you would for the description of the security group itself): 

    ingress {
        from_port       = 22
        to_port         = 22
        protocol        = "tcp"
        cidr_blocks     = ["123.456.789.123"]
        description     = "some rule description"
        }

Terraform bails in the plan stage with:

aws_security_group.somegroup: ingress.0: invalid or unknown key: description

I also tried setting tags within the rule declaration (like you would for setting the name of the security group): 

     ingress {
         from_port       = 22
         ...
      tags {
           "Description" = "some rule description"
           }
      }

Terraform bails in the plan stage with:

aws_security_group.somegroup: ingress.0: invalid or unknown key: tags

2 answers

solution1
 1  2017-08-31 22:16:06

Seems that you do not use Terraform api correctly.

You can not set description to aws_security_group_rule resource.

aws_security_group_rule on Terraform.io 

resource "aws_security_group_rule" "allow_all" {
  type            = "ingress"
  from_port       = 0
  to_port         = 65535
  protocol        = "tcp"
  cidr_blocks     = ["0.0.0.0/0"]
  prefix_list_ids = ["pl-12c4e678"]

  security_group_id = "sg-123456"
}

You can set description to aws_security_group resource.

aws_security_group on Terraform.io

From their Docs: 

resource "aws_security_group" "allow_all" {
  name        = "allow_all"
  description = "Allow all inbound traffic"

  ingress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port       = 0
    to_port         = 0
    protocol        = "-1"
    cidr_blocks     = ["0.0.0.0/0"]
    prefix_list_ids = ["pl-12c4e678"]
  }
}

aws_security_group 's description property should be declared outside of ingress and egress declarations, in its root scope

solution2
 1 ACCPTED  2017-12-12 12:13:07

截至目前,您的代码应该是有效的。

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How Can I add description to security group from AWS CLI How can I attach a RDS Instance to a Security Group in Terraform How to append or delete the ingress/egress rule for a security group using Terraform? AWS and Terraform - Default egress rule in security group Putting csvdecode in security group rule terraform AWS with Terraform - security groups argument inside a security group rule How can I create terraform aws_security_group with multiple eip and ec2 instances? terraform wants to replace ec2 instances when i simply want to add a rule to a security group How to create an aws security group rule allowing RDP ports from anywhere using terraform? How should I define ranges in ingress security group using terraform?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM