It looks like you can now set security group rule descriptions . This is super useful for maintaining whitelists for administrative access.
I can set the description in the AWS console but can't figure out how to set it with Terraform.
My assumption was that if the AWS API allows for it, Terraform can just do it without explicit support for it in the Terraform code. Perhaps that's wishful thinking and we'll have to wait for Terraform to support the new feature, or perhaps I'm just doing it wrong.
I tried simply declaring the description property in the rule declaration (like you would for the description of the security group itself):
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["123.456.789.123"]
description = "some rule description"
}
Terraform bails in the plan stage with:
aws_security_group.somegroup: ingress.0: invalid or unknown key: description
I also tried setting tags within the rule declaration (like you would for setting the name of the security group):
ingress {
from_port = 22
...
tags {
"Description" = "some rule description"
}
}
Terraform bails in the plan stage with:
aws_security_group.somegroup: ingress.0: invalid or unknown key: tags
Seems that you do not use Terraform api correctly.
You can not set description
to aws_security_group_rule
resource.
aws_security_group_rule
on Terraform.io
resource "aws_security_group_rule" "allow_all" {
type = "ingress"
from_port = 0
to_port = 65535
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
prefix_list_ids = ["pl-12c4e678"]
security_group_id = "sg-123456"
}
You can set description
to aws_security_group
resource.
aws_security_group
on Terraform.io
From their Docs:
resource "aws_security_group" "allow_all" {
name = "allow_all"
description = "Allow all inbound traffic"
ingress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
prefix_list_ids = ["pl-12c4e678"]
}
}
aws_security_group
's description
property should be declared outside of ingress
and egress
declarations, in its root scope
截至目前,您的代码应该是有效的。
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.