stackoom
  简体   繁体   中英

invalid CIDR address in terraform aws_security_group resource with cidr_blocks from file

 原文  2019-06-03 15:34:21       amazon-web-services/ terraform/ terraform-provider-aws/ aws-security-group/ cidr

Question

I'm trying to create a security group ingress rule from a file containing a list of CIDRs in the following format:

"127.0.0.1/32",
"127.0.0.1/32",
"127.0.0.1/32"

The CIDRs are retrieved from the file as follows:

cidrs = "${split(",", file("${path.module}/cidrs"))}"

and passed to the aws_security_group resource as a (list) variable:

resource "aws_security_group" "test" {
    ...
    ingress {
        ...
        cidr_blocks = "${var.cidrs}"
    }
}

running terraform plan results in the following error:

[ERROR] root.test: eval: *terraform.EvalValidateResource, err: 
Warnings: []. Errors: [
"ingress.2.cidr_blocks.0" must contain a valid CIDR, got error parsing: 
invalid CIDR address: "127.0.0.1/32"
"ingress.2.cidr_blocks.1" must contain a valid CIDR, got error parsing: 
invalid CIDR address: "127.0.0.1/32"
"ingress.2.cidr_blocks.2" must contain a valid CIDR, got error parsing: 
invalid CIDR address: "127.0.0.1/32"
]

So it seems like the contents or the file are converted into a list or 3 cidr blocks that look correct, but terraform fails to parse any of them.

However, if I assign cidr_blocks = ["127.0.0.1/32", "127.0.0.1/32", "127.0.0.1/32"] everything seems to work fine.

Assigning a list to the variable cidrs = ["127.0.0.1/32", "127.0.0.1/32", "127.0.0.1/32"] works fine, as well. The issue seems to be caused by ${split(",", file())

[INFO] Terraform version: 0.11.0  ec9d4f1d0f90e8ec5148f94b6d634eb542a4f0ce+CHANGES

2 answers

solution1
 1  2020-04-04 17:11:03

I was trying to allow traffic from ALB, where I need to pass another security group add to Allow traffic from ALB. So my error was most similar to your question so adding as an answer might help someone else as I did not find well answer.

If you want to add another security group in the whitelist section so then it can help.

    ingress {
    from_port   = 0
    to_port     = 65535
    protocol    = "tcp"
    security_groups = ["${aws_security_group.alb_secuirty_group.id}"]
    description = "HTTP"
  }

solution2
 0  2019-06-13 17:51:31

I Edited my last answer:

If you need it from a comma separated file, theres no need to split values, just make it a list with []

cidr_blocks = ["${var.cidrs}"]

or simpler

cidr_blocks = ["${file("cidrs.scv")"}]

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question conflicting issue for aws_security_group_rule attributes cidr_blocks and source_security_group_id Terraform - list of string required (cidr_blocks in AWS) Terraform: create resource(aws_security_group) successfully but it takes ingress/egress rules from all given security groups AWS CloudFormation VPC CIDR assign to Security Group Conditional Expression not working in aws_security_group resource egress block terraform CIDR security group in aws ec2 configuration AWS - The CIDR is invalid Terraform - expected cidr_block to contain a valid Value, got: 0.0.0.0 with err: invalid CIDR address: 0.0.0.0 CIDR Address is not within CIDR Address from VPC Terraform next available CIDR on AWS
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM