stackoom
  简体   繁体   中英

Terraform add existing security group to new auto scaling ec2 group

 原文  2020-01-07 12:54:35       amazon-web-services/ amazon-ec2/ terraform/ autoscaling

Question

I want to add an existing Security Group defined in the VPC to an EC2 Auto Scaling Group. There is no LB defined. This example creates a single EC2 instance for now.

Terraform documentation shows that this is possible for EC2 instances using sg_attachment 

resource "aws_network_interface_sg_attachment" "bastion" {
  security_group_id    = var.sg_id
  network_interface_id = aws_autoscaling_group.bastion.primary_network_interface_id
}

But I get the following error, probably because I'm using Auto-scaling groups instead:

Error: Unsupported attribute

on ......\\modules\\ec2_auto_scaling_group\\bastion.tf line 51, in resource "aws_network_interface_sg_attachment" "bastion": 51:
network_interface_id = aws_autoscaling_group.bastion.primary_network_interface_id

This object has no argument, nested block, or exported attribute named "primary_network_interface_id".

I've seen the autoscaling group attachment - https://www.terraform.io/docs/providers/aws/r/autoscaling_attachment.html

But this doesn't refer to security groups at all.

Of course - I could implicitly specify a new security group with all the same rules, or just declare an ec2 instance instead. But when creating an autoscaling group on the console - you get the option to import existing Security groups. So I'd like to think that terraform has an equivalent.

1 answers

solution1
 0 ACCPTED  2020-01-07 13:18:49

It appears I've overlooked previous settings:

resource "aws_launch_configuration" "bastion" {
  # Launch configuration can't be updated, (provisioning)
  # in order to update the resource will be destroyed and rebuilt

  name_prefix = var.bastion_name_prefix

  image_id = data.aws_ami.RHEL_77.id 
  instance_type = var.bastion_instance_type
  key_name = aws_key_pair.bastion.key_name
  associate_public_ip_address = true
  enable_monitoring = false
  security_groups = [var.vpc_main_sg_id,aws_security_group.bastion.id]

  lifecycle {
      create_before_destroy = true
  }
}

Adding a security group to aws_launch_configuration, fixed the issue.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to attach existing EC2 instances to auto scaling group in terraform? EC2 security group setting for load balancer, auto scaling group Terraform add new security group to an existing security group How to add swap memory in auto scaling group of ec2 instances Ansible : Add running EC2 instances to Auto-scaling group Update existing security group when creating new ec2 CloudFormation How to add a security group to an existing EC2 instance with CloudFormation Specifying multiple metrics in EC2 Auto Scaling Group Target Tracking thru Terraform ec2 auto scaling group with multiple port in target group Auto renew EC2 instances in an Auto Scaling Group when a new launch config is found
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM