stackoom
  简体   繁体   中英

dynamic variable-values-in-terraform-for-aws-security-groups

 原文  2022-11-23 10:11:47       amazon-web-services/ terraform/ amazon-eks

Question

Hi am working terraform code where am creating eks cluster and rds with security group for rds ad cluster also in rds security group am using dynamic method create ingress in that some using cidr some of security group am able to create cidr am stuck at security groupa

variable.tf
variable "ingress_rules" {
  default     = {
    "indian vpn ingress rule" = {
      "description" = "India  CIDR"
      "from_port"   = "1521"
      "to_port"     = "1521"
      "protocol"    = "tcp"
      "cidr_blocks" = ["192.34.890.0/24"]
    },
   "eks node ingress rule" = {
      "description" = "EKS Nodes SG"
      "from_port"   = "1521"
      "to_port"     = "1521"
      "protocol"    = "tcp"
      "security_groups" = ["module.eks.worker_security_group_id"]
    }

mani.tf

esource "aws_security_group" "rds_sg" {
    name    = "${var.cluster_name}-rds-sg"
    vpc_id  = var.vpc_id
    
    dynamic "ingress" {
    for_each = var.ingress_rules
    content {
      description      = lookup(ingress.value, "description", null)
      from_port        = lookup(ingress.value, "from_port", null)
      to_port          = lookup(ingress.value, "to_port", null)
      protocol         = lookup(ingress.value, "protocol", null)
      cidr_blocks      = lookup(ingress.value, "cidr_blocks", null)
      security_groups  = lookup(ingress.value, "security_groups", null)
    }
  }

How to define ["module.eks.worker_security_group_id"] in varibale tf my eks module define in main.tf

2 answers

solution1
 0  2022-11-23 10:17:44

You can't do that. TF does not support dynamic variables. The only thing you can do is to use locals instead. In local variables you can use dynamic content.

solution2
 0 ACCPTED  2022-11-23 16:19:14

I think there is a misunderstanding on the differences between input variables and local variables here.

input variables, can have a default value if not value is provided but they must be static.

local variables can be dynamic.

So, for your case, since the "ingress_rules" has already been defined and it is not going to change, but it must be build dynamically, it would be better to build it inside the "locals" block.

locals {
  ingress_rules = {
    ***
    ***
  }
}

To access it, use local.ingress_rules

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Creating AWS Security Groups in a Terraform Nested Loop Referencing Security Group in AWS via Terraform using Dynamic Block AWS security groups Terraform: create resource(aws_security_group) successfully but it takes ingress/egress rules from all given security groups terraform aws: Incorrect protocol in creating a security group AWS Security Group not in VPC error with Terraform Terraform - Authorizing Security Groups Between VPC Peering Connection Identify overlapping IPs in AWS Security Groups Terraform aws secrets - nested object variable Set $_HANDLER environment variable AWS Lambda in Dockerfile or via terraform
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM