使用动态块通过 Terraform 引用 AWS 中的安全组
[英]Referencing Security Group in AWS via Terraform using Dynamic Block
问题描述
我在名为 .networking 的模块中有一个安全组资源:
resource "aws_security_group" "dev_sg" { for_each = var.security_groups name = each.value.name description = each.value.description vpc_id = aws_vpc.dev_vpc.id dynamic "ingress" { for_each = each.value.ingress #iterator = port content { from_port = ingress.value.from to_port = ingress.value.to protocol = ingress.value.protocol cidr_blocks = ingress.value.cidr_blocks } } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } }
此外,在模块之外,在根模块中我有 locals.tf 文件,它是这样的:
locals { security_groups = { public = { name = "public_sg" description = "Security Group for Public Access" ingress = { ssh = { from = 22 to = 22 protocol = "tcp" cidr_blocks = [var.access_ip] } http = { from = 80 to = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } } } }
这是模块定义:
module .networking" { source = "..networking" vpc_cidr = local.vpc_cidr security_groups = local.security_groups public_sn_count = 2 private_sn_count = 3 }
现在,我的问题是,如何在 locals.tf 文件中引用安全组 ID 而不是 cidr_block? 我不知道如何实现这个?
例如:
cidr_blocks = ["192.168.8.0/21", "${var.security_group_id}"]
1 个解决方案
解决方案1
2 已采纳 2023-01-03 12:10:17
您需要在aws_security_group ingress或egress中使用security_groups
resource "aws_security_group" "dev_sg" {
for_each = var.security_groups
name = each.value.name
description = each.value.description
vpc_id = aws_vpc.dev_vpc.id
dynamic "ingress" {
for_each = each.value.ingress
#iterator = port
content {
from_port = ingress.value.from
to_port = ingress.value.to
protocol = ingress.value.protocol
cidr_blocks = ingress.value.cidr_blocks
security_groups = lookup(ingress.value, "security_groups", null)
}
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
locals {
security_groups = {
public = {
name = "public_sg"
description = "Security Group for Public Access"
ingress = {
ssh = {
from = 22
to = 22
protocol = "tcp"
cidr_blocks = [var.access_ip]
security_groups = [var.security_group_id]
}
http = {
from = 80
to = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"],
security_groups = [var.security_group_id]
}
}
}
}
module "networking" {
source = "./networking"
vpc_cidr = local.vpc_cidr
security_groups = local.security_groups
public_sn_count = 2
private_sn_count = 3
}
动态变量值-in-terraform-for-aws-security-groups
[英]dynamic variable-values-in-terraform-for-aws-security-groups
如果设置了安全组,则无法使用 terraform 创建 ec2 实例
[英]failed to create ec2 instance using terraform if set security group
在 terraform 中使用模块向 ec2 分配多个安全组时出错
[英]Getting error while assigning multiple security group using modules to ec2 in terraform
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
AWS 安全组不在 VPC 错误中,出现 Terraform
terraform aws:创建安全组时的协议不正确
动态变量值-in-terraform-for-aws-security-groups
如果设置了安全组,则无法使用 terraform 创建 ec2 实例
AWS 云中的安全组
使用 aws cli 从 AWS 中的安全组更新现有 IP
使用 Terraform 创建 AWS 资源组
在 Terraform 嵌套循环中创建 AWS 安全组
在 terraform 中使用模块向 ec2 分配多个安全组时出错
在 aws 模块中使用 Terraform Provider
相关标签