[英]Referencing Security Group in AWS via Terraform using Dynamic Block
我在名为 .networking 的模块中有一个安全组资源:
resource "aws_security_group" "dev_sg" { for_each = var.security_groups name = each.value.name description = each.value.description vpc_id = aws_vpc.dev_vpc.id dynamic "ingress" { for_each = each.value.ingress #iterator = port content { from_port = ingress.value.from to_port = ingress.value.to protocol = ingress.value.protocol cidr_blocks = ingress.value.cidr_blocks } } egress { from_port = 0 to_port = 0 protocol = "-1" cidr_blocks = ["0.0.0.0/0"] } }
此外,在模块之外,在根模块中我有 locals.tf 文件,它是这样的:
locals { security_groups = { public = { name = "public_sg" description = "Security Group for Public Access" ingress = { ssh = { from = 22 to = 22 protocol = "tcp" cidr_blocks = [var.access_ip] } http = { from = 80 to = 80 protocol = "tcp" cidr_blocks = ["0.0.0.0/0"] } } } }
这是模块定义:
module .networking" { source = "..networking" vpc_cidr = local.vpc_cidr security_groups = local.security_groups public_sn_count = 2 private_sn_count = 3 }
现在,我的问题是,如何在 locals.tf 文件中引用安全组 ID 而不是 cidr_block? 我不知道如何实现这个?
例如:
cidr_blocks = ["192.168.8.0/21", "${var.security_group_id}"]
您需要在aws_security_group
ingress
或egress
中使用security_groups
resource "aws_security_group" "dev_sg" {
for_each = var.security_groups
name = each.value.name
description = each.value.description
vpc_id = aws_vpc.dev_vpc.id
dynamic "ingress" {
for_each = each.value.ingress
#iterator = port
content {
from_port = ingress.value.from
to_port = ingress.value.to
protocol = ingress.value.protocol
cidr_blocks = ingress.value.cidr_blocks
security_groups = lookup(ingress.value, "security_groups", null)
}
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
locals {
security_groups = {
public = {
name = "public_sg"
description = "Security Group for Public Access"
ingress = {
ssh = {
from = 22
to = 22
protocol = "tcp"
cidr_blocks = [var.access_ip]
security_groups = [var.security_group_id]
}
http = {
from = 80
to = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"],
security_groups = [var.security_group_id]
}
}
}
}
module "networking" {
source = "./networking"
vpc_cidr = local.vpc_cidr
security_groups = local.security_groups
public_sn_count = 2
private_sn_count = 3
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.