[英]AWS Security Group not in VPC error with Terraform
長話短說,使用 Terraform,我想
完成項目 1 很簡單。 為了完成第 2 項,我了解到:
vpc_security_group_ids = ["${aws_security_group.allow_ssh.id},${aws_security_group.allow_web.id}"]我有以下 Terraform 計划:
# Provider Details
provider "aws" {
region = "us-east-1"
shared_credentials_file = "/Users/default/.aws/credentials"
profile = "my-profile"
}
# Main VPC
resource "aws_vpc" "vpc_main" {
cidr_block = "10.0.0.0/16"
enable_dns_support = true
enable_dns_hostnames = true
tags {
Name = "Main VPC"
}
}
resource "aws_subnet" "public" {
vpc_id = "${aws_vpc.vpc_main.id}"
cidr_block = "10.0.0.1/16"
map_public_ip_on_launch = true
tags {
Name = "Public Subnet"
}
}
resource "aws_security_group" "allow_web" {
name = "allow-web-traffic"
description = "Allow all inbound/outbound traffic on 80 443"
vpc_id = "${aws_vpc.vpc_main.id}"
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_security_group" "allow_ssh" {
name = "allow-ssh-traffic"
description = "Allow ssh traffic on 22"
vpc_id = "${aws_vpc.vpc_main.id}"
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_instance" "proxy_server" {
ami = "ami-6871a115" # RHEL 7.5 HVM SSD
instance_type = "t2.micro"
key_name = "cwood_sa"
vpc_security_group_ids = ["${aws_security_group.allow_ssh.id},${aws_security_group.allow_web.id}"] # this breaks it
subnet_id = "${aws_subnet.public.id}"
}
由此產生的錯誤。
* aws_instance.proxy_server: Error launching source instance: InvalidGroup.NotFound: The security group 'sg-063c2b4b4836f18aa,sg-07e562845b70bf125' does not exist in VPC 'vpc-0397460a8f633574c'
status code: 400, request id: dae8b8e8-8259-4ef1-b9c2-a8b782f96235
但是,如果我查看 AWS 控制台,就會發現這些安全組與VPC 相關聯。
我假設我在某個地方犯了一個基本錯誤,需要一些幫助。
每個安全組都必須用引號引起來。 您當前有一行:
vpc_security_group_ids = ["${aws_security_groups.allow_ssh.id},${aws_security_group.allow_web.id}"]
這不是有效的HCL列表語法 。 將您的安全組行更新為:
vpc_security_group_ids = ["${aws_security_groups.allow_ssh.id}","${aws_security_group.allow_web.id}"]
有一個類似的問題。 我有這個錯誤:
aws_instance.mac: Creating...
╷
│ Error: creating EC2 Instance: InvalidGroup.NotFound: The security group '["sg-0762f148621bc8649"]' does not exist in VPC 'vpc-0cgh1e611ae423ccf'
│ status code: 400, request id: 153ea6fb-5467-41f5-ba75-1a6f60tg8279
│
│ with aws_instance.mac,
│ on main.tf line 1, in resource "aws_instance" "mac":
│ 1: resource "aws_instance" "mac" {
│
╵
Releasing state lock. This may take a few moments...
ERRO[0049] 1 error occurred:
* exit status 1
我的設置中有以下內容:
模塊文件
resource "aws_instance" "mac" {
ami = var.custom_ami
instance_type = "mac1.metal"
key_name = var.key_name
availability_zone = var.availability_zone
host_id = var.dedicated_host_id
subnet_id = var.subnet_id
vpc_security_group_ids = [var.vpc_security_group_ids]
root_block_device {
volume_size = 512
volume_type = "gp3"
}
tags = {
Name = var.name
}
}
變量文件
variable "custom_ami" {}
variable "name" {}
variable "availability_zone" {}
variable "dedicated_host_id" {}
variable "key_name" {}
variable "subnet_id" {}
variable "vpc_security_group_ids" {}
資源文件
include {
path = find_in_parent_folders()
}
locals {
common_vars = read_terragrunt_config(find_in_parent_folders("common.hcl"))
environment = local.common_vars.locals.environment_name
tags = local.common_vars.locals.common_tags
}
dependency "vpc" {
config_path = "../../vpc/"
}
dependency "key_pair" {
config_path = "../../key_pair/"
}
dependency "security_group" {
config_path = "../../security-groups/macos/"
}
dependency "ec2_host" {
config_path = "../ec2-host/"
}
terraform {
source = "../../../../../../modules/aws/m1-macos///"
}
inputs = {
name = "${local.environment}-macos-m1-01"
custom_ami = "ami-0db9238c33c33525b"
key_name = dependency.key_pair.outputs.key_pair_key_name
availability_zone = "eu-central-1a"
dedicated_host_id = dependency.ec2_host.outputs.ec2_host_id
vpc_security_group_ids = [dependency.security_group.outputs.security_group_id]
subnet_id = dependency.vpc.outputs.private_subnets[0]
tags = local.tags
}
我是如何修復它的:
我所要做的就是刪除模塊文件中vpc_security_group_ids = [var.vpc_security_group_ids] []周圍的 [] ,然后將type = list(string)添加到變量文件中的變量vpc_security_group_ids 。
模塊文件
resource "aws_instance" "mac" {
ami = var.custom_ami
instance_type = "mac1.metal"
key_name = var.key_name
availability_zone = var.availability_zone
host_id = var.dedicated_host_id
subnet_id = var.subnet_id
vpc_security_group_ids = var.vpc_security_group_ids
root_block_device {
volume_size = 512
volume_type = "gp3"
}
tags = {
Name = var.name
}
}
變量文件
variable "custom_ami" {}
variable "name" {}
variable "availability_zone" {}
variable "dedicated_host_id" {}
variable "key_name" {}
variable "subnet_id" {}
variable "vpc_security_group_ids" {
description = "A list of security group IDs to associate with"
type = list(string)
default = null
}
資源文件
include {
path = find_in_parent_folders()
}
locals {
common_vars = read_terragrunt_config(find_in_parent_folders("common.hcl"))
environment = local.common_vars.locals.environment_name
tags = local.common_vars.locals.common_tags
}
dependency "vpc" {
config_path = "../../vpc/"
}
dependency "key_pair" {
config_path = "../../key_pair/"
}
dependency "security_group" {
config_path = "../../security-groups/macos/"
}
dependency "ec2_host" {
config_path = "../ec2-host/"
}
terraform {
source = "../../../../../../modules/aws/m1-macos///"
}
inputs = {
name = "${local.environment}-macos-m1-01"
custom_ami = "ami-0db9238c33c33525b"
key_name = dependency.key_pair.outputs.key_pair_key_name
availability_zone = "eu-central-1a"
dedicated_host_id = dependency.ec2_host.outputs.ec2_host_id
vpc_security_group_ids = [dependency.security_group.outputs.security_group_id]
subnet_id = dependency.vpc.outputs.private_subnets[0]
tags = local.tags
}
嘗試使用Terraform創建AWS VPC安全組時出現周期錯誤
[英]Cycle error when trying to create AWS VPC security groups using Terraform
為什么Terraform會將另一個VPC中的安全組檢測到子網?
[英]Why does Terraform detect security group in another VPC to the subnet?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.