Terraform AWS 安全組自參考
[英]Terraform AWS Security group self reference
原文
2020-04-13 15:41:34
8
1
amazon-web-services/
aws-cli/
terraform-provider-aws/
aws-security-group/
aws-cloudformation-custom-resource
問題描述
我正在使用 terraform 進行 AWS 資源配置。 我需要自我引用“mySG”。 從 Terraform 文檔我可以使用
ingress {
from_port = 0
to_port = 0
protocol = -1
self = true
}
但是不同的協議呢? 使用控制台 有以下可用的歷史入站規則:
Type Protocol PortRange Source
1. All TCP TCP 0-65535 mySG
2. All UDP UDP 0-65535 mySG
3. Custom TCP TCP 1856 mySG
(是否需要第三個條目?考慮到所有端口的第一個條目)上述入口規則是否處理所有 3 個條目? 如果不是,那么應該是 terraform 語法。
1 個解決方案
解決方案1
5 已采納 2020-04-13 16:52:04
您可以通過分別使用資源 aws_security_group 和 aws_security_group_rule 將 sec 組與規則分開來實現自引用組。 這樣做,結合您現有的 3 條規則,大致看起來像這樣 terraform:
resource "aws_security_group" "sec_group" {
name = "sec_group"
vpc_id = "${local.vpc_id}"
}
resource "aws_security_group_rule" "sec_group_allow_tcp" {
type = "ingress"
from_port = 0 // first part of port range
to_port = 65535 // second part of port range
protocol = "tcp" // Protocol, could be "tcp" "udp" etc.
security_group_id = "${aws_security_group.sec_group.id}" // Which group to attach it to
source_security_group_id = "${aws_security_group.sec_group.id}" // Which group to specify as source
}
resource "aws_security_group_rule" "sec_group_allow_udp" {
type = "ingress"
from_port = 0 // first part of port range
to_port = 65535 // second part of port range
protocol = "udp" // Protocol, could be "tcp" "udp" etc.
security_group_id = "${aws_security_group.sec_group.id}" // Which group to attach it to
source_security_group_id = "${aws_security_group.sec_group.id}" // Which group to specify as source
}
resource "aws_security_group_rule" "sec_group_allow_1865" {
type = "ingress"
from_port = 1865 // first part of port range
to_port = 1865 // second part of port range
protocol = "tcp" // Protocol, could be "tcp" "udp" etc.
security_group_id = "${aws_security_group.sec_group.id}" // Which group to attach it to
source_security_group_id = "${aws_security_group.sec_group.id}" // Which group to specify as source
}
請注意,該規則采用協議類型,從端口/到端口(用於范圍)和一個可選的 source_security_group_id 來指定
帶有 Terraform 的 AWS - 安全組規則中的安全組參數
[英]AWS with Terraform - security groups argument inside a security group rule
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.