[英]Terraform AWS Security group self reference
我正在使用 terraform 進行 AWS 資源配置。 我需要自我引用“mySG”。 從 Terraform 文檔我可以使用
ingress {
from_port = 0
to_port = 0
protocol = -1
self = true
}
但是不同的協議呢? 使用控制台 有以下可用的歷史入站規則:
Type Protocol PortRange Source
1. All TCP TCP 0-65535 mySG
2. All UDP UDP 0-65535 mySG
3. Custom TCP TCP 1856 mySG
(是否需要第三個條目?考慮到所有端口的第一個條目)上述入口規則是否處理所有 3 個條目? 如果不是,那么應該是 terraform 語法。
您可以通過分別使用資源 aws_security_group 和 aws_security_group_rule 將 sec 組與規則分開來實現自引用組。 這樣做,結合您現有的 3 條規則,大致看起來像這樣 terraform:
resource "aws_security_group" "sec_group" {
name = "sec_group"
vpc_id = "${local.vpc_id}"
}
resource "aws_security_group_rule" "sec_group_allow_tcp" {
type = "ingress"
from_port = 0 // first part of port range
to_port = 65535 // second part of port range
protocol = "tcp" // Protocol, could be "tcp" "udp" etc.
security_group_id = "${aws_security_group.sec_group.id}" // Which group to attach it to
source_security_group_id = "${aws_security_group.sec_group.id}" // Which group to specify as source
}
resource "aws_security_group_rule" "sec_group_allow_udp" {
type = "ingress"
from_port = 0 // first part of port range
to_port = 65535 // second part of port range
protocol = "udp" // Protocol, could be "tcp" "udp" etc.
security_group_id = "${aws_security_group.sec_group.id}" // Which group to attach it to
source_security_group_id = "${aws_security_group.sec_group.id}" // Which group to specify as source
}
resource "aws_security_group_rule" "sec_group_allow_1865" {
type = "ingress"
from_port = 1865 // first part of port range
to_port = 1865 // second part of port range
protocol = "tcp" // Protocol, could be "tcp" "udp" etc.
security_group_id = "${aws_security_group.sec_group.id}" // Which group to attach it to
source_security_group_id = "${aws_security_group.sec_group.id}" // Which group to specify as source
}
請注意,該規則采用協議類型,從端口/到端口(用於范圍)和一個可選的 source_security_group_id 來指定
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.