[英]Security group created by Terraform has no rules
我現在正在研究 Terraform 並編寫了一個簡單的腳本來創建一些 AWS 資源。
從我的腳本中,它可以創建一個帶有子網的 VPC,以及一個附加安全組的實例。 它們都是由 terraform 腳本新創建的。 當我運行 terraform 計划或 terraform 應用時,沒有顯示錯誤或警告並成功創建。 但是,當我在 AWS 控制台上檢查那些新創建的資源時,我發現安全組已經創建但沒有附加規則。
任何人都可以幫忙嗎? 非常感謝。
以下是我的 terraform 腳本。
provider "aws" {
region = var.AWS_REGION
access_key = var.AWS_ACCESS_KEY
secret_key = var.AWS_SECRET_KEY
}
data "aws_ami" "amazon-2" {
most_recent = true
owners = [ "amazon" ]
filter {
name = "name"
values = [ "amzn2-ami-hvm-*-x86_64-ebs" ]
}
}
resource "aws_key_pair" "generate_keypair" {
key_name = var.key_name
public_key = var.public_key
tags = var.default_tags
}
resource "aws_vpc" "study" {
cidr_block = "10.0.0.0/20"
tags = var.default_tags
}
resource "aws_subnet" "study-public" {
vpc_id = aws_vpc.study.id
cidr_block = "10.0.0.0/26"
tags = var.default_tags
}
resource "aws_security_group" "public-instance" {
vpc_id = aws_vpc.study.id
name = "public-instance"
description = "Group for public instance"
tags = var.default_tags
ingress {
description = "Port 80 ingress"
from_port = 80
to_port = 80
protocol = "tcp"
}
ingress {
description = "Port 22 ingress"
from_port = 22
to_port = 22
protocol = "ssh"
}
egress {
from_port = 0
to_port = 0
protocol = "all"
}
}
resource "aws_instance" "linux" {
ami = data.aws_ami.amazon-2.id
instance_type = "t3.micro"
key_name = aws_key_pair.generate_keypair.key_name
vpc_security_group_ids = [ aws_security_group.public-instance.id ]
subnet_id = aws_subnet.study-public.id
tags = var.default_tags
}
您需要至少指定任何一個規則目標,例如 CIDR 塊、安全組 ID 或前綴列表。
下面的代碼片段適合您。 在這種情況下,我使用cidr_blocks
。
resource "aws_security_group" "public-instance" {
vpc_id = aws_vpc.study.id
name = "public-instance"
description = "Group for public instance"
ingress {
description = "Port 80 ingress"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "Port 22 ingress"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "all"
cidr_blocks = ["0.0.0.0/0"]
}
}
添加cidr_blocks = ["<your ip cidr>"]
並更改protocol = "tcp"
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "all"
cidr_blocks = ["0.0.0.0/0"]
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.