使用 terraform 在非默认 VPC 中创建 AWS RDS 实例

Create AWS RDS instance in non default VPC using terraform

我正在使用 Terraform v0.10.2。我在 modules/vpc/main.tfmodules/acl/main.tf 中创建了 VPC。我正在使用它的输出访问它。

我可以像这样在上面的 vpc 的 public 子网中成功创建 ec2 实例:

subnet_id = "${element(module.vpc.public_subnet_ids, count.index)}"

我想将 RDS 实例添加到私有子网。我尝试了 terraform 文档所说的内容:

vpc_security_group_ids    = [
  "${aws_security_group.db_access_sg.id}"
]
db_subnet_group_name = "${module.vpc.aws_db_subnet_group_database}"

但是,它正在添加到默认 VPC。如果我将子网放在模块外部并访问资源,它会给出变量未找到错误。

我参考了很多 GitHub 例子,但都没有成功。我错过了什么吗?

这是我提到的 link 之一:https://github.com/hashicorp/terraform/issues/13739

modules/vpc/main.tf

的内容 
resource "aws_vpc" "mod" {
  cidr_block = "${var.cidr}"

  tags {
    Name = "${var.name}"
  }
}

resource "aws_internet_gateway" "mod" {
  vpc_id = "${aws_vpc.mod.id}"
}

resource "aws_route_table" "public" {
  vpc_id           = "${aws_vpc.mod.id}"
  propagating_vgws = ["${compact(split(",", var.public_propagating_vgws))}"]

  tags {
    Name = "${var.name}-public"
  }
}

resource "aws_route" "public_internet_gateway" {
  route_table_id         = "${aws_route_table.public.id}"
  destination_cidr_block = "0.0.0.0/0"
  gateway_id             = "${aws_internet_gateway.mod.id}"
}

resource "aws_route_table" "private" {
  vpc_id           = "${aws_vpc.mod.id}"
  propagating_vgws = ["${compact(split(",", var.private_propagating_vgws))}"]

  tags {
    Name = "${var.name}-private"
  }
}

resource "aws_subnet" "private" {
  vpc_id            = "${aws_vpc.mod.id}"
  cidr_block        = "${element(split(",", var.private_subnets), count.index)}"
  availability_zone = "${element(split(",", var.azs), count.index)}"
  count             = "${length(compact(split(",", var.private_subnets)))}"

  tags {
    Name = "${var.name}-private"
  }
}

resource "aws_subnet" "public" {
  vpc_id            = "${aws_vpc.mod.id}"
  cidr_block        = "${element(split(",", var.public_subnets), count.index)}"
  availability_zone = "${element(split(",", var.azs), count.index)}"
  count             = "${length(compact(split(",", var.public_subnets)))}"

  tags {
    Name = "${var.name}-public"
  }

  map_public_ip_on_launch = true
}

resource "aws_db_subnet_group" "database" {
  name         = "${var.name}-rds-subnet-group-${count.index}"
  description  = "Database subnet groups for ${var.name}"
  subnet_ids   = ["${aws_subnet.private.*.id}"]
  #tags        = "${merge(var.tags, map("Name", format("%s-database-subnet-group", var.name)))}"
  count        = "${length(compact(split(",", var.private_subnets)))}"
}

resource "aws_route_table_association" "private" {
  count          = "${length(compact(split(",", var.private_subnets)))}"
  subnet_id      = "${element(aws_subnet.private.*.id, count.index)}"
  route_table_id = "${aws_route_table.private.id}"
}

resource "aws_route_table_association" "public" {
  count          = "${length(compact(split(",", var.public_subnets)))}"
  subnet_id      = "${element(aws_subnet.public.*.id, count.index)}"
  route_table_id = "${aws_route_table.public.id}"
}

modules/vpc/outputs.tf

的内容 
output "vpc_id" {
  value = "${aws_vpc.mod.id}"
}

output "public_subnet_ids" {
  value = ["${aws_subnet.public.*.id}"]
}

output "private_subnet_ids" {
  value = ["${aws_subnet.private.*.id}"]
}

output "aws_db_subnet_group_database" {
  value = "${aws_db_subnet_group.database.name}"
}

modules/acl/main.tf

的内容 
resource "aws_network_acl" "private_app_subnets" {
  vpc_id = "${var.vpc_id}"

  subnet_ids = ["${var.private_subnet_ids}"]
}

问题是,我在尝试将 RDS 实例添加到私有子网时启用了 "Publicly Accessible" 为真。当然,我必须像 ydaetskcoR 告诉我的那样从 aws_db_subnet_group 中删除计数。