如何在 Azure 上使用 Terraform 创建到现有子网的 NSG
How to create a NSG to an existing subnet with terraform on azure
我正在如下引用现有子网,但我希望创建一个 NSG 并将其附加到子网。它给我错误。
引用和添加 NSG 的代码如下:
data "azurerm_subnet" "tf-sn-erx-app" {
name = "${var.subnet_app_name}"
virtual_network_name = "${data.azurerm_virtual_network.tf-vn-erx.name}"
resource_group_name = "${data.azurerm_resource_group.tf-rg-erx-external.name}"
security_group = "${azurerm_network_security_group.tf-nsg-erx-application.id}"
}
data "azurerm_subnet" "tf-sn-erx-sql" {
name = "${var.subnet_sql_name}"
virtual_network_name = "${data.azurerm_virtual_network.tf-vn-erx.name}"
resource_group_name = "${data.azurerm_resource_group.tf-rg-erx-external.name}"
security_group = "${azurerm_network_security_group.tf-nsg-erx-sql.id}"
}
resource "azurerm_network_security_group" "tf-nsg-erx-application" {
name = "${var.application_nsg}"
location = "${data.azurerm_resource_group.tf-rg-erx-external.location}"
resource_group_name = "${data.azurerm_resource_group.tf-rg-erx-external.name}"
}
resource "azurerm_network_security_rule" "tf-nsr-erx-application-5985" {
name = "Open Port 5985"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "5985"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = "${data.azurerm_resource_group.tf-rg-erx-external.name}"
network_security_group_name = "${azurerm_network_security_group.tf-nsg-erx-application.name}"
}
resource "azurerm_network_security_rule" "tf-nsr-erx-application-5986" {
name = "Open Port 5986"
priority = 101
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "5986"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = "${data.azurerm_resource_group.tf-rg-erx-external.name}"
network_security_group_name = "${azurerm_network_security_group.tf-nsg-erx-application.name}"
}
但是,当我执行 运行 时,terraform 会报告以下错误。
Error: data.azurerm_subnet.tf-sn-erx-app: : invalid or unknown key: security_group
Error: data.azurerm_subnet.tf-sn-erx-sql: : invalid or unknown key: security_group
问题是什么?
数据源azurerm_subnet中没有security_group的key
Argument Reference
name - (Required) Specifies the name of the Subnet.
virtual_network_name - (Required) Specifies the name of the Virtual Network this Subnet is located within.
resource_group_name - (Required) Specifies the name of the resource group the Virtual Network is located in.
https://www.terraform.io/docs/providers/azurerm/d/subnet.html
正如@BMW所说,数据azurerm_subnet中没有属性security_group。如果要将 NSG 关联到现有子网,可以使用 azurerm_subnet_network_security_group_association 来实现。只需使用数据 azurerm_subnet 引用现有子网并为其创建 NSG 或使用现有子网。
我通过下面的代码让它工作:
resource "azurerm_network_interface" "tf-ni-erx-mkconn" {
count = 3
name = "${var.mkconn_base_hostname}${format("%02d",count.index+1)}-nic01"
location = "${data.azurerm_resource_group.tf-rg-erx-external.location}"
resource_group_name = "${data.azurerm_resource_group.tf-rg-erx-external.name}"
network_security_group_id = "${azurerm_network_security_group.tf-nsg-erx-application.id}"
我正在如下引用现有子网,但我希望创建一个 NSG 并将其附加到子网。它给我错误。
引用和添加 NSG 的代码如下:
data "azurerm_subnet" "tf-sn-erx-app" {
name = "${var.subnet_app_name}"
virtual_network_name = "${data.azurerm_virtual_network.tf-vn-erx.name}"
resource_group_name = "${data.azurerm_resource_group.tf-rg-erx-external.name}"
security_group = "${azurerm_network_security_group.tf-nsg-erx-application.id}"
}
data "azurerm_subnet" "tf-sn-erx-sql" {
name = "${var.subnet_sql_name}"
virtual_network_name = "${data.azurerm_virtual_network.tf-vn-erx.name}"
resource_group_name = "${data.azurerm_resource_group.tf-rg-erx-external.name}"
security_group = "${azurerm_network_security_group.tf-nsg-erx-sql.id}"
}
resource "azurerm_network_security_group" "tf-nsg-erx-application" {
name = "${var.application_nsg}"
location = "${data.azurerm_resource_group.tf-rg-erx-external.location}"
resource_group_name = "${data.azurerm_resource_group.tf-rg-erx-external.name}"
}
resource "azurerm_network_security_rule" "tf-nsr-erx-application-5985" {
name = "Open Port 5985"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "5985"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = "${data.azurerm_resource_group.tf-rg-erx-external.name}"
network_security_group_name = "${azurerm_network_security_group.tf-nsg-erx-application.name}"
}
resource "azurerm_network_security_rule" "tf-nsr-erx-application-5986" {
name = "Open Port 5986"
priority = 101
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "5986"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = "${data.azurerm_resource_group.tf-rg-erx-external.name}"
network_security_group_name = "${azurerm_network_security_group.tf-nsg-erx-application.name}"
}
但是,当我执行 运行 时,terraform 会报告以下错误。
Error: data.azurerm_subnet.tf-sn-erx-app: : invalid or unknown key: security_group
Error: data.azurerm_subnet.tf-sn-erx-sql: : invalid or unknown key: security_group
问题是什么?
数据源azurerm_subnet中没有security_group的key
Argument Reference
name - (Required) Specifies the name of the Subnet.
virtual_network_name - (Required) Specifies the name of the Virtual Network this Subnet is located within.
resource_group_name - (Required) Specifies the name of the resource group the Virtual Network is located in.
https://www.terraform.io/docs/providers/azurerm/d/subnet.html
正如@BMW所说,数据azurerm_subnet中没有属性security_group。如果要将 NSG 关联到现有子网,可以使用 azurerm_subnet_network_security_group_association 来实现。只需使用数据 azurerm_subnet 引用现有子网并为其创建 NSG 或使用现有子网。
我通过下面的代码让它工作:
resource "azurerm_network_interface" "tf-ni-erx-mkconn" {
count = 3
name = "${var.mkconn_base_hostname}${format("%02d",count.index+1)}-nic01"
location = "${data.azurerm_resource_group.tf-rg-erx-external.location}"
resource_group_name = "${data.azurerm_resource_group.tf-rg-erx-external.name}"
network_security_group_id = "${azurerm_network_security_group.tf-nsg-erx-application.id}"