Terraform - 为安全组迭代和创建入口规则
Terraform - Iterate and create Ingress Rules for a Security Group
我一直在为 AWS 基础设施编写可重用的模块。在创建安全组时,我的做法是为安全组创建一个通用模块,并在控制代码中提供一个端口列表。但是,当使用 count 时,它会为每个端口创建一个安全组。有没有办法像在这种情况下那样迭代特定部分?
SG 模块
resource "aws_security_group" "this" {
name = var.sg_name
description = var.description
vpc_id = var.vpc_id
count = min(length(var.ingress_ports))
ingress {
from_port = var.ingress_ports[count.index]
to_port = var.ingress_ports[count.index]
protocol = "tcp"
cidr_blocks = ["10.0.0.0/8"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
控制代码
module "qliksense_sg" {
source = "modules/aws-sg"
sg_name = "My-SG"
description = "A security group"
vpc_id = module.vpc.vpc_id
ingress_ports = ["80", "443"]
}
要在 Terraform 0.12 中执行此操作,您可以使用 dynamic blocks。事实上,该文档中给出的示例 link 用于在端口列表上添加入口规则:
resource "aws_security_group" "example" {
name = "example" # can use expressions here
dynamic "ingress" {
for_each = var.service_ports
content {
from_port = ingress.value
to_port = ingress.value
protocol = "tcp"
}
}
}
我一直在为 AWS 基础设施编写可重用的模块。在创建安全组时,我的做法是为安全组创建一个通用模块,并在控制代码中提供一个端口列表。但是,当使用 count 时,它会为每个端口创建一个安全组。有没有办法像在这种情况下那样迭代特定部分?
SG 模块
resource "aws_security_group" "this" {
name = var.sg_name
description = var.description
vpc_id = var.vpc_id
count = min(length(var.ingress_ports))
ingress {
from_port = var.ingress_ports[count.index]
to_port = var.ingress_ports[count.index]
protocol = "tcp"
cidr_blocks = ["10.0.0.0/8"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
控制代码
module "qliksense_sg" {
source = "modules/aws-sg"
sg_name = "My-SG"
description = "A security group"
vpc_id = module.vpc.vpc_id
ingress_ports = ["80", "443"]
}
要在 Terraform 0.12 中执行此操作,您可以使用 dynamic blocks。事实上,该文档中给出的示例 link 用于在端口列表上添加入口规则:
resource "aws_security_group" "example" {
name = "example" # can use expressions here
dynamic "ingress" {
for_each = var.service_ports
content {
from_port = ingress.value
to_port = ingress.value
protocol = "tcp"
}
}
}