Terraform AWS 安全组自参考
Terraform AWS Security group self reference
-
amazon-web-services
-
aws-cli
-
aws-security-group
-
terraform-provider-aws
-
aws-cloudformation-custom-resource
我正在使用 Terraform 进行 AWS 资源配置。我需要自我参考"mySG"。从 Terraform 文档我可以使用
ingress {
from_port = 0
to_port = 0
protocol = -1
self = true
}
但是不同的协议呢?使用控制台有以下可用的历史入站规则:
Type Protocol PortRange Source
1. All TCP TCP 0-65535 mySG
2. All UDP UDP 0-65535 mySG
3. Custom TCP TCP 1856 mySG
(是否需要第三次输入?考虑所有端口的第一次输入)
上述入口规则是否处理所有 3 个条目?如果不是,terraform 语法应该是什么。
您可以通过分别使用资源 aws_security_group 和 aws_security_group_rule 从规则中拆分 sec 组来实现自引用组。这样做,结合您的 3 个现有规则,将大致像这样的地形:
resource "aws_security_group" "sec_group" {
name = "sec_group"
vpc_id = "${local.vpc_id}"
}
resource "aws_security_group_rule" "sec_group_allow_tcp" {
type = "ingress"
from_port = 0 // first part of port range
to_port = 65535 // second part of port range
protocol = "tcp" // Protocol, could be "tcp" "udp" etc.
security_group_id = "${aws_security_group.sec_group.id}" // Which group to attach it to
source_security_group_id = "${aws_security_group.sec_group.id}" // Which group to specify as source
}
resource "aws_security_group_rule" "sec_group_allow_udp" {
type = "ingress"
from_port = 0 // first part of port range
to_port = 65535 // second part of port range
protocol = "udp" // Protocol, could be "tcp" "udp" etc.
security_group_id = "${aws_security_group.sec_group.id}" // Which group to attach it to
source_security_group_id = "${aws_security_group.sec_group.id}" // Which group to specify as source
}
resource "aws_security_group_rule" "sec_group_allow_1865" {
type = "ingress"
from_port = 1865 // first part of port range
to_port = 1865 // second part of port range
protocol = "tcp" // Protocol, could be "tcp" "udp" etc.
security_group_id = "${aws_security_group.sec_group.id}" // Which group to attach it to
source_security_group_id = "${aws_security_group.sec_group.id}" // Which group to specify as source
}
请注意,该规则采用协议类型,来自 port/to 端口(用于范围)和可选的 source_security_group_id 以指定
amazon-web-services
aws-cli
aws-security-group
terraform-provider-aws
aws-cloudformation-custom-resource
我正在使用 Terraform 进行 AWS 资源配置。我需要自我参考"mySG"。从 Terraform 文档我可以使用
ingress {
from_port = 0
to_port = 0
protocol = -1
self = true
}
但是不同的协议呢?使用控制台有以下可用的历史入站规则:
Type Protocol PortRange Source
1. All TCP TCP 0-65535 mySG
2. All UDP UDP 0-65535 mySG
3. Custom TCP TCP 1856 mySG
(是否需要第三次输入?考虑所有端口的第一次输入) 上述入口规则是否处理所有 3 个条目?如果不是,terraform 语法应该是什么。
您可以通过分别使用资源 aws_security_group 和 aws_security_group_rule 从规则中拆分 sec 组来实现自引用组。这样做,结合您的 3 个现有规则,将大致像这样的地形:
resource "aws_security_group" "sec_group" {
name = "sec_group"
vpc_id = "${local.vpc_id}"
}
resource "aws_security_group_rule" "sec_group_allow_tcp" {
type = "ingress"
from_port = 0 // first part of port range
to_port = 65535 // second part of port range
protocol = "tcp" // Protocol, could be "tcp" "udp" etc.
security_group_id = "${aws_security_group.sec_group.id}" // Which group to attach it to
source_security_group_id = "${aws_security_group.sec_group.id}" // Which group to specify as source
}
resource "aws_security_group_rule" "sec_group_allow_udp" {
type = "ingress"
from_port = 0 // first part of port range
to_port = 65535 // second part of port range
protocol = "udp" // Protocol, could be "tcp" "udp" etc.
security_group_id = "${aws_security_group.sec_group.id}" // Which group to attach it to
source_security_group_id = "${aws_security_group.sec_group.id}" // Which group to specify as source
}
resource "aws_security_group_rule" "sec_group_allow_1865" {
type = "ingress"
from_port = 1865 // first part of port range
to_port = 1865 // second part of port range
protocol = "tcp" // Protocol, could be "tcp" "udp" etc.
security_group_id = "${aws_security_group.sec_group.id}" // Which group to attach it to
source_security_group_id = "${aws_security_group.sec_group.id}" // Which group to specify as source
}
请注意,该规则采用协议类型,来自 port/to 端口(用于范围)和可选的 source_security_group_id 以指定