AWS SG 自引用解决不同环境
AWS SG self reference resolving different environments
我想让它针对不同的环境(Dev、UAT、PROD)更加模块化,在那种情况下我相信我应该使用 SG("App${local.environment}sec_group")的 'name' 或仅 Sec_group?在这里它能解决 source_security_group_id 吗? main.tf 文件:-
resource "aws_security_group" "sec_group" {
name = "App${local.environment}sec_group"
vpc_id = "${local.vpc_id}"
} resource "aws_security_group_rule" "sec_group_allow_1865" {
type = "ingress"
from_port = 1865
to_port = 1865
protocol = "tcp"
security_group_id = "${aws_security_group.sec_group.id}"
source_security_group_id = "${aws_security_group.App${local.environment}sec_group.id}" '''
}
Variable.tf 文件:-
environment = "${lookup(var.ws_to_environment_map, terraform.workspace, var.default_environment)}"
vpc_id = "${lookup(var.ws_to_vpc_map, terraform.workspace, var.default_environment)}"
variable "default_environment" {
default = "dev"
}
variable "ws_to_vpc_map" {
type = "map"
default = {
dev = "vpc-03a05d67831e1ff035"
uat = ""
prod = ""
}
}
variable "ws_to_environment_map" {
type = "map"
default = {
dev = "DEV"
uat = "UAT"
prod = "PROD"
}
}
在这里你可以使用
source_security_group_id = "${aws_security_group.sec_group.id}"
而不是
source_security_group_id = "${aws_security_group.App${local.environment}sec_group.id}"
aws_security_group.sec_group指的是创建的安全组资源名称为"sec_group"(资源"aws_security_group""sec_group")和aws_security_group.sec_group.id 会得到它的 id。
我想让它针对不同的环境(Dev、UAT、PROD)更加模块化,在那种情况下我相信我应该使用 SG("App${local.environment}sec_group")的 'name' 或仅 Sec_group?在这里它能解决 source_security_group_id 吗? main.tf 文件:-
resource "aws_security_group" "sec_group" {
name = "App${local.environment}sec_group"
vpc_id = "${local.vpc_id}"
} resource "aws_security_group_rule" "sec_group_allow_1865" {
type = "ingress"
from_port = 1865
to_port = 1865
protocol = "tcp"
security_group_id = "${aws_security_group.sec_group.id}"
source_security_group_id = "${aws_security_group.App${local.environment}sec_group.id}" '''
}
Variable.tf 文件:-
environment = "${lookup(var.ws_to_environment_map, terraform.workspace, var.default_environment)}"
vpc_id = "${lookup(var.ws_to_vpc_map, terraform.workspace, var.default_environment)}"
variable "default_environment" {
default = "dev"
}
variable "ws_to_vpc_map" {
type = "map"
default = {
dev = "vpc-03a05d67831e1ff035"
uat = ""
prod = ""
}
}
variable "ws_to_environment_map" {
type = "map"
default = {
dev = "DEV"
uat = "UAT"
prod = "PROD"
}
}
在这里你可以使用
source_security_group_id = "${aws_security_group.sec_group.id}"
而不是
source_security_group_id = "${aws_security_group.App${local.environment}sec_group.id}"
aws_security_group.sec_group指的是创建的安全组资源名称为"sec_group"(资源"aws_security_group""sec_group")和aws_security_group.sec_group.id 会得到它的 id。