Terraform - 无法使用 terraform-aws-modules/security-group/aws 定义安全组
Terraform - unable to define security groups with terraform-aws-modules/security-group/aws
我正在尝试此模块中的示例
https://registry.terraform.io/modules/terraform-aws-modules/security-group/aws/3.10.0
main.tf:
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
name = "${var.environment}-project-vpc"
cidr = "10.0.0.0/16"
#
# Important!
# https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/403
# Only append or delete from the end of the list
#
azs = ["us-east-2a", "us-east-2b", "us-east-2c"]
private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
enable_nat_gateway = true
single_nat_gateway = true
one_nat_gateway_per_az = false
enable_dns_hostnames = true
enable_dns_support = true
tags = module.project_config.tags
}
module "bastion_sg" {
source = "terraform-aws-modules/security-group/aws"
name = "bastion-service"
description = "Security group for bastion-service"
vpc_id = module.vpc.default_vpc_id
ingress_rules = ["https-443-tcp", "http-80-tcp", "ssh", "all-icmp"]
egress_rules = ["all-all"]
}
resource "aws_instance" "bastion" {
# name = "bastion"
# description = "bastion ssh host to access internals of the infrastructure by SSH"
ami = "ami-08ee2516c7709ea48"
instance_type = "t2.micro"
security_groups = [
module.bastion_sg.this_security_group_id
]
subnet_id = module.vpc.public_subnets[0]
}
并且 terraform 应用失败
Error: Invalid index
on .terraform/modules/bastion_sg/terraform-aws-security-group-3.10.0/main.tf line 65, in resource "aws_security_group_rule" "ingress_rules":
65: description = var.rules[var.ingress_rules[count.index]][3]
|----------------
| count.index is 2
| var.ingress_rules is list of string with 4 elements
| var.rules is map of list of string with 115 elements
The given key does not identify an element in this collection value.
Error: Invalid index
on .terraform/modules/bastion_sg/terraform-aws-security-group-3.10.0/main.tf line 67, in resource "aws_security_group_rule" "ingress_rules":
67: from_port = var.rules[var.ingress_rules[count.index]][0]
|----------------
| count.index is 2
| var.ingress_rules is list of string with 4 elements
| var.rules is map of list of string with 115 elements
The given key does not identify an element in this collection value.
Error: Invalid index
on .terraform/modules/bastion_sg/terraform-aws-security-group-3.10.0/main.tf line 68, in resource "aws_security_group_rule" "ingress_rules":
68: to_port = var.rules[var.ingress_rules[count.index]][1]
|----------------
| count.index is 2
| var.ingress_rules is list of string with 4 elements
| var.rules is map of list of string with 115 elements
The given key does not identify an element in this collection value.
Error: Invalid index
on .terraform/modules/bastion_sg/terraform-aws-security-group-3.10.0/main.tf line 69, in resource "aws_security_group_rule" "ingress_rules":
69: protocol = var.rules[var.ingress_rules[count.index]][2]
|----------------
| count.index is 2
| var.ingress_rules is list of string with 4 elements
| var.rules is map of list of string with 115 elements
The given key does not identify an element in this collection value.
我做错了什么?
好的,明白了
module "bastion_sg" {
source = "terraform-aws-modules/security-group/aws"
name = "bastion-service"
description = "Security group for bastion-service"
vpc_id = module.vpc.vpc_id
ingress_cidr_blocks = ["0.0.0.0/0", module.vpc.vpc_cidr_block]
ingress_rules = ["https-443-tcp", "http-80-tcp", "ssh-tcp", "all-icmp"]
egress_rules = ["all-all"]
}
规则的正确名称是 "ssh-tcp",而不是 "ssh"
我正在尝试此模块中的示例 https://registry.terraform.io/modules/terraform-aws-modules/security-group/aws/3.10.0
main.tf:
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
name = "${var.environment}-project-vpc"
cidr = "10.0.0.0/16"
#
# Important!
# https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/403
# Only append or delete from the end of the list
#
azs = ["us-east-2a", "us-east-2b", "us-east-2c"]
private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
enable_nat_gateway = true
single_nat_gateway = true
one_nat_gateway_per_az = false
enable_dns_hostnames = true
enable_dns_support = true
tags = module.project_config.tags
}
module "bastion_sg" {
source = "terraform-aws-modules/security-group/aws"
name = "bastion-service"
description = "Security group for bastion-service"
vpc_id = module.vpc.default_vpc_id
ingress_rules = ["https-443-tcp", "http-80-tcp", "ssh", "all-icmp"]
egress_rules = ["all-all"]
}
resource "aws_instance" "bastion" {
# name = "bastion"
# description = "bastion ssh host to access internals of the infrastructure by SSH"
ami = "ami-08ee2516c7709ea48"
instance_type = "t2.micro"
security_groups = [
module.bastion_sg.this_security_group_id
]
subnet_id = module.vpc.public_subnets[0]
}
并且 terraform 应用失败
Error: Invalid index
on .terraform/modules/bastion_sg/terraform-aws-security-group-3.10.0/main.tf line 65, in resource "aws_security_group_rule" "ingress_rules":
65: description = var.rules[var.ingress_rules[count.index]][3]
|----------------
| count.index is 2
| var.ingress_rules is list of string with 4 elements
| var.rules is map of list of string with 115 elements
The given key does not identify an element in this collection value.
Error: Invalid index
on .terraform/modules/bastion_sg/terraform-aws-security-group-3.10.0/main.tf line 67, in resource "aws_security_group_rule" "ingress_rules":
67: from_port = var.rules[var.ingress_rules[count.index]][0]
|----------------
| count.index is 2
| var.ingress_rules is list of string with 4 elements
| var.rules is map of list of string with 115 elements
The given key does not identify an element in this collection value.
Error: Invalid index
on .terraform/modules/bastion_sg/terraform-aws-security-group-3.10.0/main.tf line 68, in resource "aws_security_group_rule" "ingress_rules":
68: to_port = var.rules[var.ingress_rules[count.index]][1]
|----------------
| count.index is 2
| var.ingress_rules is list of string with 4 elements
| var.rules is map of list of string with 115 elements
The given key does not identify an element in this collection value.
Error: Invalid index
on .terraform/modules/bastion_sg/terraform-aws-security-group-3.10.0/main.tf line 69, in resource "aws_security_group_rule" "ingress_rules":
69: protocol = var.rules[var.ingress_rules[count.index]][2]
|----------------
| count.index is 2
| var.ingress_rules is list of string with 4 elements
| var.rules is map of list of string with 115 elements
The given key does not identify an element in this collection value.
我做错了什么?
好的,明白了
module "bastion_sg" {
source = "terraform-aws-modules/security-group/aws"
name = "bastion-service"
description = "Security group for bastion-service"
vpc_id = module.vpc.vpc_id
ingress_cidr_blocks = ["0.0.0.0/0", module.vpc.vpc_cidr_block]
ingress_rules = ["https-443-tcp", "http-80-tcp", "ssh-tcp", "all-icmp"]
egress_rules = ["all-all"]
}
规则的正确名称是 "ssh-tcp",而不是 "ssh"