Terraform - 无法使用 terraform-aws-modules/security-group/aws 定义安全组

Terraform - unable to define security groups with terraform-aws-modules/security-group/aws

我正在尝试此模块中的示例 https://registry.terraform.io/modules/terraform-aws-modules/security-group/aws/3.10.0

main.tf:

module "vpc" {
  source = "terraform-aws-modules/vpc/aws"

  name = "${var.environment}-project-vpc"
  cidr = "10.0.0.0/16"

  #
  # Important!
  # https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/403
  # Only append or delete from the end of the list
  #
  azs             = ["us-east-2a", "us-east-2b", "us-east-2c"]
  private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
  public_subnets  = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]

  enable_nat_gateway     = true
  single_nat_gateway     = true
  one_nat_gateway_per_az = false

  enable_dns_hostnames = true
  enable_dns_support   = true

  tags = module.project_config.tags
}


module "bastion_sg" {
  source = "terraform-aws-modules/security-group/aws"

  name        = "bastion-service"
  description = "Security group for bastion-service"
  vpc_id      = module.vpc.default_vpc_id

  ingress_rules = ["https-443-tcp", "http-80-tcp", "ssh", "all-icmp"]
  egress_rules  = ["all-all"]
}

resource "aws_instance" "bastion" {
  # name          = "bastion"
  # description   = "bastion ssh host to access internals of the infrastructure by SSH"
  ami           = "ami-08ee2516c7709ea48"
  instance_type = "t2.micro"
  security_groups = [
    module.bastion_sg.this_security_group_id
  ]
  subnet_id = module.vpc.public_subnets[0]
}

并且 terraform 应用失败

Error: Invalid index

  on .terraform/modules/bastion_sg/terraform-aws-security-group-3.10.0/main.tf line 65, in resource "aws_security_group_rule" "ingress_rules":
  65:   description      = var.rules[var.ingress_rules[count.index]][3]
    |----------------
    | count.index is 2
    | var.ingress_rules is list of string with 4 elements
    | var.rules is map of list of string with 115 elements

The given key does not identify an element in this collection value.


Error: Invalid index

  on .terraform/modules/bastion_sg/terraform-aws-security-group-3.10.0/main.tf line 67, in resource "aws_security_group_rule" "ingress_rules":
  67:   from_port = var.rules[var.ingress_rules[count.index]][0]
    |----------------
    | count.index is 2
    | var.ingress_rules is list of string with 4 elements
    | var.rules is map of list of string with 115 elements

The given key does not identify an element in this collection value.


Error: Invalid index

  on .terraform/modules/bastion_sg/terraform-aws-security-group-3.10.0/main.tf line 68, in resource "aws_security_group_rule" "ingress_rules":
  68:   to_port   = var.rules[var.ingress_rules[count.index]][1]
    |----------------
    | count.index is 2
    | var.ingress_rules is list of string with 4 elements
    | var.rules is map of list of string with 115 elements

The given key does not identify an element in this collection value.


Error: Invalid index

  on .terraform/modules/bastion_sg/terraform-aws-security-group-3.10.0/main.tf line 69, in resource "aws_security_group_rule" "ingress_rules":
  69:   protocol  = var.rules[var.ingress_rules[count.index]][2]
    |----------------
    | count.index is 2
    | var.ingress_rules is list of string with 4 elements
    | var.rules is map of list of string with 115 elements

The given key does not identify an element in this collection value.


我做错了什么?

好的,明白了

module "bastion_sg" {
  source = "terraform-aws-modules/security-group/aws"

  name        = "bastion-service"
  description = "Security group for bastion-service"
  vpc_id      = module.vpc.vpc_id

  ingress_cidr_blocks = ["0.0.0.0/0", module.vpc.vpc_cidr_block]

  ingress_rules = ["https-443-tcp", "http-80-tcp", "ssh-tcp", "all-icmp"]
  egress_rules  = ["all-all"]
}

规则的正确名称是 "ssh-tcp",而不是 "ssh"