使用 Terraform 的 Azure 子网 NSG 关联
Azure Subnet NSG Association using Terraform
我正在尝试使用 Terraform 来自动化我的 VNet 设置。这包括设置子网和 nsg 关联。下面是部分代码。
代码示例:
====== locals.tf ==================
locals {
subnets = {
private = var.allow_sub
public = var.notallow_sub
admin = var.admin_sub
}
}
====== variables.tf ====================
variable "allow_sub" {
description = "private"
type = object({
name = string
address_prefixes = list(string)
network_security_group = string
route_table = string
})
}
variable "notallow_sub" {
description = "public"
type = object({
name = string
address_prefixes = list(string)
network_security_group = string
route_table = string
})
}
variable "admin_sub" {
description = "management"
type = object({
name = string
address_prefixes = list(string)
network_security_group = string
route_table = string
})
}
==== input.tfvar ==============
notallow_sub = {
name = "test1"
address_prefixes = ["10.100.1.0/24"]
network_security_group = "testnsg1"
route_table = "testrt3"
}
allow_sub = {
name = "test2"
address_prefixes = ["10.100.2.16/28"]
network_security_group = "testnsg2"
route_table = "testrt2"
}
admin_sub = {
name = "test3"
address_prefixes = ["10.100.3.0/28"]
network_security_group = "testnsg3"
route_table = "testrt21"
}
=== main.tf ====
resource "azurerm_subnet" "mysubnet" {
for_each = var.subnets
name = each.key
resource_group_name = var.rg_name
virtual_network_name = var.vnet_name
address_prefixes = each.value.address_prefixes
}
.
.
.
resource "azurerm_subnet_network_security_group_association" "this" {
for_each = { for k, v in local.subnets : k => v if lookup(v, "network_security_group", "") != "" }
subnet_id = azurerm_subnet[each.value].id
network_security_group_id = azurerm_network_security_group[each.value].network_security_group.id
}
resource "azurerm_subnet_route_table_association" "this" {
for_each = { for k, v in local.subnets : k => v if lookup(v, "route_table", "") != "" }
subnet_id = azurerm_subnet[each.value].id
route_table_id = azurerm_route_table[each.value].route_table.id
}
问题:
我收到“错误:引用无效...对资源类型的引用必须后跟至少一个属性访问,指定资源名称。" 在 TF 期间验证 main.tf 中的以下行:
- subnet_id
- rout_table_id
我认为我没有正确设置资源引用循环,需要一些指导。提前致谢。
我假设您正在创建一个 collection 的 azurerm_subnet
资源,名为“mysubnet”(您没有在示例中显示该部分)。
因此,您的 collection 项是资源本身,而不是资源类型。你应该这样做:
resource "azurerm_subnet_route_table_association" "this" {
for_each = { for k, v in local.subnets : k => v if lookup(v, "route_table", "") != "" }
subnet_id = azurerm_subnet.mysubnet[each.key].id
route_table_id = azurerm_route_table.routetable[each.key].id
}
特别注意mysubnet[each.key]
元素的引用。此处的 each.key
应该与您在 azurerm_subnet
定义中使用的键相同。
我现在无法对其进行测试,但我相信这是可行的方法。
我正在尝试使用 Terraform 来自动化我的 VNet 设置。这包括设置子网和 nsg 关联。下面是部分代码。
代码示例:
====== locals.tf ==================
locals {
subnets = {
private = var.allow_sub
public = var.notallow_sub
admin = var.admin_sub
}
}
====== variables.tf ====================
variable "allow_sub" {
description = "private"
type = object({
name = string
address_prefixes = list(string)
network_security_group = string
route_table = string
})
}
variable "notallow_sub" {
description = "public"
type = object({
name = string
address_prefixes = list(string)
network_security_group = string
route_table = string
})
}
variable "admin_sub" {
description = "management"
type = object({
name = string
address_prefixes = list(string)
network_security_group = string
route_table = string
})
}
==== input.tfvar ==============
notallow_sub = {
name = "test1"
address_prefixes = ["10.100.1.0/24"]
network_security_group = "testnsg1"
route_table = "testrt3"
}
allow_sub = {
name = "test2"
address_prefixes = ["10.100.2.16/28"]
network_security_group = "testnsg2"
route_table = "testrt2"
}
admin_sub = {
name = "test3"
address_prefixes = ["10.100.3.0/28"]
network_security_group = "testnsg3"
route_table = "testrt21"
}
=== main.tf ====
resource "azurerm_subnet" "mysubnet" {
for_each = var.subnets
name = each.key
resource_group_name = var.rg_name
virtual_network_name = var.vnet_name
address_prefixes = each.value.address_prefixes
}
.
.
.
resource "azurerm_subnet_network_security_group_association" "this" {
for_each = { for k, v in local.subnets : k => v if lookup(v, "network_security_group", "") != "" }
subnet_id = azurerm_subnet[each.value].id
network_security_group_id = azurerm_network_security_group[each.value].network_security_group.id
}
resource "azurerm_subnet_route_table_association" "this" {
for_each = { for k, v in local.subnets : k => v if lookup(v, "route_table", "") != "" }
subnet_id = azurerm_subnet[each.value].id
route_table_id = azurerm_route_table[each.value].route_table.id
}
问题:
我收到“错误:引用无效...对资源类型的引用必须后跟至少一个属性访问,指定资源名称。" 在 TF 期间验证 main.tf 中的以下行:
- subnet_id
- rout_table_id
我认为我没有正确设置资源引用循环,需要一些指导。提前致谢。
我假设您正在创建一个 collection 的 azurerm_subnet
资源,名为“mysubnet”(您没有在示例中显示该部分)。
因此,您的 collection 项是资源本身,而不是资源类型。你应该这样做:
resource "azurerm_subnet_route_table_association" "this" {
for_each = { for k, v in local.subnets : k => v if lookup(v, "route_table", "") != "" }
subnet_id = azurerm_subnet.mysubnet[each.key].id
route_table_id = azurerm_route_table.routetable[each.key].id
}
特别注意mysubnet[each.key]
元素的引用。此处的 each.key
应该与您在 azurerm_subnet
定义中使用的键相同。
我现在无法对其进行测试,但我相信这是可行的方法。