Terraform 创建的安全组没有规则
Security group created by Terraform has no rules
我现在正在研究 Terraform 并编写了一个简单的脚本来创建一些 AWS 资源。
根据我的脚本,它可以创建一个带有子网的 VPC,以及一个附加安全组的实例。它们都是由 terraform 脚本新创建的。当我 运行 terraform plan 或 terraform apply 时,没有显示错误或警告并成功创建。但是,当我在 AWS 控制台上查看这些新创建的资源时,我发现安全组已创建但没有附加规则。
有人可以帮忙吗?非常感谢。
以下是我的 terraform 脚本。
provider "aws" {
region = var.AWS_REGION
access_key = var.AWS_ACCESS_KEY
secret_key = var.AWS_SECRET_KEY
}
data "aws_ami" "amazon-2" {
most_recent = true
owners = [ "amazon" ]
filter {
name = "name"
values = [ "amzn2-ami-hvm-*-x86_64-ebs" ]
}
}
resource "aws_key_pair" "generate_keypair" {
key_name = var.key_name
public_key = var.public_key
tags = var.default_tags
}
resource "aws_vpc" "study" {
cidr_block = "10.0.0.0/20"
tags = var.default_tags
}
resource "aws_subnet" "study-public" {
vpc_id = aws_vpc.study.id
cidr_block = "10.0.0.0/26"
tags = var.default_tags
}
resource "aws_security_group" "public-instance" {
vpc_id = aws_vpc.study.id
name = "public-instance"
description = "Group for public instance"
tags = var.default_tags
ingress {
description = "Port 80 ingress"
from_port = 80
to_port = 80
protocol = "tcp"
}
ingress {
description = "Port 22 ingress"
from_port = 22
to_port = 22
protocol = "ssh"
}
egress {
from_port = 0
to_port = 0
protocol = "all"
}
}
resource "aws_instance" "linux" {
ami = data.aws_ami.amazon-2.id
instance_type = "t3.micro"
key_name = aws_key_pair.generate_keypair.key_name
vpc_security_group_ids = [ aws_security_group.public-instance.id ]
subnet_id = aws_subnet.study-public.id
tags = var.default_tags
}
您需要至少指定任何一个规则目标,例如 CIDR 块、安全组 ID 或前缀列表。
下面的代码片段适合您。在这种情况下,我使用了 cidr_blocks。
resource "aws_security_group" "public-instance" {
vpc_id = aws_vpc.study.id
name = "public-instance"
description = "Group for public instance"
ingress {
description = "Port 80 ingress"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "Port 22 ingress"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "all"
cidr_blocks = ["0.0.0.0/0"]
}
}
添加cidr_blocks = ["<your ip cidr>"]并更改protocol = "tcp"
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "all"
cidr_blocks = ["0.0.0.0/0"]
}
我现在正在研究 Terraform 并编写了一个简单的脚本来创建一些 AWS 资源。
根据我的脚本,它可以创建一个带有子网的 VPC,以及一个附加安全组的实例。它们都是由 terraform 脚本新创建的。当我 运行 terraform plan 或 terraform apply 时,没有显示错误或警告并成功创建。但是,当我在 AWS 控制台上查看这些新创建的资源时,我发现安全组已创建但没有附加规则。
有人可以帮忙吗?非常感谢。
以下是我的 terraform 脚本。
provider "aws" {
region = var.AWS_REGION
access_key = var.AWS_ACCESS_KEY
secret_key = var.AWS_SECRET_KEY
}
data "aws_ami" "amazon-2" {
most_recent = true
owners = [ "amazon" ]
filter {
name = "name"
values = [ "amzn2-ami-hvm-*-x86_64-ebs" ]
}
}
resource "aws_key_pair" "generate_keypair" {
key_name = var.key_name
public_key = var.public_key
tags = var.default_tags
}
resource "aws_vpc" "study" {
cidr_block = "10.0.0.0/20"
tags = var.default_tags
}
resource "aws_subnet" "study-public" {
vpc_id = aws_vpc.study.id
cidr_block = "10.0.0.0/26"
tags = var.default_tags
}
resource "aws_security_group" "public-instance" {
vpc_id = aws_vpc.study.id
name = "public-instance"
description = "Group for public instance"
tags = var.default_tags
ingress {
description = "Port 80 ingress"
from_port = 80
to_port = 80
protocol = "tcp"
}
ingress {
description = "Port 22 ingress"
from_port = 22
to_port = 22
protocol = "ssh"
}
egress {
from_port = 0
to_port = 0
protocol = "all"
}
}
resource "aws_instance" "linux" {
ami = data.aws_ami.amazon-2.id
instance_type = "t3.micro"
key_name = aws_key_pair.generate_keypair.key_name
vpc_security_group_ids = [ aws_security_group.public-instance.id ]
subnet_id = aws_subnet.study-public.id
tags = var.default_tags
}
您需要至少指定任何一个规则目标,例如 CIDR 块、安全组 ID 或前缀列表。
下面的代码片段适合您。在这种情况下,我使用了 cidr_blocks。
resource "aws_security_group" "public-instance" {
vpc_id = aws_vpc.study.id
name = "public-instance"
description = "Group for public instance"
ingress {
description = "Port 80 ingress"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "Port 22 ingress"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "all"
cidr_blocks = ["0.0.0.0/0"]
}
}
添加cidr_blocks = ["<your ip cidr>"]并更改protocol = "tcp"
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "all"
cidr_blocks = ["0.0.0.0/0"]
}