terraform 中的动态块 aws_security_group
dynamic blocks in terraform aws_security_group
我在使用 Terraform 为安全组规则定义动态块时遇到问题。
我的使用和
描述的几乎一模一样
security_group.tf
source = "terraform-aws-modules/security-group/aws"
version = "4.0.0"
name = "databroker-mendix-public-sg-${terraform.workspace}"
description = "Security group created for public network with custom ports open for zk, kafka, jmx, and ssh"
vpc_id = module.databroker_vpc.vpc_id
dynamic "ingress" {
for_each = var.ingress_rules
content {
description = lookup(ingress.value, "description", null)
from_port = lookup(ingress.value, "from_port", null)
to_port = lookup(ingress.value, "to_port", null)
protocol = lookup(ingress.value, "protocol", null)
cidr_blocks = lookup(ingress.value, "cidr_blocks", null)
}
}
egress_with_cidr_blocks = [
{
cidr_blocks = "0.0.0.0/0"
from_port = 0
to_port = 0
protocol = "-1"
description = "egress security group"
}
]
tags = var.tags
}
nonprod.tfvars
default = {
"my ingress rule" = {
description = "For HTTP"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
},
"my other ingress rule" = {
description = "For SSH"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}
type = map(object({
description = string
from_port = number
to_port = number
protocol = string
cidr_blocks = list(string)
}))
}
当我运行terraform plan时,我得到
│ Error: Unsupported block type
│
│ on security-group.tf line 29, in module "databroker_public_sg":
│ 29: dynamic "ingress" {
│
│ Blocks of type "dynamic" are not expected here.
我也尝试用“ingress_with_cidr_blocks”替换“ingress”,但也出现了同样的错误。我找不到任何有关在安全组中使用 allowed/disallowed 动态块的信息。感谢任何有助于理解正在发生的事情的指示。
这个dynamic "ingress"好像是在一个模块中定义的,看你发布的代码。
不 aws_security_group 资源
ingress_with_cidr_blocks = [
for key, value in var.ingress_rules :
{
description = lookup(value, "description", null)
from_port = lookup(value, "from_port", null)
to_port = lookup(value, "to_port", null)
protocol = lookup(value, "protocol", null)
cidr_blocks = lookup(value, "cidr_blocks", null)
}
]
也许您需要这样的东西?
快速看一下,您缺少第一行,例如
module "dhfjfkfkf" {
因为你的最后一个 } 没有开头 {
我在使用 Terraform 为安全组规则定义动态块时遇到问题。
我的使用和
security_group.tf
source = "terraform-aws-modules/security-group/aws"
version = "4.0.0"
name = "databroker-mendix-public-sg-${terraform.workspace}"
description = "Security group created for public network with custom ports open for zk, kafka, jmx, and ssh"
vpc_id = module.databroker_vpc.vpc_id
dynamic "ingress" {
for_each = var.ingress_rules
content {
description = lookup(ingress.value, "description", null)
from_port = lookup(ingress.value, "from_port", null)
to_port = lookup(ingress.value, "to_port", null)
protocol = lookup(ingress.value, "protocol", null)
cidr_blocks = lookup(ingress.value, "cidr_blocks", null)
}
}
egress_with_cidr_blocks = [
{
cidr_blocks = "0.0.0.0/0"
from_port = 0
to_port = 0
protocol = "-1"
description = "egress security group"
}
]
tags = var.tags
}
nonprod.tfvars
default = {
"my ingress rule" = {
description = "For HTTP"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
},
"my other ingress rule" = {
description = "For SSH"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}
type = map(object({
description = string
from_port = number
to_port = number
protocol = string
cidr_blocks = list(string)
}))
}
当我运行terraform plan时,我得到
│ Error: Unsupported block type
│
│ on security-group.tf line 29, in module "databroker_public_sg":
│ 29: dynamic "ingress" {
│
│ Blocks of type "dynamic" are not expected here.
我也尝试用“ingress_with_cidr_blocks”替换“ingress”,但也出现了同样的错误。我找不到任何有关在安全组中使用 allowed/disallowed 动态块的信息。感谢任何有助于理解正在发生的事情的指示。
这个dynamic "ingress"好像是在一个模块中定义的,看你发布的代码。
不 aws_security_group 资源
ingress_with_cidr_blocks = [
for key, value in var.ingress_rules :
{
description = lookup(value, "description", null)
from_port = lookup(value, "from_port", null)
to_port = lookup(value, "to_port", null)
protocol = lookup(value, "protocol", null)
cidr_blocks = lookup(value, "cidr_blocks", null)
}
]
也许您需要这样的东西?
快速看一下,您缺少第一行,例如
module "dhfjfkfkf" {
因为你的最后一个 } 没有开头 {