kam*_*dra 2 amazon-web-services aws-cli aws-security-group terraform-provider-aws aws-cloudformation-custom-resource
我正在使用 terraform 进行 AWS 资源配置。我需要自我参考“mySG”。从 Terraform 文档我可以使用
ingress {
from_port = 0
to_port = 0
protocol = -1
self = true
}
但是不同的协议呢?使用控制台 有以下历史入站规则可用:
Type Protocol PortRange Source
1. All TCP TCP 0-65535 mySG
2. All UDP UDP 0-65535 mySG
3. Custom TCP TCP 1856 mySG
(是否需要第三个条目?考虑所有端口的第一个条目)上述入口规则是否处理所有 3 个条目?如果不是什么应该是 terraform 语法。
您可以通过分别使用资源 aws_security_group 和 aws_security_group_rule 从规则中拆分 sec 组来实现自引用组。这样做,结合您现有的 3 条规则,大致如下所示:
resource "aws_security_group" "sec_group" {
name = "sec_group"
vpc_id = "${local.vpc_id}"
}
resource "aws_security_group_rule" "sec_group_allow_tcp" {
type = "ingress"
from_port = 0 // first part of port range
to_port = 65535 // second part of port range
protocol = "tcp" // Protocol, could be "tcp" "udp" etc.
security_group_id = "${aws_security_group.sec_group.id}" // Which group to attach it to
source_security_group_id = "${aws_security_group.sec_group.id}" // Which group to specify as source
}
resource "aws_security_group_rule" "sec_group_allow_udp" {
type = "ingress"
from_port = 0 // first part of port range
to_port = 65535 // second part of port range
protocol = "udp" // Protocol, could be "tcp" "udp" etc.
security_group_id = "${aws_security_group.sec_group.id}" // Which group to attach it to
source_security_group_id = "${aws_security_group.sec_group.id}" // Which group to specify as source
}
resource "aws_security_group_rule" "sec_group_allow_1865" {
type = "ingress"
from_port = 1865 // first part of port range
to_port = 1865 // second part of port range
protocol = "tcp" // Protocol, could be "tcp" "udp" etc.
security_group_id = "${aws_security_group.sec_group.id}" // Which group to attach it to
source_security_group_id = "${aws_security_group.sec_group.id}" // Which group to specify as source
}
请注意,该规则采用协议类型,从端口/到端口(对于范围),以及一个可选的 source_security_group_id 来指定
| 归档时间: |
|
| 查看次数: |
1502 次 |
| 最近记录: |