Dmi*_*nov 0 terraform terraform-provider-aws terraform0.12+ terraform-aws-modules
我正在尝试此模块中的示例 https://registry.terraform.io/modules/terraform-aws-modules/security-group/aws/3.10.0
主要.tf:
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
name = "${var.environment}-project-vpc"
cidr = "10.0.0.0/16"
#
# Important!
# https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/403
# Only append or delete from the end of the list
#
azs = ["us-east-2a", "us-east-2b", "us-east-2c"]
private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
enable_nat_gateway = true
single_nat_gateway = true
one_nat_gateway_per_az = false
enable_dns_hostnames = true
enable_dns_support = true
tags = module.project_config.tags
}
module "bastion_sg" {
source = "terraform-aws-modules/security-group/aws"
name = "bastion-service"
description = "Security group for bastion-service"
vpc_id = module.vpc.default_vpc_id
ingress_rules = ["https-443-tcp", "http-80-tcp", "ssh", "all-icmp"]
egress_rules = ["all-all"]
}
resource "aws_instance" "bastion" {
# name = "bastion"
# description = "bastion ssh host to access internals of the infrastructure by SSH"
ami = "ami-08ee2516c7709ea48"
instance_type = "t2.micro"
security_groups = [
module.bastion_sg.this_security_group_id
]
subnet_id = module.vpc.public_subnets[0]
}
并且 terraform apply 失败
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
name = "${var.environment}-project-vpc"
cidr = "10.0.0.0/16"
#
# Important!
# https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/403
# Only append or delete from the end of the list
#
azs = ["us-east-2a", "us-east-2b", "us-east-2c"]
private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
enable_nat_gateway = true
single_nat_gateway = true
one_nat_gateway_per_az = false
enable_dns_hostnames = true
enable_dns_support = true
tags = module.project_config.tags
}
module "bastion_sg" {
source = "terraform-aws-modules/security-group/aws"
name = "bastion-service"
description = "Security group for bastion-service"
vpc_id = module.vpc.default_vpc_id
ingress_rules = ["https-443-tcp", "http-80-tcp", "ssh", "all-icmp"]
egress_rules = ["all-all"]
}
resource "aws_instance" "bastion" {
# name = "bastion"
# description = "bastion ssh host to access internals of the infrastructure by SSH"
ami = "ami-08ee2516c7709ea48"
instance_type = "t2.micro"
security_groups = [
module.bastion_sg.this_security_group_id
]
subnet_id = module.vpc.public_subnets[0]
}
好的,明白了
module "bastion_sg" {
source = "terraform-aws-modules/security-group/aws"
name = "bastion-service"
description = "Security group for bastion-service"
vpc_id = module.vpc.vpc_id
ingress_cidr_blocks = ["0.0.0.0/0", module.vpc.vpc_cidr_block]
ingress_rules = ["https-443-tcp", "http-80-tcp", "ssh-tcp", "all-icmp"]
egress_rules = ["all-all"]
}
规则的正确名称是“ssh-tcp”,而不是“ssh”