在AWS安全组中创建多个规则

Question

在AWS安全组中创建多个规则

jaw*_*846 10 amazon-web-services terraform terraform-provider-aws

我尝试创建一个具有多个入站规则的AWS安全组，通常我们需要在sg中多个入口来实现多个入站规则。我没有单独创建多个入口规则，而是尝试创建一个入口列表，以便我可以轻松地为不同的应用程序重用该模块。

全氟FB，

模块/sg/sg.tf >>

resource "aws_security_group" "ec2_security_groups" {
  name   = var.name_security_groups
  vpc_id = var.vpc_id
}

Run Code Online (Sandbox Code Playgroud)

模块/sg/rules.tf >>

resource "aws_security_group_rule" "ingress_rules" {
  count             = lenght(var.ingress_rules)
  type              = "ingress"
  from_port         = var.ingress_rules[count.index][0]
  to_port           = var.ingress_rules[count.index][1]
  protocol          = var.ingress_rules[count.index][2]
  cidr_blocks       = var.ingress_rules[count.index][3]
  description       = var.ingress_rules[count.index][4]
  security_group_id = aws_security_group.ec2_security_groups.id
}

Run Code Online (Sandbox Code Playgroud)

模块/sg/variable.tf >>

variable "vpc_id" {
}
variable "name_security_groups" {
}
variable "ingress_rules" {
    type = list(string)
}

Run Code Online (Sandbox Code Playgroud)

在应用程序文件夹中，

应用程序/dev/sg.tf >>

module "sg_test" {
  source = "../modules/sg"

  vpc_id                   = "vpc-xxxxxxxxx"
  name_security_groups = "sg_test"
  ingress_rules                     = var.sg_ingress_rules 
}

Run Code Online (Sandbox Code Playgroud)

应用程序/dev/variable.tf >>

variable "sg_ingress_rules" {
    type        = list(string)
    default     = {
        [22, 22, "tcp", "1.2.3.4/32", "test"]
        [23, 23, "tcp", "1.2.3.4/32", "test"]
    }
}

Run Code Online (Sandbox Code Playgroud)

错误：

Error: Missing attribute value

  on test-sgs.tf line 21, in variable "sg_ingress_rules":
  20: 
  21: 
  22: 

Expected an attribute value, introduced by an equals sign ("=").

Run Code Online (Sandbox Code Playgroud)

请帮助纠正这个问题，或者如果有任何其他方法请建议。

问候，

Answer 1

jaw*_*846 9

感谢@apparentlymart，他在 Terraform 讨论中帮助解决了这个问题

安全规则：-

resource "aws_security_group_rule" "ingress_rules" {
  count = length(var.ingress_rules)

  type              = "ingress"
  from_port         = var.ingress_rules[count.index].from_port
  to_port           = var.ingress_rules[count.index].to_port
  protocol          = var.ingress_rules[count.index].protocol
  cidr_blocks       = [var.ingress_rules[count.index].cidr_block]
  description       = var.ingress_rules[count.index].description
  security_group_id = aws_security_group.ec2_security_groups.id
}

Run Code Online (Sandbox Code Playgroud)

和变量：

variable "sg_ingress_rules" {
    type = list(object({
      from_port   = number
      to_port     = number
      protocol    = string
      cidr_block  = string
      description = string
    }))
    default     = [
        {
          from_port   = 22
          to_port     = 22
          protocol    = "tcp"
          cidr_block  = "1.2.3.4/32"
          description = "test"
        },
        {
          from_port   = 23
          to_port     = 23
          protocol    = "tcp"
          cidr_block  = "1.2.3.4/32"
          description = "test"
        },
    ]
}

Run Code Online (Sandbox Code Playgroud)

归档时间：	5 年，4 月前
查看次数：	28160 次
最近记录：	2 年，3 月前