具有可变源地址前缀的azurerm_网络安全规则
我正在使用Terraform在Azure上部署一些防火墙规则,并希望在变量中保留“source\u address\u prefix”,因为该列表包含20多个IP,它们可以更改。因为我有大约5条规则,所以在每个块中添加IP并不理想,而是使用一个变量 尝试了以下变量的变体:具有可变源地址前缀的azurerm_网络安全规则,azure,terraform,Azure,Terraform,我正在使用Terraform在Azure上部署一些防火墙规则,并希望在变量中保留“source\u address\u prefix”,因为该列表包含20多个IP,它们可以更改。因为我有大约5条规则,所以在每个块中添加IP并不理想,而是使用一个变量 尝试了以下变量的变体: source_address_prefix = ["${var.whitelist_ips}"] 变量.tf variable "whitelist_ips" { type = "list" d
source_address_prefix = ["${var.whitelist_ips}"]
变量.tf
variable "whitelist_ips" {
type = "list"
default = ["199.83.128.0/21","198.143.32.0/19", "149.126.72.0/21","103.28.248.0/22", "45.64.64.0/22", "185.11.124.0/22", "192.230.64.0/18", "107.154.0.0/16", "45.60.0.0/16", "45.223.0.0/16", "2a02:e980::/29"]
}
main.tf
resource "azurerm_network_security_rule" "https" {
name = "Whitelist-HTTPS"
priority = 101
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "443"
destination_port_range = "*"
source_address_prefix = ["${var.whitelist_ips}"]
destination_address_prefix = "${azurerm_public_ip.ingress.ip_address}"
resource_group_name = "test"
network_security_group_name = "test"
depends_on = [azurerm_resource_group.aks]
}
获取以下错误:
Error: Incorrect attribute value type
on main.tf line 35, in resource "azurerm_network_security_rule" "http":
35: source_address_prefix = ["${var.whitelist_ips}"]
Inappropriate value for attribute "source_address_prefix": string required.
应该注意这些文件。实际块是“源地址前缀”,而不是“源地址前缀” 开始使用奇怪的0.11语法,显式的
依赖于
,源端口似乎也错了:
resource azurerm_network_security_rule this {
name = "Whitelist-HTTPS"
resource_group_name = azurerm_resource_group.this.name
network_security_group_name = azurerm_network_security_group.this.name
priority = 101
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "443"
source_address_prefixes = var.whitelist_ips
destination_address_prefix = azurerm_public_ip.ingress.ip_address
}
variable whitelist_ips {
description = "A list of IP CIDR ranges to allow as clients. Do not use Azure tags like `Internet`."
default = ["199.83.128.0/21", "198.143.32.0/19", "2a02:e980::/29"]
type = list(string)
}
该错误意味着您需要为每个ip使用不同的规则。这是真的吗?似乎是这样,我试过了,但失败了:source_address_prefix=“199.83.128.0/21198.143.32.0/19149.126.72.0/21103.28.248.0/22,45.64.64.0/22,185.11.124.0/22,192.230.64.0/18,107.154.0.0/16,45.60.0.0/16,45.223.0/16,2a02:e980::/:29”
resource azurerm_network_security_rule this {
name = "Whitelist-HTTPS"
resource_group_name = azurerm_resource_group.this.name
network_security_group_name = azurerm_network_security_group.this.name
priority = 101
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "443"
source_address_prefixes = var.whitelist_ips
destination_address_prefix = azurerm_public_ip.ingress.ip_address
}
variable whitelist_ips {
description = "A list of IP CIDR ranges to allow as clients. Do not use Azure tags like `Internet`."
default = ["199.83.128.0/21", "198.143.32.0/19", "2a02:e980::/29"]
type = list(string)
}