Fatal编程技术网
  • terraform/
  • Terraform 迭代映射变量上的键/值

Terraform 迭代映射变量上的键/值

terraform

Terraform 迭代映射变量上的键/值,terraform,Terraform,在Terraform中,我试图构建一个SecurityGroup,其中包含IP映射和相关注释。 我要做的是迭代允许网络的map键值,并将map值与description字段相关联 代码是这样的 resource "aws_security_group_rule" "ingress" { type = "ingress" (...) cidr_blocks = "${var.ingress_cidr_blocks}" description

在Terraform中,我试图构建一个SecurityGroup,其中包含IP映射和相关注释。 我要做的是迭代允许网络的map键值,并将map值与description字段相关联

代码是这样的

resource "aws_security_group_rule" "ingress" {
  type              = "ingress"
  (...)
  cidr_blocks       = "${var.ingress_cidr_blocks}"
  description       = "${var.ingress_description}"
  security_group_id = "${aws_security_group.this.id}"
}

module "securitygroup-ssh" {
  source = ""
  (...)
  ingress_from_port = "22"
  ingress_cidr_blocks = ["${var.ipLlist}"]
  ingress_description = "${var.allowed-network}"
}
以此为变量,

variable "allowed-network" {
    type = "map"
    default = {
        "From Customer1" = "1.1.1.1/32"
        "Network this" = "10.0.0.0/24"
    }
}
已经在使用map和lookup内置函数时遇到困难,但没有令人满意的结果。还可以作为列表在网络中迭代,但描述字段似乎被最后一个值覆盖

有什么想法吗?这在目前的地形中是可能的吗?

不完全是一张地图,但它应该做你想做的:

provider "aws" {
    region = "ca-central-1"
    version = "~> 2.7"
}

resource "aws_security_group" "this" {
  name_prefix = "this"
}

resource "aws_security_group_rule" "allowed-network" {
  count = length(var.allowed-network)
  type            = "ingress"
  from_port       = 0
  to_port         = 65535
  protocol        = "tcp"
  description = split(",", var.allowed-network[count.index])[0]
  cidr_blocks = [split(",", var.allowed-network[count.index])[1]]
  security_group_id = aws_security_group.this.id

}

variable "allowed-network" {
    type = "list"
    default = [
        "From Customer1,1.1.1.1/32",
        "Network this,10.0.0.0/24"
    ]
}
不完全是地图,但它应该满足您的要求:

provider "aws" {
    region = "ca-central-1"
    version = "~> 2.7"
}

resource "aws_security_group" "this" {
  name_prefix = "this"
}

resource "aws_security_group_rule" "allowed-network" {
  count = length(var.allowed-network)
  type            = "ingress"
  from_port       = 0
  to_port         = 65535
  protocol        = "tcp"
  description = split(",", var.allowed-network[count.index])[0]
  cidr_blocks = [split(",", var.allowed-network[count.index])[1]]
  security_group_id = aws_security_group.this.id

}

variable "allowed-network" {
    type = "list"
    default = [
        "From Customer1,1.1.1.1/32",
        "Network this,10.0.0.0/24"
    ]
}