允许使用terraform访问一个AWS安全组和另一个AWS安全组
我想让一个安全组访问另一个安全组,但我无法让它工作,有人能告诉我,我哪里做错了 这是我的模块的main.tf:允许使用terraform访问一个AWS安全组和另一个AWS安全组,terraform,Terraform,我想让一个安全组访问另一个安全组,但我无法让它工作,有人能告诉我,我哪里做错了 这是我的模块的main.tf: resource "aws_security_group" "rds_sg" { name = "${var.name}-${var.environment}-rds" description = "Security Group ${var.name}-${var.environment}" vpc_id = "${var.vpc_id}" tags {
resource "aws_security_group" "rds_sg" {
name = "${var.name}-${var.environment}-rds"
description = "Security Group ${var.name}-${var.environment}"
vpc_id = "${var.vpc_id}"
tags {
Name = "${var.name}-${var.environment}-rds"
environment = "${var.environment}"
}
// allows traffic from the SG itself
ingress {
from_port = 0
to_port = 0
protocol = "-1"
self = true
}
// allow traffic for TCP 3306
ingress {
from_port = 3306
to_port = 3306
protocol = "tcp"
security_group_id = "${var.security_group_id}"
}
// outbound internet access
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
output "rds_sg_id" {
value = "${aws_db_security_group.rds_sg.id}"
}
// Module specific variables
variable "name" {
default = "test"
}
variable "environment" {
default = "test"
}
variable "vpc_id" {
description = "The VPC this security group will go in"
}
variable "security_group_id" {
description = "Security Group id"
}
模块的变量。tf:
resource "aws_security_group" "rds_sg" {
name = "${var.name}-${var.environment}-rds"
description = "Security Group ${var.name}-${var.environment}"
vpc_id = "${var.vpc_id}"
tags {
Name = "${var.name}-${var.environment}-rds"
environment = "${var.environment}"
}
// allows traffic from the SG itself
ingress {
from_port = 0
to_port = 0
protocol = "-1"
self = true
}
// allow traffic for TCP 3306
ingress {
from_port = 3306
to_port = 3306
protocol = "tcp"
security_group_id = "${var.security_group_id}"
}
// outbound internet access
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
output "rds_sg_id" {
value = "${aws_db_security_group.rds_sg.id}"
}
// Module specific variables
variable "name" {
default = "test"
}
variable "environment" {
default = "test"
}
variable "vpc_id" {
description = "The VPC this security group will go in"
}
variable "security_group_id" {
description = "Security Group id"
}
其中,security\u groups\u id的值到达另一个模块,因此在我的主文件中,它是这样的:
module "rds_sg" {
source = "./modules/rds_sg"
name = "tendo"
environment = "dev"
vpc_id = "${module.vpc_subnets.vpc_id}"
security_group_id = "${module.web_sg.web_sg_id}"
}
但当我尝试执行“地形”时,我得到了以下错误:
Errors:
* 1 error(s) occurred:
* module root: module rds_sg: security_group_id is not a valid parameter
将安全组的ID作为变量输出
output "rds_sg_id" {
value = "${aws_security_group.rds_sg.id}"
}
使用安全组时
// allow traffic for TCP 3306
ingress {
from_port = 3306
to_port = 3306
protocol = "tcp"
security_group_id = "${var.rds_sg_id}"
}
将安全组的ID作为变量输出
output "rds_sg_id" {
value = "${aws_security_group.rds_sg.id}"
}
使用安全组时
// allow traffic for TCP 3306
ingress {
from_port = 3306
to_port = 3306
protocol = "tcp"
security_group_id = "${var.rds_sg_id}"
}
我想我已经找到了问题所在;在模块的main.tf中提供安全组时使用了错误的参数。请参阅下面修改的代码和文档
我想我已经找到了问题所在;在模块的main.tf中提供安全组时使用了错误的参数。请参阅下面修改的代码和文档
下面的代码对我有效,在这里我允许一个安全组的所有端口
ingress {
from_port = 0
to_port = 65535
protocol = "tcp"
security_groups = ["${aws_security_group.OTHER_SECURITY_GROUP_NAME.id}"]
}
下面的代码对我有效,在这里我允许一个安全组的所有端口
ingress {
from_port = 0
to_port = 65535
protocol = "tcp"
security_groups = ["${aws_security_group.OTHER_SECURITY_GROUP_NAME.id}"]
}
查看该错误消息,我感觉模块中不存在安全组id。你能演示一下如何使用模块代码吗?@LiamJones请审阅,我已经用所有必要的细节更新了问题。感谢看到那个错误消息,我感觉模块中不存在安全组id。你能演示一下如何使用模块代码吗?@LiamJones请审阅,我已经用所有必要的细节更新了问题。谢谢,我也这么做了,但是仍然有一个错误,你能回顾一下我更新的问题吗。谢谢,我也这么做了,但是仍然有一个错误,你能回顾一下我更新的问题吗。谢谢