如何使用azure上的terraform为现有子网创建NSG
我正在引用现有子网,如下所示,但我希望创建一个NSG并将其连接到该子网。这给了我错误 重新引用和添加NSG的代码如下:如何使用azure上的terraform为现有子网创建NSG,terraform,terraform-provider-azure,Terraform,Terraform Provider Azure,我正在引用现有子网,如下所示,但我希望创建一个NSG并将其连接到该子网。这给了我错误 重新引用和添加NSG的代码如下: data "azurerm_subnet" "tf-sn-erx-app" { name = "${var.subnet_app_name}" virtual_network_name = "${data.azurerm_virtual_network.tf-vn-erx.name}" resource_group_name = "
data "azurerm_subnet" "tf-sn-erx-app" {
name = "${var.subnet_app_name}"
virtual_network_name = "${data.azurerm_virtual_network.tf-vn-erx.name}"
resource_group_name = "${data.azurerm_resource_group.tf-rg-erx-external.name}"
security_group = "${azurerm_network_security_group.tf-nsg-erx-application.id}"
}
data "azurerm_subnet" "tf-sn-erx-sql" {
name = "${var.subnet_sql_name}"
virtual_network_name = "${data.azurerm_virtual_network.tf-vn-erx.name}"
resource_group_name = "${data.azurerm_resource_group.tf-rg-erx-external.name}"
security_group = "${azurerm_network_security_group.tf-nsg-erx-sql.id}"
}
resource "azurerm_network_security_group" "tf-nsg-erx-application" {
name = "${var.application_nsg}"
location = "${data.azurerm_resource_group.tf-rg-erx-external.location}"
resource_group_name = "${data.azurerm_resource_group.tf-rg-erx-external.name}"
}
resource "azurerm_network_security_rule" "tf-nsr-erx-application-5985" {
name = "Open Port 5985"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "5985"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = "${data.azurerm_resource_group.tf-rg-erx-external.name}"
network_security_group_name = "${azurerm_network_security_group.tf-nsg-erx-application.name}"
}
resource "azurerm_network_security_rule" "tf-nsr-erx-application-5986" {
name = "Open Port 5986"
priority = 101
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "5986"
source_address_prefix = "*"
destination_address_prefix = "*"
resource_group_name = "${data.azurerm_resource_group.tf-rg-erx-external.name}"
network_security_group_name = "${azurerm_network_security_group.tf-nsg-erx-application.name}"
}
Error: data.azurerm_subnet.tf-sn-erx-app: : invalid or unknown key: security_group
Error: data.azurerm_subnet.tf-sn-erx-sql: : invalid or unknown key: security_group
问题是什么?数据源
azurerm\u子网中没有security\u组的密钥
Argument Reference
name - (Required) Specifies the name of the Subnet.
virtual_network_name - (Required) Specifies the name of the Virtual Network this Subnet is located within.
resource_group_name - (Required) Specifies the name of the resource group the Virtual Network is located in.
正如@BMW所说,在数据azurerm\u子网中没有属性security\u组
。如果要将NSG与现有子网相关联,可以使用来实现此目的。只需使用dataazurerm\u子网
引用现有子网并为其创建NSG或使用现有子网。我通过以下代码使其工作:
resource "azurerm_network_interface" "tf-ni-erx-mkconn" {
count = 3
name = "${var.mkconn_base_hostname}${format("%02d",count.index+1)}-nic01"
location = "${data.azurerm_resource_group.tf-rg-erx-external.location}"
resource_group_name = "${data.azurerm_resource_group.tf-rg-erx-external.name}"
network_security_group_id = "${azurerm_network_security_group.tf-nsg-erx-application.id}"
我猜他在说什么-你应该取下那把钥匙:)@4c74356b41yes@CharlesXu宝马,为延误道歉。我在复活节休息。它的工作原理如下:``network\u security\u group\u id=“${azurerm\u network\u security\u group.tf nsg erx application.id}``所以我应该把它作为答案发布,它肯定能工作。我知道现在所有的NI都与IP关联。如果你在我的答案中使用了一些东西,那么你应该标记它,而不是添加另一个。你从我这里得到了答案,并把标记还给了我。还有更新吗?@charlessu感谢你的坚持和热情!我已经发布了答案,至少对我来说是这样。感谢您和BMW。如果这是解决方案,为什么您会质疑如何为现有子网创建NSG?!这并不能回答这个问题。@charlessu我在发布这个问题后就明白了。我可以附上一些截图。它确实有效。是的,它有效。但它显示与NIC关联的NSG。您还可以将NSG与子网关联作为问题。确定应遵循哪一项。NSG到NIC或子网遵循最佳安全实践,您能告诉我吗?它们都是实践,仅供您选择。对于子网,它适用于子网中的所有服务。对于NIC来说,这只是它所关联的一个。