Terraform Azure应用程序服务-ip_限制
我正在尝试在我的Azure应用程序服务应用程序中设置IP限制块 执行地形规划或应用时,我收到以下错误: 错误:azurerm_app_service.app-service-1::无效或未知密钥:ip_限制 我使用了应用服务(Web应用)资源的每个Terraform文档的ip_限制 以下是我正在使用的AppService部署代码:Terraform Azure应用程序服务-ip_限制,terraform,azure-web-app-service,ip-restrictions,Terraform,Azure Web App Service,Ip Restrictions,我正在尝试在我的Azure应用程序服务应用程序中设置IP限制块 执行地形规划或应用时,我收到以下错误: 错误:azurerm_app_service.app-service-1::无效或未知密钥:ip_限制 我使用了应用服务(Web应用)资源的每个Terraform文档的ip_限制 以下是我正在使用的AppService部署代码: resource "azurerm_app_service" "app-service-1" { name = "${var
resource "azurerm_app_service" "app-service-1" {
name = "${var.app_service_1}"
location = "${data.azurerm_resource_group.core-rg.location}"
resource_group_name = "${data.azurerm_resource_group.core-rg.name}"
app_service_plan_id = "${data.azurerm_app_service_plan.app-service-plan-1.id}"
https_only = "True"
enabled = "True"
client_affinity_enabled = "True"
site_config {
always_on = "True"
#default_documents = ""
dotnet_framework_version = "v4.0"
#http2_enabled = ""
#ip_restriction = ""
#java_version = ""
#java_container = ""
#java_container_version = ""
managed_pipeline_mode = "Integrated"
min_tls_version = "1.2"
#php_version = ""
#python_version = ""
remote_debugging_enabled = "False"
#remote_debugging_version = ""
scm_type = "None"
use_32_bit_worker_process = "False"
websockets_enabled = "True"
#ftps_state = ""
}
app_settings {
"KeyVaultURI" = ""
"WEBSITE_NODE_DEFAULT_VERSION" = "6.9.1"
}
ip_restriction {
"ip_address" = ""
}
resource "azurerm_app_service" "app-service-1" {
name = "${var.app_service_1}"
location = "${data.azurerm_resource_group.core-rg.location}"
resource_group_name = "${data.azurerm_resource_group.core-rg.name}"
app_service_plan_id = "${data.azurerm_app_service_plan.app-service-plan-1.id}"
https_only = "True"
enabled = "True"
client_affinity_enabled = "True"
site_config {
always_on = "True"
#default_documents = ""
dotnet_framework_version = "v4.0"
#http2_enabled = ""
#ip_restriction = ""
#java_version = ""
#java_container = ""
#java_container_version = ""
managed_pipeline_mode = "Integrated"
min_tls_version = "1.2"
#php_version = ""
#python_version = ""
remote_debugging_enabled = "False"
#remote_debugging_version = ""
scm_type = "None"
use_32_bit_worker_process = "False"
websockets_enabled = "True"
#ftps_state = ""
ip_restriction {
ip_address = "${var.ip_address_1}"
}
ip_restriction {
ip_address = "${var.ip_address_2}"
}
ip_restriction {
ip_address = "${var.ip_address_3}"
}
}
app_settings {
"KeyVaultURI" = ""
"WEBSITE_NODE_DEFAULT_VERSION" = "6.9.1"
}
}
谢谢所以您遇到了语法错误。正如我在过去一年中所了解到的那样,这些文档阅读起来可能会令人困惑。如果你读了上面的部分,你会发现它需要一个或多个。这意味着它需要一个数组 文档中还有一部分告诉您,它在数组中需要一个具有ip地址和子网掩码属性的对象。就是 因此,要解决您的问题,您需要以下ip_限制
ip_restriction = [
{
ip_address = "10.0.0.0"
}
]
希望这有帮助。对于那些感兴趣的人,这里是在Terraform中使用ipRestrictions的方法 ip限制是站点配置{}的一部分 请参见下面的如何使用: AppService.tf:
resource "azurerm_app_service" "app-service-1" {
name = "${var.app_service_1}"
location = "${data.azurerm_resource_group.core-rg.location}"
resource_group_name = "${data.azurerm_resource_group.core-rg.name}"
app_service_plan_id = "${data.azurerm_app_service_plan.app-service-plan-1.id}"
https_only = "True"
enabled = "True"
client_affinity_enabled = "True"
site_config {
always_on = "True"
#default_documents = ""
dotnet_framework_version = "v4.0"
#http2_enabled = ""
#ip_restriction = ""
#java_version = ""
#java_container = ""
#java_container_version = ""
managed_pipeline_mode = "Integrated"
min_tls_version = "1.2"
#php_version = ""
#python_version = ""
remote_debugging_enabled = "False"
#remote_debugging_version = ""
scm_type = "None"
use_32_bit_worker_process = "False"
websockets_enabled = "True"
#ftps_state = ""
}
app_settings {
"KeyVaultURI" = ""
"WEBSITE_NODE_DEFAULT_VERSION" = "6.9.1"
}
ip_restriction {
"ip_address" = ""
}
resource "azurerm_app_service" "app-service-1" {
name = "${var.app_service_1}"
location = "${data.azurerm_resource_group.core-rg.location}"
resource_group_name = "${data.azurerm_resource_group.core-rg.name}"
app_service_plan_id = "${data.azurerm_app_service_plan.app-service-plan-1.id}"
https_only = "True"
enabled = "True"
client_affinity_enabled = "True"
site_config {
always_on = "True"
#default_documents = ""
dotnet_framework_version = "v4.0"
#http2_enabled = ""
#ip_restriction = ""
#java_version = ""
#java_container = ""
#java_container_version = ""
managed_pipeline_mode = "Integrated"
min_tls_version = "1.2"
#php_version = ""
#python_version = ""
remote_debugging_enabled = "False"
#remote_debugging_version = ""
scm_type = "None"
use_32_bit_worker_process = "False"
websockets_enabled = "True"
#ftps_state = ""
ip_restriction {
ip_address = "${var.ip_address_1}"
}
ip_restriction {
ip_address = "${var.ip_address_2}"
}
ip_restriction {
ip_address = "${var.ip_address_3}"
}
}
app_settings {
"KeyVaultURI" = ""
"WEBSITE_NODE_DEFAULT_VERSION" = "6.9.1"
}
}
@不幸的是,jamies的回答是不正确的。IP_限制不是一个列表,而是一个可重复的块 @gvazzana是正确的格式。 然而,有一个陷阱。。这将导致您看到的错误 在Tf中,我们习惯于以完整的CIDR格式键入IP地址,例如10.23.97.201/23或192.68.50.0/24,本节的azure门户甚至会这样显示它们 但是对于这个特殊的区块,在地形上,你必须按照传统的方式来做。例如:
site_config {
# For a single IP address
ip_restriction {
ip_address = "81.145.174.78"
}
ip_restriction {
# For an address range
ip_address = "10.240.101.0"
subnet_mask = "255.255.255.0"
}
}
如果你有一长串的地址和范围,这当然是一件痛苦的事情
现在terraform版本0.12.0已经面世,我们应该能够利用新的动态块样式和cidrhost
和cidrmask
功能来简化事情
例如:
测试
Terraform v0.12.13我认为您需要为ip地址分配一个值。当你把一个有效的IP地址放在那里会发生什么?是的,我在那里有一个IP,我在这篇文章中删除了它。我从Terraform Apply收到的错误是声称“无效或未知密钥:ip_限制”,好像它不是Terraform中支持的命令,请显示Terraform文档。是否有人成功使用ip_限制{“ip_地址”=“1.2.3.4”}。文档说明subnetmask是可选的,但首先我们需要Terraform将ip_限制识别为有效命令。有什么想法吗?谢谢您提供的信息。这确实令人困惑,几乎与来自Terraform的信息相矛盾!我相信这将解决这个问题。再次感谢!如果这回答了您的问题,请确保将其标记为答案,因为这将帮助其他人了解。我终于有机会尝试此live,并且它不接受该格式错误:azurerm_app_service.app-service-1::无效或未知密钥:ip_限制谢谢,非常好的信息。从v11切换到tf v12将非常困难。这么多的变化将不得不发生,并将打破代码,我敢肯定!正是我需要的!除了我认为子网掩码的函数需要是cdrnetmask(…)
。我无法让它工作,除非我像这样更改:content{ip\u address=cidrhost(ip\u restriction.value,0)subnet\u id=cidrnetmask(ip\u restriction.value)}
我在中找到了它。ip\u地址必须是CIDR符号,你不能设置名称或设置IP6地址,这很遗憾