如何将多个VPC CIDR传递到terraform V.15中的security_group_规则资源
我需要将VPC CIDR范围列表传递给aws\u security\u group\u rule资源 我正在使用terraform版本:v.15.0 以下是我正在使用的代码:如何将多个VPC CIDR传递到terraform V.15中的security_group_规则资源,terraform,amazon-vpc,terraform0.12+,Terraform,Amazon Vpc,Terraform0.12+,我需要将VPC CIDR范围列表传递给aws\u security\u group\u rule资源 我正在使用terraform版本:v.15.0 以下是我正在使用的代码: variable "list_of_vps" { description = "CIDR covering kops compute nodes" type = list default = ["vpc-foo", "v
variable "list_of_vps" {
description = "CIDR covering kops compute nodes"
type = list
default = ["vpc-foo", "vpc-bar"]
}
data "aws_vpcs" "list_of_vpcs"{
count = length(var.list_of_vps)
filter {
name = "tag:Name"
values = ["vpc-${element(var.list_of_vps, count.index)}"]
}
}
data "aws_vpc" "get_vpc_id" {
count = length(data.aws_vpcs.list_of_vpcs.ids)
id = tolist(data.aws_vpcs.list_of_vpcs.ids)[count.index]
}
resource "aws_security_group_rule" "ingress" {
count = length(data.aws_vpcs.list_of_vpcs.ids)
type = "ingress"
protocol = "tcp"
from_port = 5432
to_port = 5432
cidr_blocks = [data.aws_vpc.get_vpc_id[count.index].cidr_block]
security_group_id = module.postgress.postgress_security_group_id
}
我得到下面的错误
on data.tf line 10, in data "aws_vpc" "get_vpc_id":
10: count = length(data.aws_vpcs.list_of_vpcs.ids)
Because data.aws_vpcs.list_of_vpcs has "count" set, its attributes must be accessed
on specific instances.
For example, to correlate with indices of a referring resource, use:
data.aws_vpcs.list_of_vpcs[count.index]
Error: Missing resource instance key
on data.tf line 15, in data "aws_vpc" "get_vpc_id":
15: id = tolist(data.aws_vpcs.get_vpc_id.ids)[count.index]
Because data.aws_vpcs.prod has a "count" set, its attributes must be accessed
on specific instances.
For example, to correlate with indices of a referring resource, use:
data.aws_vpcs.list_of_vpcs[count.index]
有人能帮我一下吗?Terraform似乎正在返回此错误,因为您的表达式
data.aws\u vpcs.list\u of vpcs.ids
。该表达式无效,因为data.aws\u vpcs.list\u of\u vpcs
是一个对象列表,而不是单个对象,因此您需要告诉Terraform要从列表中的哪个元素访问.id
属性
然而,我想你的目标是得到列表中元素的数量,在这种情况下,你可以通过向Terraform询问对象列表本身的长度,而不是该列表的假设属性:
count = length(data.aws_vpcs.list_of_vpcs)
对于tolist
调用表达式中的另一个错误,我不太确定您的意图是什么。似乎您的模块采用了单个VPC的一组名称,您的目标是为每个VPC查找具有该名称的对应VPC并确定其CIDR块。由于您只希望在该列表中为每个名称找到一个专有网络,因此我认为您根本不需要data.aws_vpcs.list_of_vpcs
:即查找多个符合特定条件的专有网络。相反,您可以直接在singlulardata.aws_vpc
数据源中按名称标记进行过滤。也许是这样的:
variable "vpc_names" {
type = set(string)
}
data "aws_vpc" "selected" {
for_each = var.vpc_names
tags = {
Name = each.value
}
}
resource "aws_security_group_rule" "ingress" {
for_each = data.aws_vpc.selected
type = "ingress"
protocol = "tcp"
from_port = 5432
to_port = 5432
cidr_blocks = [each.value.cidr_block]
security_group_id = module.postgress.postgress_security_group_id
}
上面告诉Terraform在var.VPC_names
的每个元素中查找一个VPC,希望找到一个具有给定名称的VPC(如果没有一个VPC,则会失败)。然后,它为每个vpc声明一个安全组规则,其中each.value.cidr_block
表示使用aws_vpc.selected
的当前元素中的cidr_block
属性