如何将多个VPC CIDR传递到terraform V.15中的security_group_规则资源_Terraform_Amazon Vpc_Terraform0.12+

如何将多个VPC CIDR传递到terraform V.15中的security_group_规则资源

terraform

如何将多个VPC CIDR传递到terraform V.15中的security_group_规则资源,terraform,amazon-vpc,terraform0.12+,Terraform,Amazon Vpc,Terraform0.12+,我需要将VPC CIDR范围列表传递给aws\u security\u group\u rule资源我正在使用terraform版本：v.15.0 以下是我正在使用的代码： variable "list_of_vps" { description = "CIDR covering kops compute nodes" type = list default = ["vpc-foo", "v

我需要将VPC CIDR范围列表传递给aws\u security\u group\u rule资源

我正在使用terraform版本：v.15.0

以下是我正在使用的代码：

variable "list_of_vps" {
  description = "CIDR covering kops compute nodes"
  type        = list
  default     = ["vpc-foo", "vpc-bar"]
}

data "aws_vpcs" "list_of_vpcs"{
  count = length(var.list_of_vps)
  filter {
    name   = "tag:Name"
    values = ["vpc-${element(var.list_of_vps, count.index)}"]
  }
}

data "aws_vpc" "get_vpc_id" {
    count = length(data.aws_vpcs.list_of_vpcs.ids)
    id    = tolist(data.aws_vpcs.list_of_vpcs.ids)[count.index]
}

resource "aws_security_group_rule" "ingress" {
  count = length(data.aws_vpcs.list_of_vpcs.ids)
  type              = "ingress"
  protocol          = "tcp"
  from_port         = 5432
  to_port           = 5432
  cidr_blocks       = [data.aws_vpc.get_vpc_id[count.index].cidr_block]
  security_group_id = module.postgress.postgress_security_group_id
}

我得到下面的错误

on data.tf line 10, in data "aws_vpc" "get_vpc_id":
  10:     count = length(data.aws_vpcs.list_of_vpcs.ids)
  Because data.aws_vpcs.list_of_vpcs has "count" set, its attributes must be accessed 
 on specific instances.
 For example, to correlate with indices of a referring resource, use:
    data.aws_vpcs.list_of_vpcs[count.index]
    Error: Missing resource instance key
 
   on data.tf line 15, in data "aws_vpc" "get_vpc_id":
   15:   id = tolist(data.aws_vpcs.get_vpc_id.ids)[count.index]
 
 Because data.aws_vpcs.prod has a "count" set, its attributes must be accessed
 on specific instances.
 For example, to correlate with indices of a referring resource, use:
     data.aws_vpcs.list_of_vpcs[count.index]

有人能帮我一下吗？

Terraform似乎正在返回此错误，因为您的表达式

data.aws\u vpcs.list\u of vpcs.ids

。该表达式无效，因为

data.aws\u vpcs.list\u of\u vpcs

是一个对象列表，而不是单个对象，因此您需要告诉Terraform要从列表中的哪个元素访问

.id

属性

然而，我想你的目标是得到列表中元素的数量，在这种情况下，你可以通过向Terraform询问对象列表本身的长度，而不是该列表的假设属性：

  count = length(data.aws_vpcs.list_of_vpcs)

对于

tolist

调用表达式中的另一个错误，我不太确定您的意图是什么。似乎您的模块采用了单个VPC的一组名称，您的目标是为每个VPC查找具有该名称的对应VPC并确定其CIDR块。由于您只希望在该列表中为每个名称找到一个专有网络，因此我认为您根本不需要

data.aws_vpcs.list_of_vpcs

：即查找多个符合特定条件的专有网络。相反，您可以直接在singlular

data.aws_vpc

数据源中按名称标记进行过滤。也许是这样的：

variable "vpc_names" {
  type = set(string)
}

data "aws_vpc" "selected" {
  for_each = var.vpc_names

  tags = {
    Name = each.value
  }
}

resource "aws_security_group_rule" "ingress" {
  for_each = data.aws_vpc.selected

  type              = "ingress"
  protocol          = "tcp"
  from_port         = 5432
  to_port           = 5432
  cidr_blocks       = [each.value.cidr_block]
  security_group_id = module.postgress.postgress_security_group_id
}

上面告诉Terraform在

var.VPC_names

的每个元素中查找一个VPC，希望找到一个具有给定名称的VPC（如果没有一个VPC，则会失败）。然后，它为每个vpc声明一个安全组规则，其中

each.value.cidr_block

表示使用

aws_vpc.selected

的当前元素中的

cidr_block

属性