使用terraform安全组模块在cidr_块中指定私有_ip地址

使用terraform安全组模块在cidr_块中指定私有_ip地址,terraform,terraform-provider-aws,Terraform,Terraform Provider Aws,当使用terraform aws模块/安全组/aws模块时,我可以使用字符串“10.211.103.254/32”指定CIDR_块,但我无法引用基本上包含terraform输出验证的相同值的变量: Apply complete! Resources: 1 added, 4 changed, 1 destroyed. Outputs: blah_private_ip = 10.211.103.254/32 例如,下面的代码可以工作 output "blah_private_ip" {

当使用terraform aws模块/安全组/aws模块时,我可以使用字符串“10.211.103.254/32”指定CIDR_块,但我无法引用基本上包含terraform输出验证的相同值的变量:

Apply complete! Resources: 1 added, 4 changed, 1 destroyed.

Outputs:

blah_private_ip = 10.211.103.254/32
例如,下面的代码可以工作

output "blah_private_ip" {
   value = "${aws_instance.SERVER-NAME-01.private_ip}/32"
}

module "blahsvr-sg" {
source = "terraform-aws-modules/security-group/aws"

name        = "blahsvr-sg"
description = "Security group for blah server"
vpc_id      = "${module.vpc.vpc_id}"

ingress_with_cidr_blocks = [
{
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
    description = "HTTPS from server- managed by terraform"

    cidr_blocks = "10.211.103.254/32"  # works
    #cidr_blocks = "${var.blah_private_ip}"  # gives error
  },
]

egress_with_cidr_blocks = [
{
    from_port   = "0"
    to_port     = "65535"
    protocol    = "-1"
    description = "ALL"
    cidr_blocks = "0.0.0.0/0"
  },
  ]
}
但是,使用相同的代码,但替换cidr_块行以引用“${var.blah_private_ip}”变量,会产生以下terraform apply错误:

 Error: module.gxesvr-sg.aws_security_group_rule.ingress_with_cidr_blocks[0]: "cidr_blocks.0" must contain a valid CIDR, got error parsing: invalid CIDR address:
我还尝试将其包装到CIDR块定义中,但我不知道/32(单个IP地址)的值


希望有人能帮我调试一下。

我看不出您在哪里定义
blah_private_ip
变量。这似乎和我的不一样

output "blah_private_ip" {
   value = "${aws_instance.SERVER-NAME-01.private_ip}/32"
}
你应该能够做到

module "blahsvr-sg" {
  source = "terraform-aws-modules/security-group/aws"
  ...
  ingress_with_cidr_blocks = [
    {
    ...
    cidr_blocks = "${aws_instance.SERVER-NAME-01.private_ip}/32"
    ...
    }
  ]
}
而不是在变量内插入ip输出(这是您无法做到的)

如果您想将相同的值用于输出和带有cidr块->cidr的
入口\u,您可以定义一个类似这样的本地值

locals {
  cidr = "${aws_instance.SERVER-NAME-01.private_ip}/32"
}


module "blahsvr-sg" {
  source = "terraform-aws-modules/security-group/aws"
  ...
  ingress_with_cidr_blocks = [
    {
    ...
    cidr_blocks = "${local.cidr}"
    ...
    }
  ]
}

output "my_cidr" {
  value = "${local.cidr}"
}
locals {
  cidr = "${aws_instance.SERVER-NAME-01.private_ip}/32"
}


module "blahsvr-sg" {
  source = "terraform-aws-modules/security-group/aws"
  ...
  ingress_with_cidr_blocks = [
    {
    ...
    cidr_blocks = "${local.cidr}"
    ...
    }
  ]
}

output "my_cidr" {
  value = "${local.cidr}"
}