使用terraform安全组模块在cidr_块中指定私有_ip地址_Terraform_Terraform Provider Aws

使用terraform安全组模块在cidr_块中指定私有_ip地址

terraform

使用terraform安全组模块在cidr_块中指定私有_ip地址,terraform,terraform-provider-aws,Terraform,Terraform Provider Aws,当使用terraform aws模块/安全组/aws模块时，我可以使用字符串“10.211.103.254/32”指定CIDR_块，但我无法引用基本上包含terraform输出验证的相同值的变量： Apply complete! Resources: 1 added, 4 changed, 1 destroyed. Outputs: blah_private_ip = 10.211.103.254/32 例如，下面的代码可以工作 output "blah_private_ip" {

当使用terraform aws模块/安全组/aws模块时，我可以使用字符串“10.211.103.254/32”指定CIDR_块，但我无法引用基本上包含terraform输出验证的相同值的变量：

Apply complete! Resources: 1 added, 4 changed, 1 destroyed.

Outputs:

blah_private_ip = 10.211.103.254/32

例如，下面的代码可以工作

output "blah_private_ip" {
   value = "${aws_instance.SERVER-NAME-01.private_ip}/32"
}

module "blahsvr-sg" {
source = "terraform-aws-modules/security-group/aws"

name        = "blahsvr-sg"
description = "Security group for blah server"
vpc_id      = "${module.vpc.vpc_id}"

ingress_with_cidr_blocks = [
{
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
    description = "HTTPS from server- managed by terraform"

    cidr_blocks = "10.211.103.254/32"  # works
    #cidr_blocks = "${var.blah_private_ip}"  # gives error
  },
]

egress_with_cidr_blocks = [
{
    from_port   = "0"
    to_port     = "65535"
    protocol    = "-1"
    description = "ALL"
    cidr_blocks = "0.0.0.0/0"
  },
  ]
}

但是，使用相同的代码，但替换cidr_块行以引用“${var.blah_private_ip}”变量，会产生以下terraform apply错误：

 Error: module.gxesvr-sg.aws_security_group_rule.ingress_with_cidr_blocks[0]: "cidr_blocks.0" must contain a valid CIDR, got error parsing: invalid CIDR address:

我还尝试将其包装到CIDR块定义中，但我不知道/32（单个IP地址）的值

希望有人能帮我调试一下。

我看不出您在哪里定义

blah_private_ip

变量。这似乎和我的不一样

output "blah_private_ip" {
   value = "${aws_instance.SERVER-NAME-01.private_ip}/32"
}

你应该能够做到

module "blahsvr-sg" {
  source = "terraform-aws-modules/security-group/aws"
  ...
  ingress_with_cidr_blocks = [
    {
    ...
    cidr_blocks = "${aws_instance.SERVER-NAME-01.private_ip}/32"
    ...
    }
  ]
}

而不是在变量内插入ip输出（这是您无法做到的）

如果您想将相同的值用于输出和带有cidr块->cidr的

入口\u，您可以定义一个类似这样的本地值
locals {
  cidr = "${aws_instance.SERVER-NAME-01.private_ip}/32"
}


module "blahsvr-sg" {
  source = "terraform-aws-modules/security-group/aws"
  ...
  ingress_with_cidr_blocks = [
    {
    ...
    cidr_blocks = "${local.cidr}"
    ...
    }
  ]
}

output "my_cidr" {
  value = "${local.cidr}"
}

locals {
  cidr = "${aws_instance.SERVER-NAME-01.private_ip}/32"
}


module "blahsvr-sg" {
  source = "terraform-aws-modules/security-group/aws"
  ...
  ingress_with_cidr_blocks = [
    {
    ...
    cidr_blocks = "${local.cidr}"
    ...
    }
  ]
}

output "my_cidr" {
  value = "${local.cidr}"
}