使用terraform安全组模块在cidr_块中指定私有_ip地址
当使用terraform aws模块/安全组/aws模块时,我可以使用字符串“10.211.103.254/32”指定CIDR_块,但我无法引用基本上包含terraform输出验证的相同值的变量:使用terraform安全组模块在cidr_块中指定私有_ip地址,terraform,terraform-provider-aws,Terraform,Terraform Provider Aws,当使用terraform aws模块/安全组/aws模块时,我可以使用字符串“10.211.103.254/32”指定CIDR_块,但我无法引用基本上包含terraform输出验证的相同值的变量: Apply complete! Resources: 1 added, 4 changed, 1 destroyed. Outputs: blah_private_ip = 10.211.103.254/32 例如,下面的代码可以工作 output "blah_private_ip" {
Apply complete! Resources: 1 added, 4 changed, 1 destroyed.
Outputs:
blah_private_ip = 10.211.103.254/32
例如,下面的代码可以工作
output "blah_private_ip" {
value = "${aws_instance.SERVER-NAME-01.private_ip}/32"
}
module "blahsvr-sg" {
source = "terraform-aws-modules/security-group/aws"
name = "blahsvr-sg"
description = "Security group for blah server"
vpc_id = "${module.vpc.vpc_id}"
ingress_with_cidr_blocks = [
{
from_port = 443
to_port = 443
protocol = "tcp"
description = "HTTPS from server- managed by terraform"
cidr_blocks = "10.211.103.254/32" # works
#cidr_blocks = "${var.blah_private_ip}" # gives error
},
]
egress_with_cidr_blocks = [
{
from_port = "0"
to_port = "65535"
protocol = "-1"
description = "ALL"
cidr_blocks = "0.0.0.0/0"
},
]
}
但是,使用相同的代码,但替换cidr_块行以引用“${var.blah_private_ip}”变量,会产生以下terraform apply错误:
Error: module.gxesvr-sg.aws_security_group_rule.ingress_with_cidr_blocks[0]: "cidr_blocks.0" must contain a valid CIDR, got error parsing: invalid CIDR address:
我还尝试将其包装到CIDR块定义中,但我不知道/32(单个IP地址)的值
希望有人能帮我调试一下。我看不出您在哪里定义
blah_private_ip
变量。这似乎和我的不一样
output "blah_private_ip" {
value = "${aws_instance.SERVER-NAME-01.private_ip}/32"
}
你应该能够做到
module "blahsvr-sg" {
source = "terraform-aws-modules/security-group/aws"
...
ingress_with_cidr_blocks = [
{
...
cidr_blocks = "${aws_instance.SERVER-NAME-01.private_ip}/32"
...
}
]
}
而不是在变量内插入ip输出(这是您无法做到的)
如果您想将相同的值用于输出和带有cidr块->cidr的入口\u,您可以定义一个类似这样的本地值
locals {
cidr = "${aws_instance.SERVER-NAME-01.private_ip}/32"
}
module "blahsvr-sg" {
source = "terraform-aws-modules/security-group/aws"
...
ingress_with_cidr_blocks = [
{
...
cidr_blocks = "${local.cidr}"
...
}
]
}
output "my_cidr" {
value = "${local.cidr}"
}
locals {
cidr = "${aws_instance.SERVER-NAME-01.private_ip}/32"
}
module "blahsvr-sg" {
source = "terraform-aws-modules/security-group/aws"
...
ingress_with_cidr_blocks = [
{
...
cidr_blocks = "${local.cidr}"
...
}
]
}
output "my_cidr" {
value = "${local.cidr}"
}