如何使用 Terraform 在 AWS 安全组中定义多个 Ingress 规则?
我尝试过这个:
resource "aws_security_group" "sg_allowall" {
name = "${var.prefix}-allow"
ingress {
from_port = "443"
to_port = "443"
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = "0"
to_port = "0"
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_security_group_rule" "ssh_from_office" {
type = "ingress"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["192.202.168.66/32"]
security_group_id = "${resource.sg_allowall.id}"
}
但我收到以下错误:
Error: resource 'aws_security_group_rule.ssh_from_office' config: unknown resource 'resource.sg_allowall' referenced in variable resource.sg_allowall.id
答案1
这里有两个问题。首先,要引用您创建的安全组,您需要使用正确的语法:
security_group_id = "${aws_security_group.sg_allowall.id}"
好好看看Terraform 语法文档。
其次,不建议将内联块与独立安全组规则混合使用。文档中的警告关于这一点,所以也许也看一下。