如何在 ec2 模块中引用 vpc 模块中创建的子网?
provider "aws" {
region = "us-east-2"
}
module "myvpc" {
source = "terraform-aws-modules/vpc/aws"
name = "my-vpc"
cidr = "10.0.0.0/16"
azs = ["us-east-1a", "us-east-1b", "us-east-1c"]
private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
assign_generated_ipv6_cidr_block = true
enable_nat_gateway = true
single_nat_gateway = true
enable_s3_endpoint = true
enable_dynamodb_endpoint = true
public_subnet_tags = {
Name = "overridden-name-public"
}
tags = {
Owner = "user"
Environment = "dev"
Name = "terraformtestvpc"
}
vpc_tags = {
Name = "vpc-name"
}
}
module "ssh_access_sg" {
source = "terraform-aws-modules/security-group/aws//modules/ssh"
name = "ssh-access"
description = "Security group for ssh access"
vpc_id = "${module.myvpc.vpc_id}"
ingress_cidr_blocks = ["0.0.0.0/0"]
}
data "aws_ami" "amazon_linux" {
most_recent = true
filter {
name = "name"
values = [
"amzn-ami-hvm-*-x86_64-gp2",
]
}
filter {
name = "owner-alias"
values = [
"amazon",
]
}
}
module "ec2" {
source = "terraform-aws-modules/ec2-instance/aws"
instance_count = 2
name = "example-normal"
ami = "${data.aws_ami.amazon_linux.id}"
instance_type = "t2.medium"
subnet_id = "${element(module.myvpc.private_subnets, 0)}"
vpc_security_group_ids = ["${module.ssh_access_sg.this_security_group_id}"]
associate_public_ip_address = true
}
答案1
要引用模块中创建的值,您必须output使用相应的语句来引用该值。
然后您可以使用 访问该值${module.NAME.OUTPUT}。
有关详细信息,请参阅: https://www.terraform.io/intro/getting-started/modules.html
部分Module Outputs和:
https://www.terraform.io/intro/getting-started/outputs.html
答案2
将 VPC 引用为 module.vpc.id
对于公共子网:将子网引用为 module.public.subnets[0]
其中 [0] 是第一个子网,[1] 是第二个子网,依此类推...
对于私有子网,请将子网引用为 module.private.subnets[0]
和同样的想法,创建的每个子网都将以 [0],[1],[2]... 的形式列在列表中。
下面是基于 terraform a 模块 VPC.tf 的工作 Instance.tf:
# an example instance in the public subnet
resource "aws_instance" "public_instance" {
ami = data.aws_ami.amazon_linux_2.id
instance_type = "t2.micro"
subnet_id = module.vpc.public_subnets[0]
vpc_security_group_ids = [aws_security_group.public_instance_ssh.id]
key_name = "my-key"
user_data = <<EOF
#!/bin/bash
yum update -y
EOF
tags = {
Name = "Public Server"
}
}
resource "aws_security_group" "public_instance_ssh" {
name = "Public-instance"
description = "expose SSH"
vpc_id = module.vpc.vpc_id
ingress {
protocol = "tcp"
from_port = 22
to_port = 22
cidr_blocks = ["0.0.0.0/0"]
}
egress {
protocol = "-1"
from_port = 0
to_port = 0
cidr_blocks = ["0.0.0.0/0"]
}
}
# AMI of the latest Amazon Linux 2
data "aws_ami" "amazon_linux_2" {
most_recent = true
owners = ["amazon"]
filter {
name = "architecture"
values = ["x86_64"]
}
filter {
name = "root-device-type"
values = ["ebs"]
}
filter {
name = "name"
values = ["amzn2-ami-hvm-*"]
}
filter {
name = "virtualization-type"
values = ["hvm"]
}
filter {
name = "block-device-mapping.volume-type"
values = ["gp2"]
}
}
答案3
您可以通过其索引访问子网列表。module.myvpc.public_subnets[*] 或 module.myvpc.private_subnets[0](对于第一个子网)