在尝试创建vpc端点时,我必须在vpc中动态创建安全组,然后将其附加到同一地形平面中的vpc端点。有没有一种方法可以使用terraform将VPC的所有安全组ID放在一个列表中?
有没有一种方法可以使用terraform将VPC的所有安全组ID放在一个列表中?
是的,您可以使用aws_security_groups数据源:
data "aws_security_groups" "test" {
filter {
name = "vpc-id"
values = ["your-vpc-id"]
}
}
output "test" {
value = data.aws_security_groups.test.ids
}
创建vpc,如下所示
resource "aws_vpc" "main" {
id = var.vpc_id
cidr_block = "10.0.0.0/16"
}
创建安全组
resource "aws_security_group" "sg1" {
name = "allow_tls"
description = "Allow TLS inbound traffic"
vpc_id = aws_vpc.main.id
ingress {
description = "TLS from VPC"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = [aws_vpc.main.cidr_block]
ipv6_cidr_blocks = [aws_vpc.main.ipv6_cidr_block]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
tags = {
Name = "allow_tls"
}
}
创建vpc端点,从上述安全组资源块动态获取安全组ID
resource "aws_vpc_endpoint" "endpoint_vpc" {
vpc_id = aws_vpc.main.id
service_name = "com.amazonaws.us-west-2.ec2"
vpc_endpoint_type = "Interface"
security_group_ids = [
aws_security_group.sg1.id,
]
private_dns_enabled = true
}
您总是可以在outputs.tf文件中获得结果,如下所述
output "security_groups_id's" {
value = aws_security_groups.sg1.ids
}