我对如何将NSG与配置中的子网相关联感到困惑。
创建了一个数据和azurerm_subnet_network_security_group_association块,但我确信配置不正确。
有人能够审查我的代码并给我一些指导吗。感谢
app1数据.tf
data "azurerm_subnet" "subnet_data" {
name = var.subnet_name
virtual_network_name = var.net_name
resource_group_name = var.resource_group_name
}
app1-networking_nsgs.tf
module "nsg-app1" {
source = "git@gitlab.com:*/*"
nsg_name = var.nsg_name
resource_group_name = var.resource_group_name
location = var.location
nsg_security_rules = var.nsg_security_rules
}
# Associate the NSG with the subnet
resource "azurerm_subnet_network_security_group_association" "subnet_association" {
# subnet_id = var.subnet_id
subnet_id = data.azurerm_subnet.subnet_data.subnet.id
network_security_group_id = data.azurerm_network_security_group.nsg_data.id
# network_security_group_id = data.azurerm_network_security_group.nsg_data[0].id
}
模块子网主.tf
# Create the Subnet
resource "azurerm_subnet" "subnet" {
name = var.subnet_names
resource_group_name = var.resource_group_name
virtual_network_name = var.vnet_name
address_prefixes = var.subnet_cidr_list
}
模块子网输出。tf
output "subnet_name" {
description = "Name of the created subnet"
value = azurerm_subnet.subnet.name
}
output "subnet_id" {
value = azurerm_subnet.subnet.id
}
output "subnet_cidr_list" {
value = azurerm_subnet.subnet.address_prefixes
}
模块子网变量。tf
variable "subnet_names" {
type = string
}
variable "resource_group_name" {
type = string
description = "name of resource group"
}
variable "subnet_cidr_list" {
type = list(any)
description = "Address prefixes of Subnet"
}
variable "vnet_name" {
type = string
description = "Name of Virtual Network"
}
模块nsg-main.tf
resource "azurerm_network_security_group" "nsg" {
name = var.nsg_name
resource_group_name = var.resource_group_name
location = var.location
# tags = var.tags
dynamic "security_rule" {
for_each = var.nsg_security_rules
content {
name = lookup(security_rule.value, "name", null)
priority = lookup(security_rule.value, "priority", null)
direction = lookup(security_rule.value, "direction", null)
access = lookup(security_rule.value, "access", null)
protocol = lookup(security_rule.value, "protocol", null)
source_port_range = lookup(security_rule.value, "source_port_range", null)
source_port_ranges = lookup(security_rule.value, "source_port_ranges", null)
destination_port_range = lookup(security_rule.value, "destination_port_range", null)
destination_port_ranges = lookup(security_rule.value, "destination_port_ranges", null)
source_address_prefix = lookup(security_rule.value, "source_address_prefix", null)
source_address_prefixes = lookup(security_rule.value, "source_address_prefixes", null)
destination_address_prefix = lookup(security_rule.value, "destination_address_prefix", null)
destination_address_prefixes = lookup(security_rule.value, "destination_address_prefixes", null)
source_application_security_group_ids = lookup(security_rule.value, "source_application_security_group_ids ", null)
destination_application_security_group_ids = lookup(security_rule.value, "destination_application_security_group_ids ", null)
}
}
}
模块nsg输出。tf
output "nsg_id" {
description = "The ID of the newly created Network Security Group"
value = azurerm_network_security_group.nsg.id
}
output "nsg_name" {
description = "The name of the new NSG"
value = azurerm_network_security_group.nsg.name
}
模块nsg变量.tf
variable "resource_group_name" {
description = "description"
type = string
}
variable "location" {
description = "description"
type = string
# default = "West Europe"
}
variable "nsg_name" {
description = "description"
type = string
}
variable "nsg_security_rules" {
description = "A list of security rules to add to the security group. Each rule should be a map of values to add. See the Readme.md file for further details."
type = list(object({
name = string
priority = number
direction = string
access = string
protocol = string
source_port_range = string
destination_port_range = string
source_address_prefix = string
destination_address_prefix = string
}))
}
❯地形平面图-var文件=dev.tfvars
Error: Unsupported attribute
│
│ on networking_nsgs.tf line 19, in resource "azurerm_subnet_network_security_group_association" "subnet_association":
│ 19: subnet_id = data.azurerm_subnet.subnet_data.subnet.id
│
│ This object has no argument, nested block, or exported attribute named "subnet".
╵
╷
│ Error: Reference to undeclared resource
│
│ on networking_nsgs.tf line 20, in resource "azurerm_subnet_network_security_group_association" "subnet_association":
│ 20: network_security_group_id = azurerm_network_security_group.nsg.id
│
│ A managed resource "azurerm_network_security_group" "nsg" has not been declared in the root module.
从文档来看,子网的id是id
,而不是subnet.id
:
subnet_id = data.azurerm_subnet.subnet_data.id
至于第二个错误,您的代码甚至没有显示错误消息中报告的行。因此无法推测是什么原因造成的