请帮我,我是Terraform的新手。我已经通过terrform模块创建了两个安全组。现在我想允许第一个sg1进入sg2,并允许sg2进入sg1。
为此,我需要模块中的两个安全组id。你们也能帮我吗。
模块主.tf
provider "aws" {
region = "${var.region}"
access_key = "${var.awsaccesskey}"
secret_key = "${var.awssecretkey}"
}
module "sg1" {
source = "./sg_create"
sg_name = "sg1"
vpcname = "${var.vpcnames}"
region = "${var.region}"
awssecretkey = "${var.awssecretkey}"
awsaccesskey = "${var.awsaccesskey}"
}
module "sg2" {
source = "./sg_create"
sg_name = "sg2"
vpcname = "${var.vpcnames}"
region = "${var.region}"
awssecretkey = "${var.awssecretkey}"
awsaccesskey = "${var.awsaccesskey}"
}
output "sgid" {
value = ${sg2.aws_security_group.sg_create.id}
}
模块变量.tf
variable "region" {
type = string
default = "ap-southeast-1"
}
variable "awsaccesskey" {
type = string
default = "***********************"
}
variable "awssecretkey" {
type = string
default = "**********************************************"
}
variable "vpcnames" {
type = string
default = "firstvpc"
}
sg_create/main.tf
provider "aws" {
region = "${var.region}"
access_key = "${var.awsaccesskey}"
secret_key = "${var.awssecretkey}"
}
data "aws_vpc" "selected" {
filter {
name = "tag:Name"
values = ["${var.vpcname}"]
}
}
resource "aws_security_group" "sg_create" {
name = "${var.sg_name}"
description = "${var.sg_name}"
vpc_id = "${data.aws_vpc.selected.id}"
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "${var.sg_name}"
}
}
resource "aws_security_group_rule" "allow_all" {
type = "ingress"
from_port = 0
to_port = 0
protocol = "-1"
source_security_group_id = "${aws_security_group.sg_create.id}"
security_group_id = "${aws_security_group.sg_create.id}"
}
sg_create/variable.tf
variable "region" {
type = string
}
variable "awsaccesskey" {
type = string
}
variable "awssecretkey" {
type = string
}
variable "sg_name" {
type = string
}
variable "vpcname" {
type = string
}
得到答案
sg_create/main.tf
provider "aws" {
region = "${var.region}"
access_key = "${var.awsaccesskey}"
secret_key = "${var.awssecretkey}"
}
data "aws_vpc" "selected" {
filter {
name = "tag:Name"
values = ["${var.vpcname}"]
}
}
resource "aws_security_group" "sg_create" {
name = "${var.sg_name}"
description = "${var.sg_name}"
vpc_id = "${data.aws_vpc.selected.id}"
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "${var.sg_name}"
}
}
resource "aws_security_group_rule" "allow_all" {
type = "ingress"
from_port = 0
to_port = 0
protocol = "-1"
source_security_group_id = "${aws_security_group.sg_create.id}"
security_group_id = "${aws_security_group.sg_create.id}"
}
output "sg_id" {
value = "${aws_security_group.sg_create.id}"
}
模块主.tf
provider "aws" {
region = "${var.region}"
access_key = "${var.awsaccesskey}"
secret_key = "${var.awssecretkey}"
}
module "sg1" {
source = "./sg_create"
sg_name = "sg1"
vpcname = "${var.vpcnames}"
region = "${var.region}"
awssecretkey = "${var.awssecretkey}"
awsaccesskey = "${var.awsaccesskey}"
}
module "sg2" {
source = "./sg_create"
sg_name = "sg2"
vpcname = "${var.vpcnames}"
region = "${var.region}"
awssecretkey = "${var.awssecretkey}"
awsaccesskey = "${var.awsaccesskey}"
}
output "this_security_group_id" {
value = "${module.sg2.sg_id}"
}