我需要将VPC CIDR范围列表传递给aws_security_group_rule资源。
我使用的是地形版本:v.15.0
这是我正在使用的代码:
variable "list_of_vps" {
description = "CIDR covering kops compute nodes"
type = list
default = ["vpc-foo", "vpc-bar"]
}
data "aws_vpcs" "list_of_vpcs"{
count = length(var.list_of_vps)
filter {
name = "tag:Name"
values = ["vpc-${element(var.list_of_vps, count.index)}"]
}
}
data "aws_vpc" "get_vpc_id" {
count = length(data.aws_vpcs.list_of_vpcs.ids)
id = tolist(data.aws_vpcs.list_of_vpcs.ids)[count.index]
}
resource "aws_security_group_rule" "ingress" {
count = length(data.aws_vpcs.list_of_vpcs.ids)
type = "ingress"
protocol = "tcp"
from_port = 5432
to_port = 5432
cidr_blocks = [data.aws_vpc.get_vpc_id[count.index].cidr_block]
security_group_id = module.postgress.postgress_security_group_id
}
我得到以下错误。
on data.tf line 10, in data "aws_vpc" "get_vpc_id":
10: count = length(data.aws_vpcs.list_of_vpcs.ids)
Because data.aws_vpcs.list_of_vpcs has "count" set, its attributes must be accessed
on specific instances.
For example, to correlate with indices of a referring resource, use:
data.aws_vpcs.list_of_vpcs[count.index]
Error: Missing resource instance key
on data.tf line 15, in data "aws_vpc" "get_vpc_id":
15: id = tolist(data.aws_vpcs.get_vpc_id.ids)[count.index]
Because data.aws_vpcs.prod has a "count" set, its attributes must be accessed
on specific instances.
For example, to correlate with indices of a referring resource, use:
data.aws_vpcs.list_of_vpcs[count.index]
有人能帮我做这个吗?
Terraform似乎因为表达式data.aws_vpcs.list_of_vpcs.ids而返回此错误。该表达式无效,因为data.aws_vpcs.list_of_vpcs是一个对象列表,而不是单个对象,因此您需要告诉Terraform要从列表的哪个元素访问.id属性。
然而,我想你的目标是获得列表中元素的数量,在这种情况下,你可以通过向Terraform询问对象列表本身的长度来达到目的,而不是该列表的假设属性:
count = length(data.aws_vpcs.list_of_vpcs)
对于tolist调用表达式中的另一个错误,我不太确定您的意图是什么。您的模块似乎采用了一组单个VPC的名称,您的目标是为每一个VPC找到具有该名称的相应VPC并确定其CIDR块。由于您只希望在该列表中的每个名称中找到一个VPC,我认为您根本不需要data.aws_vpcs.list_of_vpcs:即用于查找符合特定条件的多个VPC。相反,您可以直接在singlulardata.aws_vpc数据源中通过Name标记进行筛选。也许是这样的:
variable "vpc_names" {
type = set(string)
}
data "aws_vpc" "selected" {
for_each = var.vpc_names
tags = {
Name = each.value
}
}
resource "aws_security_group_rule" "ingress" {
for_each = data.aws_vpc.selected
type = "ingress"
protocol = "tcp"
from_port = 5432
to_port = 5432
cidr_blocks = [each.value.cidr_block]
security_group_id = module.postgress.postgress_security_group_id
}
以上告诉Terraform在var.vpc_names的每个元素中查找一个VPC,期望找到一个具有给定名称的VPC(如果没有,则会失败(。然后,它为这些VPC中的每一个声明一个安全组规则,其中each.value.cidr_block表示使用aws_vpc.selected的当前元素中的cidr_block属性。