我正在尝试探索terraform以在AWS中创建自动化基础设施。我不清楚如何在terraform中将安全组附加到aws实例。
例如,是否有任何属性可以指定安全组,如下所示
resource "aws_instance" "web" {
ami = "ami-a1b2c3d4"
instance_type = "t2.micro"
}
使用参数 vpc_security_group_ids 。此参数接受 N 个安全组 ID 的列表
resource "aws_instance" "web" {
ami = "ami-a1b2c3d4"
instance_type = "t2.micro"
}
resource "aws_security_group" "sec_group" {
name = "sec_group"
vpc_id = "vpc-3324nnrvdl"
}
resource "aws_network_interface_sg_attachment" "sg_attachment" {
security_group_id = "${data.aws_security_group.sec_group.id}"
network_interface_id = "${aws_instance.web.primary_network_interface_id}"
}
这样,您将能够将 SG 附加到 EC2 实例,并且两者都将处于解耦状态。
利用 Ay0 的答案:您可以包含vpc_security_group_ids规则,例如:
resource "aws_security_group" "basic_security" {
ingress {...}
egress {...}
}
resource "aws_instance" "web" {
ami = "ami-a1b2c3d4"
instance_type = "t2.nano"
vpc_security_group_ids = [aws_security_group.basic_security.id]
}
您可以包含如下aws_security_group:
resource "aws_security_group" "sg" {
name = "sg"
description = "Web Security Group for HTTP"
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}