使用 terraform-aws-modules/security-group/aws 模块时,我可以用字符串"10.211.103.254/32"指定一个CIDR_BLOCK,但我无法引用本质上包含与 terraform 输出验证的相同值的变量:
Apply complete! Resources: 1 added, 4 changed, 1 destroyed.
Outputs:
blah_private_ip = 10.211.103.254/32
例如,以下代码有效
output "blah_private_ip" {
value = "${aws_instance.SERVER-NAME-01.private_ip}/32"
}
module "blahsvr-sg" {
source = "terraform-aws-modules/security-group/aws"
name = "blahsvr-sg"
description = "Security group for blah server"
vpc_id = "${module.vpc.vpc_id}"
ingress_with_cidr_blocks = [
{
from_port = 443
to_port = 443
protocol = "tcp"
description = "HTTPS from server- managed by terraform"
cidr_blocks = "10.211.103.254/32" # works
#cidr_blocks = "${var.blah_private_ip}" # gives error
},
]
egress_with_cidr_blocks = [
{
from_port = "0"
to_port = "65535"
protocol = "-1"
description = "ALL"
cidr_blocks = "0.0.0.0/0"
},
]
}
但是,相同的代码,但替换cidr_blocks行以引用"${var.blah_private_ip}"变量反而会产生以下地形应用错误:
Error: module.gxesvr-sg.aws_security_group_rule.ingress_with_cidr_blocks[0]: "cidr_blocks.0" must contain a valid CIDR, got error parsing: invalid CIDR address:
我也尝试将其包装在 CIDR 块定义中,但我不知道/32(单个 IP 地址(具有哪些值。
cidr_blocks = "${cidrsubnet("${var.blah_private_ip}", 8, 0)}"
cidr_blocks = "${cidrsubnet("${var.blah_private_ip}", 16, 0 )}"
希望有人可以帮助我调试这个。
我没有看到你在哪里定义blah_private_ip变量。 它似乎与
output "blah_private_ip" {
value = "${aws_instance.SERVER-NAME-01.private_ip}/32"
}
你应该能够做...
module "blahsvr-sg" {
source = "terraform-aws-modules/security-group/aws"
...
ingress_with_cidr_blocks = [
{
...
cidr_blocks = "${aws_instance.SERVER-NAME-01.private_ip}/32"
...
}
]
}
而不是在变量中插入 IP 输出(您无法这样做(。
如果要对输出和ingress_with_cidr_blocks ->cidr输入使用相同的值,则可以像这样定义一个局部值
locals {
cidr = "${aws_instance.SERVER-NAME-01.private_ip}/32"
}
module "blahsvr-sg" {
source = "terraform-aws-modules/security-group/aws"
...
ingress_with_cidr_blocks = [
{
...
cidr_blocks = "${local.cidr}"
...
}
]
}
output "my_cidr" {
value = "${local.cidr}"
}