我一直在努力弄清楚关于地形模块的这一点。我在代码中添加了一个安全组模块并进行了部署。部署后,我无法向组中添加新规则,除非我污染整个模块并重新部署它。我试过在谷歌上查找,但真的找不到答案。
我唯一能想到的就是在事实之后添加一个资源块来添加新规则。。。但这不是违背了模块的目的吗?
如有任何帮助,我们将不胜感激。
这是我使用的代码示例。如果我成功地部署了它,然后返回并进行更改,则更改永远不会被读取。
module "main_sg_web" {
source = "terraform-aws-modules/security-group/aws"
name = "Web SG"
description = "Security group for Web Services with port 443 open within VPC"
vpc_id = module.vpc.vpc_id
ingress_cidr_blocks = ["10.10.0.0/16"]
egress_cidr_blocks = ["0.0.0.0/0"]
ingress_rules = ["https-443-tcp"]
egress_with_cidr_blocks = [
{
from_port = 0
to_port = 0
protocol = "-1"
description = "outbound traffic"
cidr_blocks = "0.0.0.0/0"
}
]
tags = var.vpc_tags
}
根据文档https://registry.terraform.io/modules/terraform-aws-modules/security-group/aws/2.10.0/submodules/ssh?tab=outputs,模块输出安全组ID
你可以使用https://www.terraform.io/docs/providers/aws/r/security_group_rule.html添加一条规则:
resource "aws_security_group_rule" "allow_all" {
type = "ingress"
from_port = 0
to_port = 65535
protocol = "tcp"
cidr_blocks = "10.0.0.0/8"
security_group_id = ${module.main_sg_web.this_security_group_id}
}