Terraform 参考 for_each 创建的资源

huangapple go评论62阅读模式
英文:

Terraform refer to for_each created resources

问题

In your second security group (rds_sg), you can reference the security groups created in the first code like this:

resource "aws_security_group" "rds_sg" {
  name        = "${local.environment}-${local.workload_name}-rds-sg"
  description = "Security group for ${local.workload_name} workload RDS database"
  vpc_id      = local.vpc_id

  ingress {
    from_port       = 1521
    to_port         = 1521
    protocol        = "tcp"
    security_groups = aws_security_group.sg_ecs_app_service[*].id
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  lifecycle {
    create_before_destroy = true
  }
  tags = {
    "Name"        = "${local.environment}-${local.workload_name}-rds-sg"
    "environment" = local.environment
  }
}

By using aws_security_group.sg_ecs_app_service[*].id, you are referencing all the security group IDs created in the first code, which should resolve the error you were encountering.

英文:

I'm creating my infra with terraform and I need to create a few security groups in AWS. I need to create multiple SG with this code:

resource "aws_security_group" "sg_ecs_app_service" {
  for_each = local.mesh_resources
  name        = "${local.environment}-${local.workload_name}-ecs-${each.value.service_name}-service-sg"
  description = "Security group for ${local.workload_name} ECS ${each.value.service_name} service"

  vpc_id = local.vpc_id

  ingress {
    from_port       = each.value.service_port
    to_port         = each.value.service_port
    protocol        = "tcp"
    security_groups = [aws_security_group.sg_ecs_proxy_service.id]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  lifecycle {
    create_before_destroy = true
  }
  tags = {
    "Name" : "${local.environment}-${local.workload_name}-ecs-${each.value.service_name}-service-sg"
    "environment" : local.environment
  }
}

And I need to create another one like this:

resource "aws_security_group" "rds_sg" {
  name        = "${local.environment}-${local.workload_name}-rds-sg"
  description = "Security group for ${local.workload_name} workload RDS database"
  vpc_id = local.vpc_id

  ingress {
    from_port = 1521
    to_port   = 1521
    protocol  = "tcp"
    security_groups = each.value.id
     [
           aws_security_group.sg_ecs_app_service[*].id
     ]
    
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  lifecycle {
    create_before_destroy = true
  }
  tags = {
    "Name" : "${local.environment}-${local.workload_name}-rds-sg"
    "environment" : local.environment
  }
}

My issue is, in this last one SG, I don't know how to add all the security groups created in the first code. With this example, I got an error.

How can I solve it?

答案1

得分: 2

如果您想在RDS安全组的security_groups参数中引用使用for_each创建的所有安全组,可以按照以下方式操作:

resource "aws_security_group" "rds_sg" {
  name        = "${local.environment}-${local.workload_name}-rds-sg"
  description = "Security group for ${local.workload_name} workload RDS database"
  vpc_id = local.vpc_id

  ingress {
    from_port = 1521
    to_port   = 1521
    protocol  = "tcp"
    security_groups = values(aws_security_group.sg_ecs_app_service)[*].id
    
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  lifecycle {
    create_before_destroy = true
  }
  tags = {
    "Name" : "${local.environment}-${local.workload_name}-rds-sg"
    "environment" : local.environment
  }
}

通过使用values内置函数,您将获得要引用的所有安全组ID。

英文:

If you want to reference all the security groups created with for_each in the security_groups argument of the RDS security group, you can do the following:

resource "aws_security_group" "rds_sg" {
  name        = "${local.environment}-${local.workload_name}-rds-sg"
  description = "Security group for ${local.workload_name} workload RDS database"
  vpc_id = local.vpc_id

  ingress {
    from_port = 1521
    to_port   = 1521
    protocol  = "tcp"
    security_groups = values(aws_security_group.sg_ecs_app_service)[*].id
    
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  lifecycle {
    create_before_destroy = true
  }
  tags = {
    "Name" : "${local.environment}-${local.workload_name}-rds-sg"
    "environment" : local.environment
  }
}

By using the values built-in function, you will get all the security group IDs that you want to reference.

答案2

得分: 1

你需要在第二个安全组中使用 values,因为你使用了 for_each,所以应该这样写:

security_groups = values(aws_security_group.sg_ecs_app_service)[*].id
英文:

Since you used for_each, you have to use values in the second SG: So it should be:

security_groups = values(aws_security_group.sg_ecs_app_service)[*].id

huangapple
  • 本文由 发表于 2023年7月18日 14:31:29
  • 转载请务必保留本文链接:https://go.coder-hub.com/76710049.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定