2023年7月18日 14:31:29go评论62阅读模式

英文:

Terraform refer to for_each created resources

问题

In your second security group (rds_sg), you can reference the security groups created in the first code like this:

resource "aws_security_group" "rds_sg" {
  name        = "${local.environment}-${local.workload_name}-rds-sg"
  description = "Security group for ${local.workload_name} workload RDS database"
  vpc_id      = local.vpc_id

  ingress {
    from_port       = 1521
    to_port         = 1521
    protocol        = "tcp"
    security_groups = aws_security_group.sg_ecs_app_service[*].id
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  lifecycle {
    create_before_destroy = true
  }
  tags = {
    "Name"        = "${local.environment}-${local.workload_name}-rds-sg"
    "environment" = local.environment
  }
}

By using aws_security_group.sg_ecs_app_service[*].id, you are referencing all the security group IDs created in the first code, which should resolve the error you were encountering.

英文:

I'm creating my infra with terraform and I need to create a few security groups in AWS. I need to create multiple SG with this code:

resource &quot;aws_security_group&quot; &quot;sg_ecs_app_service&quot; {
  for_each = local.mesh_resources
  name        = &quot;${local.environment}-${local.workload_name}-ecs-${each.value.service_name}-service-sg&quot;
  description = &quot;Security group for ${local.workload_name} ECS ${each.value.service_name} service&quot;

  vpc_id = local.vpc_id

  ingress {
    from_port       = each.value.service_port
    to_port         = each.value.service_port
    protocol        = &quot;tcp&quot;
    security_groups = [aws_security_group.sg_ecs_proxy_service.id]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = &quot;-1&quot;
    cidr_blocks = [&quot;0.0.0.0/0&quot;]
  }

  lifecycle {
    create_before_destroy = true
  }
  tags = {
    &quot;Name&quot; : &quot;${local.environment}-${local.workload_name}-ecs-${each.value.service_name}-service-sg&quot;
    &quot;environment&quot; : local.environment
  }
}

And I need to create another one like this:

resource &quot;aws_security_group&quot; &quot;rds_sg&quot; {
  name        = &quot;${local.environment}-${local.workload_name}-rds-sg&quot;
  description = &quot;Security group for ${local.workload_name} workload RDS database&quot;
  vpc_id = local.vpc_id

  ingress {
    from_port = 1521
    to_port   = 1521
    protocol  = &quot;tcp&quot;
    security_groups = each.value.id
     [
           aws_security_group.sg_ecs_app_service[*].id
     ]
    
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = &quot;-1&quot;
    cidr_blocks = [&quot;0.0.0.0/0&quot;]
  }

  lifecycle {
    create_before_destroy = true
  }
  tags = {
    &quot;Name&quot; : &quot;${local.environment}-${local.workload_name}-rds-sg&quot;
    &quot;environment&quot; : local.environment
  }
}

My issue is, in this last one SG, I don't know how to add all the security groups created in the first code. With this example, I got an error.

How can I solve it?

答案1

得分: 2

如果您想在RDS安全组的security_groups参数中引用使用for_each创建的所有安全组，可以按照以下方式操作：

resource "aws_security_group" "rds_sg" {
  name        = "${local.environment}-${local.workload_name}-rds-sg"
  description = "Security group for ${local.workload_name} workload RDS database"
  vpc_id = local.vpc_id

  ingress {
    from_port = 1521
    to_port   = 1521
    protocol  = "tcp"
    security_groups = values(aws_security_group.sg_ecs_app_service)[*].id
    
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  lifecycle {
    create_before_destroy = true
  }
  tags = {
    "Name" : "${local.environment}-${local.workload_name}-rds-sg"
    "environment" : local.environment
  }
}

通过使用values内置函数，您将获得要引用的所有安全组ID。

英文:

If you want to reference all the security groups created with for_each in the security_groups argument of the RDS security group, you can do the following:

resource &quot;aws_security_group&quot; &quot;rds_sg&quot; {
  name        = &quot;${local.environment}-${local.workload_name}-rds-sg&quot;
  description = &quot;Security group for ${local.workload_name} workload RDS database&quot;
  vpc_id = local.vpc_id

  ingress {
    from_port = 1521
    to_port   = 1521
    protocol  = &quot;tcp&quot;
    security_groups = values(aws_security_group.sg_ecs_app_service)[*].id
    
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = &quot;-1&quot;
    cidr_blocks = [&quot;0.0.0.0/0&quot;]
  }

  lifecycle {
    create_before_destroy = true
  }
  tags = {
    &quot;Name&quot; : &quot;${local.environment}-${local.workload_name}-rds-sg&quot;
    &quot;environment&quot; : local.environment
  }
}

By using the values built-in function, you will get all the security group IDs that you want to reference.

答案2

得分: 1

你需要在第二个安全组中使用 values，因为你使用了 for_each，所以应该这样写：

security_groups = values(aws_security_group.sg_ecs_app_service)[*].id

英文:

Since you used for_each, you have to use values in the second SG: So it should be:

security_groups = values(aws_security_group.sg_ecs_app_service)[*].id

通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库，让每个人都能够通过互相帮助和分享经验来进步。

Terraform 参考 for_each 创建的资源

问题

答案1

答案2

AWS cdk stack hangs at last steps without error message, but works anyway. I don't know why

如何从以下结构中仅选择 Terraform 输出的子集

go install在作为cloudinit userdata脚本运行时，不会将二进制文件添加到GOBIN下。

AWS GoLang SDK 版本2和IoT Core Fleet Provisioning

What's the correct way to type hint an empty list as a literal in python?

如何在Highcharts Gantt中更改本地化的星期名称

如何在同一个流中使用多个过滤器和映射函数？

如何使用Map/Set来将代码优化到O(n)？

.NET MAUI Android在GitHub Actions上构建失败，错误代码为1。

如何在Playwright视觉比较中屏蔽多个定位器？

在C++中，可以使用可变模板参数来检索类型的内部类型。

selenium.common.exceptions.StaleElementReferenceException: Message: stale element reference: stale element not found

Creating and opening a URL to log in to Website via Basic Auth with Robot Framework/Selenium (Python)

AG Grid 在上下文菜单中以大文本形式打开

发表评论