独立参数的单个地形模块
single terraform module for dependant argumnets
在这里,我一直在为现有的 terraform 脚本实现 terraform 模块。我在与 security_group_rules.
的参数交互时遇到问题
问题是,在 aws_security_group_rule 中,我们有两个参数,即 source_security_group_id & cidr_block 彼此不兼容。我的意思是当我们使用其中一个时,我们不能使用另一个。
这是我的模块。
main.tf
resource "aws_security_group_rule" "arvn" {
count = length(var.security_group_rules)
type = var.security_group_rules[count.index].type
from_port = var.security_group_rules[count.index].from_port
to_port = var.security_group_rules[count.index].to_port
protocol = var.security_group_rules[count.index].protocol
cidr_blocks = var.security_group_rules[count.index].cidr_block
description = var.security_group_rules[count.index].description
security_group_id = var.security_group_id
}
variable.tf
variable "security_group_id" {
type = string
}
variable "security_group_rules" {
type = list(object({
type = string
from_port = number
to_port = number
protocol = string
cidr_block = list(string)
description = string
}))
}
用法
sg.tf
module "security_group_ecsInstance" {
source = "./modules/security_group"
vpc_id = aws_vpc.arvn.id
name = "${local.name}-ecsInstance"
}
module "sg_rules_instance" {
source = "./modules/security_group_rules"
security_group_id = module.security_group_instance.id
security_group_rules = [
{ type = "ingress", from_port = 22, to_port = 22, protocol = "tcp", cidr_block = [var.vpc_cidr], description = "ssh" },
{ type = "egress", from_port = 0, to_port = 65535, protocol = "-1", cidr_block = ["0.0.0.0/0"], description = "" },
{ type = "ingress", from_port = 0, to_port = 65535, protocol = "tcp", cidr_block = [module.security_group_alb.id], description = "alb" }
]
}
在此,正在创建前两个规则,最后一个规则因 cidr 块无效而失败。
不过我知道这里的问题,如果有人能帮助我创建更灵活的模块,可以在 source_security_group_id & cidr_block 这样,如果使用一个,另一个就会失明。
您可以通过将其设置为 null 来表示资源参数的动态缺失。这意味着您可以定义一个接受两个参数的变量,只要其中一个参数为空即可。例如:
variable "security_group_rules" {
type = list(object({
type = string
from_port = number
to_port = number
protocol = string
cidr_blocks = list(string)
source_security_group_id = string
description = string
}))
}
resource "aws_security_group_rule" "arvn" {
count = length(var.security_group_rules)
type = var.security_group_rules[count.index].type
from_port = var.security_group_rules[count.index].from_port
to_port = var.security_group_rules[count.index].to_port
protocol = var.security_group_rules[count.index].protocol
cidr_blocks = var.security_group_rules[count.index].cidr_blocks
description = var.security_group_rules[count.index].description
source_security_group_id = var.security_group_rules[count.index].source_security_group_id
security_group_id = var.security_group_id
}
调用模块时,调用者必须将cidr_block或source_security_group_id设置为null,以避免冲突错误:
module "sg_rules_instance" {
source = "./modules/security_group_rules"
security_group_id = module.security_group_instance.id
security_group_rules = [
{
type = "ingress"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = [var.vpc_cidr]
source_security_group_id = null
description = "ssh"
},
{
type = "egress"
from_port = 0
to_port = 65535
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
source_security_group_id = null
description = ""
},
{
type = "ingress"
from_port = 0
to_port = 65535
protocol = "tcp"
cidr_blocks = null
source_security_group_id = module.security_group_alb.id
description = "alb"
},
]
}
在这里,我一直在为现有的 terraform 脚本实现 terraform 模块。我在与 security_group_rules.
的参数交互时遇到问题问题是,在 aws_security_group_rule 中,我们有两个参数,即 source_security_group_id & cidr_block 彼此不兼容。我的意思是当我们使用其中一个时,我们不能使用另一个。
这是我的模块。
main.tf
resource "aws_security_group_rule" "arvn" {
count = length(var.security_group_rules)
type = var.security_group_rules[count.index].type
from_port = var.security_group_rules[count.index].from_port
to_port = var.security_group_rules[count.index].to_port
protocol = var.security_group_rules[count.index].protocol
cidr_blocks = var.security_group_rules[count.index].cidr_block
description = var.security_group_rules[count.index].description
security_group_id = var.security_group_id
}
variable.tf
variable "security_group_id" {
type = string
}
variable "security_group_rules" {
type = list(object({
type = string
from_port = number
to_port = number
protocol = string
cidr_block = list(string)
description = string
}))
}
用法
sg.tf
module "security_group_ecsInstance" {
source = "./modules/security_group"
vpc_id = aws_vpc.arvn.id
name = "${local.name}-ecsInstance"
}
module "sg_rules_instance" {
source = "./modules/security_group_rules"
security_group_id = module.security_group_instance.id
security_group_rules = [
{ type = "ingress", from_port = 22, to_port = 22, protocol = "tcp", cidr_block = [var.vpc_cidr], description = "ssh" },
{ type = "egress", from_port = 0, to_port = 65535, protocol = "-1", cidr_block = ["0.0.0.0/0"], description = "" },
{ type = "ingress", from_port = 0, to_port = 65535, protocol = "tcp", cidr_block = [module.security_group_alb.id], description = "alb" }
]
}
在此,正在创建前两个规则,最后一个规则因 cidr 块无效而失败。
不过我知道这里的问题,如果有人能帮助我创建更灵活的模块,可以在 source_security_group_id & cidr_block 这样,如果使用一个,另一个就会失明。
您可以通过将其设置为 null 来表示资源参数的动态缺失。这意味着您可以定义一个接受两个参数的变量,只要其中一个参数为空即可。例如:
variable "security_group_rules" {
type = list(object({
type = string
from_port = number
to_port = number
protocol = string
cidr_blocks = list(string)
source_security_group_id = string
description = string
}))
}
resource "aws_security_group_rule" "arvn" {
count = length(var.security_group_rules)
type = var.security_group_rules[count.index].type
from_port = var.security_group_rules[count.index].from_port
to_port = var.security_group_rules[count.index].to_port
protocol = var.security_group_rules[count.index].protocol
cidr_blocks = var.security_group_rules[count.index].cidr_blocks
description = var.security_group_rules[count.index].description
source_security_group_id = var.security_group_rules[count.index].source_security_group_id
security_group_id = var.security_group_id
}
调用模块时,调用者必须将cidr_block或source_security_group_id设置为null,以避免冲突错误:
module "sg_rules_instance" {
source = "./modules/security_group_rules"
security_group_id = module.security_group_instance.id
security_group_rules = [
{
type = "ingress"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = [var.vpc_cidr]
source_security_group_id = null
description = "ssh"
},
{
type = "egress"
from_port = 0
to_port = 65535
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
source_security_group_id = null
description = ""
},
{
type = "ingress"
from_port = 0
to_port = 65535
protocol = "tcp"
cidr_blocks = null
source_security_group_id = module.security_group_alb.id
description = "alb"
},
]
}