Terraform - 自动为 CloudFront IP 创建 SG
Terraform - Automatically create SGs for CloudFront IPs
我正在尝试为 CloudFront IP 自动创建 SG,以便我可以将它们关联到我的 ALB。
This article 对如何实现它有很好的见解,但不幸的是它在我的环境中不起作用。
这是代码:
data "aws_ip_ranges" "cloudfront" {
regions = ["global"]
services = ["cloudfront"]
}
locals {
chunks_v4 = chunklist(data.aws_ip_ranges.cloudfront.cidr_blocks, 60)
}
resource "aws_security_group" "cloudfront" {
count = length(local.chunks_v4)
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = [local.chunks_v4[count.index]]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
lifecycle {
create_before_destroy = true
}
}
这是错误信息:
╷
│ Error: Incorrect attribute value type
│
│ on main.tf line 34, in resource "aws_security_group" "cloudfront":
│ 34: cidr_blocks = [local.chunks_v4[count.index]]
│ ├────────────────
│ │ count.index is a number, known only after apply
│ │ local.chunks_v4 is a list of list of dynamic, known only after apply
│
│ Inappropriate value for attribute "cidr_blocks": element 0: string required.
╵
不应该是这样的吗:
local.chunks_v4[count.index][0 to 59???]
如何使用 Terraform 实现它?
编辑:由于有 60 个 CIDR 块的硬性限制,我们需要将其分成块,感谢@Marcin 的提醒!
locals {
chunks_v4 = chunklist(data.aws_ip_ranges.cloudfront.cidr_blocks, 60)
}
data "aws_ip_ranges" "cloudfront" {
regions = ["global"]
services = ["cloudfront"]
}
resource "aws_security_group" "cloudfront" {
count = length(local.chunks_v4)
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = local.chunks_v4[count.index]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
lifecycle {
create_before_destroy = true
}
}
我正在尝试为 CloudFront IP 自动创建 SG,以便我可以将它们关联到我的 ALB。
This article 对如何实现它有很好的见解,但不幸的是它在我的环境中不起作用。
这是代码:
data "aws_ip_ranges" "cloudfront" {
regions = ["global"]
services = ["cloudfront"]
}
locals {
chunks_v4 = chunklist(data.aws_ip_ranges.cloudfront.cidr_blocks, 60)
}
resource "aws_security_group" "cloudfront" {
count = length(local.chunks_v4)
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = [local.chunks_v4[count.index]]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
lifecycle {
create_before_destroy = true
}
}
这是错误信息:
╷
│ Error: Incorrect attribute value type
│
│ on main.tf line 34, in resource "aws_security_group" "cloudfront":
│ 34: cidr_blocks = [local.chunks_v4[count.index]]
│ ├────────────────
│ │ count.index is a number, known only after apply
│ │ local.chunks_v4 is a list of list of dynamic, known only after apply
│
│ Inappropriate value for attribute "cidr_blocks": element 0: string required.
╵
不应该是这样的吗:
local.chunks_v4[count.index][0 to 59???]
如何使用 Terraform 实现它?
编辑:由于有 60 个 CIDR 块的硬性限制,我们需要将其分成块,感谢@Marcin 的提醒!
locals {
chunks_v4 = chunklist(data.aws_ip_ranges.cloudfront.cidr_blocks, 60)
}
data "aws_ip_ranges" "cloudfront" {
regions = ["global"]
services = ["cloudfront"]
}
resource "aws_security_group" "cloudfront" {
count = length(local.chunks_v4)
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = local.chunks_v4[count.index]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
lifecycle {
create_before_destroy = true
}
}