terraform/env/res/main.tf:
resource "aws_security_group" "allow_all" {
name = "allow_all"
description = "Allow all inbound traffic"
vpc_id = "${aws_vpc.main.id}"
ingress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
terraform/mod/sec/main.tf:
resource aws_elb " elb" {
name = "elb-example"
subnets = ["${data.aws_subnet_ids.all.ids}"]
security_groups = ["${aws_security_group.allow_all.id}"] // SG
internal = false
listener = [
{
instance_port = "80"
instance_protocol = "HTTP"
lb_port = "80"
lb_protocol = "HTTP"
},
{
instance_port = "8080"
instance_protocol = "HTTP"
lb_port = "8080"
lb_protocol = "HTTP"
},
]
health_check = [
{
target = "HTTP:80/"
interval = 30
healthy_threshold = 2
unhealthy_threshold = 2
timeout = 5
},
]
access_logs = [
{
bucket = "my-access-logs-bucket"
},
]
lifecycle {
prevent_destroy = true
}
}
遇到错误未定义变量aws_security_group.allow_all 在变量aws_security_group.allow_all_id中。此外,是否可以验证字符串并添加其他安全组。三元条件是我可以考虑的。您还能提出其他建议吗?
答案 0 :(得分:0)
您似乎有两个模块,一个是terraform/mod/sec,另一个是terraform/env/res/。第一个定义aws_security_group资源,另一个使用该安全组ID创建一个aws_elb资源。
我假设您正在从res目录运行terraform,这是不正确的。相反,应该做的是在res模块中输出安全组ID
output "sg_id" {
value = "${aws_security_group.allow_all.id}"
}
,然后引用res模块中的sec模块。
module "sec" {
source = "../../env/res"
}
resource "aws_elb" "elb" {
name = "elb-example"
subnets = ["${data.aws_subnet_ids.all.ids}"]
security_groups = ["${module.sec.sg_id}"] // SG
internal = false
listener = [
...
}
然后从该目录terraform/env/res/,可以运行
terraform init && terraform plan
,这应该可以正确输入安全组ID。