我正在测试terraform / terragrunt以将RDS DB部署到AWS。
是否可以将条件入口添加到aws_security_group定义中?
Terraform v0.12.3 terragrunt版本v0.19.8
现在,我能做的最好的就是为每个条件添加一个安全组,每个条件都带有一个count语句,然后将所有单个安全组添加到数据库实例中,例如
resource "aws_security_group" "db_sg_office" {
...
count = var.publicly_accessible ? 1 : 0
ingress {
...
cidr_blocks = ["1.2.3.4/32"]
}
}
...
resource "aws_db_instance" "default" {
...
vpc_security_group_ids = [ ... , "${aws_security_group.db_sg_office.id}" , ...]
...
}
这实际上不起作用,并且在数据库资源中引用安全组时失败。
答案 0 :(得分:0)
尝试将aws_security_group_rule与count一起使用,
resource "aws_security_group" "db_sg_office" {
...
}
resource "aws_security_group_rule" "open_public" {
security_group_id = aws_security_group.db_sg_office.id
count = var.publicly_accessible ? 1 : 0
type = "ingress"
from_port = 0
to_port = 65535
cidr_blocks = ["1.2.3.4/32"]
protocol = "tcp"
}