我正在尝试使用aws_network_interface创建一个AWS实例,如下所示:
resource "aws_network_interface" "lustre-mds01" {
subnet_id = "${var.subnet_id}"
private_ips = ["10.1.0.10"]
}
resource "aws_instance" "lustre-mds01" {
ami = "${var.ec2_ami}"
instance_type = "t2.nano"
key_name = "${var.key_name}"
vpc_security_group_ids = [ "${var.vpc_security_group_id}" ]
root_block_device {
volume_type = "gp2"
volume_size = 128
}
network_interface {
network_interface_id = "${aws_network_interface.lustre-mds01.id}"
device_index = 0
}
}
但是,结果是:
错误:“ network_interface”:与vpc_security_group_ids冲突
看来这是有问题的,但是票证由于不活动而被关闭。我是terraform菜鸟,所以不知道这是bug还是用户错误。
我的环境:
$ terraform -v
Terraform v0.12.2
+ provider.aws v2.15.0
+ provider.external v1.1.2
+ provider.local v1.2.2
+ provider.null v2.1.2
答案 0 :(得分:3)
aws_network_interface resource允许您为接口设置安全组(安全组受ENI限制,因此这很有意义),因此,如果定义network_interface块,则将覆盖默认值ENI因此无法在实例级别指定安全组。
因此,在您的情况下,您可能想要以下内容:
resource "aws_network_interface" "lustre-mds01" {
subnet_id = "${var.subnet_id}"
private_ips = ["10.1.0.10"]
security_groups = ["${var.vpc_security_group_id}"]
}
resource "aws_instance" "lustre-mds01" {
ami = "${var.ec2_ami}"
instance_type = "t2.nano"
key_name = "${var.key_name}"
root_block_device {
volume_type = "gp2"
volume_size = 128
}
network_interface {
network_interface_id = "${aws_network_interface.lustre-mds01.id}"
device_index = 0
}
}
但是,我会问为什么,因为要在aws_instance resource中直接设置实例的私有IP地址要简单得多,所以这里要替换默认的ENI:
resource "aws_instance" "lustre-mds01" {
ami = "${var.ec2_ami}"
instance_type = "t2.nano"
key_name = "${var.key_name}"
subnet_id = "${var.subnet_id}"
private_ip = "10.1.0.10"
vpc_security_group_ids = ["${var.vpc_security_group_id}"]
root_block_device {
volume_type = "gp2"
volume_size = 128
}
}
使用数据源来选择security group和AMI而不是传递不透明的ID可能也会使您受益。这使他们可以进行更多自我记录。