Question

是否可以使用Terraform数据源获取VPC中NAT网关的公共IP列表？

here显示了获取子网ID列表的示例，但它基于aws_subnet_ids数据源，该数据源返回以列表开头的列表。

我们每个专用子网都有NAT网关。我没有找到一种方法来获取vpc中的NAT网关列表，然后从该列表中获取公共IP。

有人需要和/或解决此问题吗？

Answer 1

尝试一下：

data "aws_vpc" "selected" {
  cidr_block= "[your_cidr_block]"
}

data "aws_nat_gateway" "default" {
  vpc_id = "${aws_vpc.selected.id}"
}

output "nat_ip" {
  count = "{length(aws_nat_gateway.default.ids)}"
  value = "The NAT Gateway number ${count.index} have the Public IP: + ${aws_nat_gateway.default.*.public_ip}"
}

Answer 2

这个解决方法对我有用 https://github.com/hashicorp/terraform-provider-aws/issues/7575

我的代码示例

data "aws_nat_gateway" "nat_gw" {
 for_each = toset(module.vpc.public_subnets)
 subnet_id = each.value
}

获取 NAT 的公共 IP 以添加为安全组的源

resource "aws_security_group_rule" "allow_https"{
 type                     = "ingress"
 security_group_id        = module.sg.id
 from_port                = "443"
 to_port                  = "443"
 protocol                 = "tcp"
 cidr_blocks              = [ for v in data.aws_nat_gateway.nat_gw : format("${v.public_ip}%s", "/32") ]
}

VPC中的NAT网关的公用IP列表

2 个答案: