我正在尝试探索Terraform在AWS中创建自动化基础设施。我不清楚如何在terraform中将安全组附加到AWS实例。
例如,是否有任何属性可以指定安全组,如下所示?
resource "aws_instance" "web" {
ami = "ami-a1b2c3d4"
instance_type = "t2.micro"
}
答案 0 :(得分:1)
使用参数vpc_security_group_ids。此参数接受N个安全组ID的列表
答案 1 :(得分:0)
resource "aws_instance" "web" {
ami = "ami-a1b2c3d4"
instance_type = "t2.micro"
}
resource "aws_security_group" "sec_group" {
name = "sec_group"
vpc_id = "vpc-3324nnrvdl"
}
resource "aws_network_interface_sg_attachment" "sg_attachment" {
security_group_id = "${data.aws_security_group.sec_group.id}"
network_interface_id = "${aws_instance.web.primary_network_interface_id}"
}
这样,您将能够将SG附加到EC2实例,并且两者都将处于解耦状态。
答案 2 :(得分:0)
利用Ay0的答案:您可以加入vpc_security_group_ids这样的规则:
resource "aws_security_group" "basic_security" {
ingress {...}
egress {...}
}
resource "aws_instance" "web" {
ami = "ami-a1b2c3d4"
instance_type = "t2.nano"
vpc_security_group_ids = [aws_security_group.basic_security.id]
}
答案 3 :(得分:0)
您可以包括aws_security_group,例如:
resource "aws_security_group" "sg" {
name = "sg"
description = "Web Security Group for HTTP"
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}