使用Terraform HCL创建Azure防火墙的问题

时间:2020-10-16 14:55:58

标签: azure terraform hcl

当我尝试使用Terraform HCL创建防火墙时,收到以下错误消息。只是有关#{variables}#的注释,我正在通过Azure DevOps传递令牌,并且该部分工作正常:

#Create public ip for load balancer
resource "azurerm_public_ip" "#{application}##{vertical}#PublicIPforLB" {
    name = "lbip#{application}##{vertical}#"
    location = azurerm_resource_group.#{application}##{vertical}#ResourceGroup.location
    resource_group_name = azurerm_resource_group.#{application}##{vertical}#ResourceGroup.name
    allocation_method = "Static"
    #sku = "Standard"
}

#Create firewall for public ip
resource "azurerm_firewall" "#{application}##{vertical}#Firewall" {
    name = "fw#{application}##{vertical}#"
    location = azurerm_resource_group.#{application}##{vertical}#ResourceGroup.location
    resource_group_name = azurerm_resource_group.#{application}##{vertical}#ResourceGroup.name
  
    ip_configuration {
        name = "ipconfFW"
        subnet_id = azurerm_subnet.AzureFirewallSubnet.id
        public_ip_address_id = azurerm_public_ip.#{application}##{vertical}#PublicIPforLB.id
    }
}

#Create security group and rule for accessing web application
resource "azurerm_network_security_group" "#{application}##{vertical}#SecurityGroup" {
    name = "sg#{application}##{vertical}#"
    location = "canadaeast"
    resource_group_name = azurerm_resource_group.#{application}##{vertical}#ResourceGroup.name
    
    security_rule {
        name = "SSH"
        priority = 1001
        direction = "Inbound"
        access = "Allow"
        protocol = "Tcp"
        source_port_range = "*"
        destination_port_range = "443"
        source_address_prefix = "*"
        destination_address_prefix = "*"
    }
}

#Create load balancer for 2 front-end web server VMs
resource "azurerm_lb" "#{application}##{vertical}#LoadBalancer" {
    name = "lb#{application}##{vertical}#"
    location = azurerm_resource_group.#{application}##{vertical}#ResourceGroup.location
    resource_group_name = azurerm_resource_group.#{application}##{vertical}#ResourceGroup.name

    frontend_ip_configuration {
        name = "ipconfLB"
        public_ip_address_id = azurerm_public_ip.#{application}##{vertical}#PublicIPforLB.id
    }
}

错误:Code =“ AzureFirewallPublicIPNotStandard” Message =“ AzureFirewall fwMyTest引用了一个非标准的公共IP地址

我尝试将sku指定为Standard;但是我收到以下错误:

错误:Code =“ PublicIPAndLBSkuDoNotMatch” Message =“基本sku负载均衡器无法引用标准sku publicIP

任何帮助将不胜感激!

谢谢! :)

1 个答案:

答案 0 :(得分:0)

我建议查看一下PublicIp上当前设置的SKU。 Azure希望LB中的SKU与您要使用的PublicIP资源的SKU相匹配(在本例中为“标准”)。目前已为PublicIp注释掉。 PublicIp和LB都默认为“基本” sku。

#Create public ip for load balancer
resource "azurerm_public_ip" "#{application}##{vertical}#PublicIPforLB" {
    name = "lbip#{application}##{vertical}#"
    location = azurerm_resource_group.#{application}##{vertical}#ResourceGroup.location
    resource_group_name = azurerm_resource_group.#{application}##{vertical}#ResourceGroup.name
    allocation_method = "Static"
    sku = "Standard"
}


#Create load balancer for 2 front-end web server VMs
resource "azurerm_lb" "#{application}##{vertical}#LoadBalancer" {
    name = "lb#{application}##{vertical}#"
    location = azurerm_resource_group.#{application}##{vertical}#ResourceGroup.location
    resource_group_name = azurerm_resource_group.#{application}##{vertical}#ResourceGroup.name
    sku = "Standard"

    frontend_ip_configuration {
        name = "ipconfLB"
        public_ip_address_id = azurerm_public_ip.#{application}##{vertical}#PublicIPforLB.id
    }
}
相关问题
最新问题