5

我正在尝试通过具有多个源地址的 Terraform 为 Azure 中的网络安全组配置网络安全规则。

基于文档 https://www.terraform.io/docs/providers/azurerm/r/network_security_rule.html

但是,我无法使其正常工作,也找不到任何示例:

https://www.terraform.io/docs/providers/azurerm/r/network_security_rule.html#source_address_prefixes

我得到错误:

错误:azurerm_network_security_rule.test0:“source_address_prefix”:未设置必填字段错误:azurerm_network_security_rule.test0::无效或未知密钥:source_address_prefixes

这是我的示例:

resource "azurerm_network_security_rule" "test0" {
name = "RDP"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
destination_port_range = "3389"
source_address_prefixes = "{200.160.200.30,200.160.200.60}"
destination_address_prefix = "VirtualNetwork"
network_security_group_name= "${azurerm_network_security_group.test.name}"
resource_group_name = "${azurerm_resource_group.test.name}"
}

请告诉我。

谢谢!

4

2 回答 2

7

source_address_prefixes需要源地址前缀列表。

修改如下:

source_address_prefixes = ["200.160.200.30","200.160.200.60"]

还有一个错误azurerm_network_security_group.test.name,正确的类型是azurerm_network_security_group.test0.name。以下 tf 文件对我有用。

resource "azurerm_resource_group" "test0" {
  name     = "shuinsg"
  location = "West US"
}

resource "azurerm_network_security_group" "test0" {
  name                = "shuinsgtest"
  location            = "${azurerm_resource_group.test0.location}"
  resource_group_name = "${azurerm_resource_group.test0.name}"
}


resource "azurerm_network_security_rule" "test0" {
name = "RDP"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "TCP"
source_port_range = "*"
destination_port_range = "3389"
source_address_prefixes = ["200.160.200.30","200.160.200.60"]
destination_address_prefix = "VirtualNetwork"
network_security_group_name= "${azurerm_network_security_group.test0.name}"
resource_group_name = "${azurerm_resource_group.test0.name}"
}

这是我的测试结果。

在此处输入图像描述

于 2018-02-02T01:54:40.727 回答
1

“address_prefix”是表示 CIDR 的字符串值,例如10.0.0.0/24。因此,在您的情况下source_address_prefix = "200.160.200.30/32"destination_address_prefix = "${azurerm_virtual_network.test.address_space.0}"取决于您要参考的内容。

于 2018-02-01T14:22:50.180 回答