0

我一直在试图弄清楚关于 terraform 模块的这一点。我在代码中添加了一个安全组模块并进行了部署。部署后,除非我污染整个模块并重新部署它,否则我无法向组添加新规则。我试过在谷歌上寻找并不能真正找到答案。

我唯一能想到的是在添加新规则之后添加一个资源块......但这不会破坏模块的目的吗?

任何帮助将不胜感激。

这是我使用的代码示例。如果我成功部署它,然后返回并进行更改,则永远不会读取更改。

module "main_sg_web" {
  source = "terraform-aws-modules/security-group/aws"

  name        = "Web SG"
  description = "Security group for Web Services with port 443 open within VPC"
  vpc_id      = module.vpc.vpc_id

  ingress_cidr_blocks = ["10.10.0.0/16"]
  egress_cidr_blocks  = ["0.0.0.0/0"]
  ingress_rules       = ["https-443-tcp"]
  egress_with_cidr_blocks = [
    {
      from_port   = 0
      to_port     = 0
      protocol    = "-1"
      description = "outbound traffic"
      cidr_blocks = "0.0.0.0/0"
    }
  ]
  tags = var.vpc_tags
}
4

1 回答 1

0

根据文档https://registry.terraform.io/modules/terraform-aws-modules/security-group/aws/2.10.0/submodules/ssh?tab=outputs,模块输出安全组ID

您可以使用https://www.terraform.io/docs/providers/aws/r/security_group_rule.html为其添加规则:

resource "aws_security_group_rule" "allow_all" {
  type            = "ingress"
  from_port       = 0
  to_port         = 65535
  protocol        = "tcp"
  cidr_blocks     = "10.0.0.0/8"
  security_group_id = ${module.main_sg_web.this_security_group_id}
}
于 2020-03-02T18:14:32.570 回答