0

我有 AWS clientVPN,它是从 AWS 控制台手动创建的,它有大约 20 多个路由表条目。现在,我想对其进行地形改造,以便我们可以使用 terraform 添加任何新路线。

我已经使用 terraform import 导入了 ClientVPN 信息。要导入所有现有路由,我可以一次导入一条路由,也可以为每条路由导入我需要在 main.tf 中添加资源条目,如下所示:

Command used to import the route table entry:
$ terraform import aws_ec2_client_vpn_route.example cvpn-endpoint-0e3e121d2,subnet-08acf2,<CIDR>
This command updates the .tfstate file and when I run terraform plan it gives me an error because I need to add resource section for this in main.tf file. 

resource "aws_ec2_client_vpn_route" "example" {
  client_vpn_endpoint_id = var.client_vpn_endpoint_id
  destination_cidr_block = "CIDR"
  target_vpc_subnet_id   = var.target_vpc_subnet_id
}

resource "aws_ec2_client_vpn_route" "example1" {
  client_vpn_endpoint_id = var.client_vpn_endpoint_id
  destination_cidr_block = "CIDR"
  target_vpc_subnet_id   = var.target_vpc_subnet_id
}

每次导入路由,都需要在 main.tf 中添加资源。如果我有 20 个路由表条目,那么我必须在 main.tf 文件中写入 20 个资源条目吗?

我只想在 main.tf 中使用一个资源条目,这怎么可能?

导入后,当我运行 terraform 计划时,检查输出:

% terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

aws_ec2_client_vpn_route.example: Refreshing state... [id=cvpn-endpoint,subnet-02231,0.0.0.0/16]
aws_ec2_client_vpn_endpoint.example: Refreshing state... [id=cvpn-endpoint]

------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  + create
  - destroy

Terraform will perform the following actions:

  # aws_ec2_client_vpn_route.example will be destroyed
  - resource "aws_ec2_client_vpn_route" "example" {
      - client_vpn_endpoint_id = "cvpn-endpoint" -> null
      - description            = "Default Route" -> null
      - destination_cidr_block = "0.0.0.0/16" -> null
      - id                     = "cvpn-endpoint,subnet-02231308,0.0.0.0/16" -> null
      - origin                 = "associate" -> null
      - target_vpc_subnet_id   = "subnet-022313" -> null
      - type                   = "Nat" -> null
    }

  # aws_ec2_client_vpn_route.example["Default Route"] will be created
  + resource "aws_ec2_client_vpn_route" "example" {
      + client_vpn_endpoint_id = "cvpn-endpoint"
      + description            = "Default Route"
      + destination_cidr_block = "0.0.0.0/16"
      + id                     = (known after apply)
      + origin                 = (known after apply)
      + target_vpc_subnet_id   = "subnet-022313"
      + type                   = (known after apply)
    }

Plan: 1 to add, 0 to change, 1 to destroy.

------------------------------------------------------------------------

Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.

资源名称不匹配,这就是它再次销毁和创建的原因。但是,当我应用 terraform 时,它会失败,因为它首先创建资源并且由于相同的 CIDR 而失败。

4

1 回答 1

2

您可以使用 Terraform 提供的for_each方法,该方法基本上循环并创建变量资源列表中的资源数量。

variable "cidr_blocks" {
  description = ""
  default     = {
    "10.0.0.1/16" = 1
    "10.0.0.2/16" = 2
    "10.0.0.3/16" = 3
  }
}

resource "aws_ec2_client_vpn_route" "example" {
  for_each = var.cidr_blocks

  client_vpn_endpoint_id = var.client_vpn_endpoint_id
  destination_cidr_block = each.key
  target_vpc_subnet_id   = var.target_vpc_subnet_id
}

在此示例中,您将创建 3 个 aws_ec2_client_vpn_route 资源。

于 2021-09-14T13:24:27.177 回答