我想使用 terraform 在 AWS 中创建 VPN 客户端端点。
我当前的代码块是:
resource "aws_ec2_client_vpn_route" "vpn_route" {
depends_on = [
aws_ec2_client_vpn_network_association.vpn_subnets
]
count = length(var.rule)
client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.vpn.id
destination_cidr_block = element(var.rule, count.index)
target_vpc_subnet_id = element(var.subnets_id, count.index)
}
这里的规则和子网ID变量如下:
rule = ["172.16.0.0/16", "172.18.0.0/16", "172.19.0.0/16"]
subnets_id = ["subnet-123", "subnet-456"]
我想将每个规则 CIDR 与两个子网相关联。但我当前的代码仅将 1 个子网与 1 个 CIDR 相关联。我无法弄清楚如何解决它。
更新:
我根据@Ervin 的回答修改了代码,但出现了以下错误。
Error: error creating client VPN route "cvpn-endpoint-0e72bbde5,subnet-0fefd,172.19.0.0/16": ConcurrentMutationLimitExceeded: Cannot initiate another change for this endpoint at this time. Please try again later.
│ status code: 400, request id: 2663f630-54a1-4a22-a093-d04425204cf5
│
│ with module.VPN-Endpoint.aws_ec2_client_vpn_route.vpn_route["5"],
│ on modules\VPN-Endpoint\rule_route.tf line 14, in resource "aws_ec2_client_vpn_route" "vpn_route":
│ 14: resource "aws_ec2_client_vpn_route" "vpn_route" {
我想这是因为每条路线都应该一个一个地创建。所以我通过添加时间睡眠修改了我的代码如下:
resource "time_sleep" "wait_30_seconds" {
create_duration = "30s"
}
resource "aws_ec2_client_vpn_route" "vpn_route" {
depends_on = [
aws_ec2_client_vpn_network_association.vpn_subnets,
time_sleep.wait_30_seconds
]
for_each = { for index, pair in setproduct(var.rule, var.subnets_id) : index => pair }
client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.vpn.id
destination_cidr_block = each.value[0]
target_vpc_subnet_id = each.value[1]
}
但它仍然无法正常工作。有什么解决方法吗?