使用带有嵌套 for 循环的 terraform 的安全组

Question

我参考了以下链接并在输入 cidr 块中进行了一些修改

Nested For_each or count with dynamic for aws_security_group_rule in terraform

端口 22 的 CIDR 应为 ["10.0.0.1/24"] 端口 443 和 80 的 CIDR 应为 ["172.31.96.0/20","sg-09eadd831567d7dsb","172.31.160.0/20"]

ingress_ports_tcp = [[22], [443,80]]
ingress_cidr_tcp = [["172.31.32.0/20"],["172.31.96.0/20","sg-09eadd831567d7dsb","172.31.160.0/20"]]

所做的更改： 我也在 ingress_cidr_tcp 变量中添加了安全组 ID

 locals {
        my_rules = merge([
                for idx_port, ports in var.ingress_ports_tcp:
                       { for port in ports:
                            { for idx_cidr, cidrs in var.ingress_cidr_tcp[idx_port]:
                                    "${idx_port}-${port}-${idx_cidr}" => {
                                    "port" = port
                                    "cidrs" = length(regexall("[0-9].+\\..*",cidrs[idx_cidr])) > 0 ? cidrs[idx_cidr] : null
                                    "security_group_id" = length(regexall("sg-.*",cidrs[idx_cidr])) > 0 ? cidrs[idx_cidr] : null
                            }
                          }
                       }  
            ]...)
    }

我想要下面的输出

{
  "0-22-0" = {
    "cidrs" = [
      "172.31.32.0/20",
    ]
    "port" = 22
  }
  "1-443-0" = {
    "cidrs" = [
      "172.31.96.0/20",
    ]
    "port" = 443
  }
  "1-443-1" = {
    "security_group_id" = [
      "sg-09eadd831567d7dsb",
    ]
    "port" = 443
  }
  "1-443-2" = {
    "cidrs" = [
      "172.31.160.0/20",
    ]
    "port" = 443
  }
  "1-80-0" = {
    "cidrs" = [
      "172.31.96.0/20",
    ]
    "port" = 80
  }
  "1-80-1" = {
    "security_group_id" = [
      "sg-09eadd831567d7dsb",
    ]
    "port" = 80
  }
  "1-80-2" = {
    "cidrs" = [
      "172.31.160.0/20",
    ]
    "port" = 80
  }

错误：

Invalid 'for' expression\
Key expression is required when building an object.

Answer 1

这是相当复杂的输入数据，因此重新考虑简化它可能是个好主意。但无论如何，您可以按如下方式实现您的结果。我先拆分成my_rules_cidrs和my_rules_sgs，然后合并成最终的my_rules：

variable "ingress_ports_tcp" {
    default = [[22], [443,80]]
}    

variable "ingress_cidr_tcp" {
    default = [["172.31.32.0/20"], 
               ["172.31.128.0/20", "sg-09eadd831567d7dsb", "172.31.160.0/20"]]
}

locals {

    my_rules_cidrs = merge(flatten([
    for idx_port, ports in var.ingress_ports_tcp:
        [ for port in ports:
            { for idx_cidr, cidr in var.ingress_cidr_tcp[idx_port]:
              "${idx_port}-${port}-${idx_cidr}" => {
                  "port" = port
                  "cidrs" = [cidr]
             } if length(regexall("[0-9].+\\..*",cidr)) > 0
          }
       ]  
    ])...)
    
    my_rules_sgs = merge(flatten([
    for idx_port, ports in var.ingress_ports_tcp:
        [ for port in ports:
            { for idx_cidr, cidr in var.ingress_cidr_tcp[idx_port]:
              "${idx_port}-${port}-${idx_cidr}" => {
                  "port" = port
                  "security_group_id" = [cidr]
             } if length(regexall("sg-.*",cidr)) > 0
          }
       ]  
    ])...)    
    
    my_rules = merge(local.my_rules_cidrs, local.my_rules_sgs)
}

结果：

my_rules = {
  "0-22-0" = {
    "cidrs" = [
      "172.31.32.0/20",
    ]
    "port" = 22
  }
  "1-443-0" = {
    "cidrs" = [
      "172.31.128.0/20",
    ]
    "port" = 443
  }
  "1-443-1" = {
    "port" = 443
    "security_group_id" = [
      "sg-09eadd831567d7dsb",
    ]
  }
  "1-443-2" = {
    "cidrs" = [
      "172.31.160.0/20",
    ]
    "port" = 443
  }
  "1-80-0" = {
    "cidrs" = [
      "172.31.128.0/20",
    ]
    "port" = 80
  }
  "1-80-1" = {
    "port" = 80
    "security_group_id" = [
      "sg-09eadd831567d7dsb",
    ]
  }
  "1-80-2" = {
    "cidrs" = [
      "172.31.160.0/20",
    ]
    "port" = 80
  }
}