使用 Terraform HCL 创建 Azure 防火墙的问题

Question

当我尝试使用 Terraform HCL 创建防火墙时，我收到以下错误消息。只是关于 #{variables}# 的注释，我正在通过 Azure DevOps 传递令牌，这部分工作正常：

#Create public ip for load balancer
resource "azurerm_public_ip" "#{application}##{vertical}#PublicIPforLB" {
    name = "lbip#{application}##{vertical}#"
    location = azurerm_resource_group.#{application}##{vertical}#ResourceGroup.location
    resource_group_name = azurerm_resource_group.#{application}##{vertical}#ResourceGroup.name
    allocation_method = "Static"
    #sku = "Standard"
}

#Create firewall for public ip
resource "azurerm_firewall" "#{application}##{vertical}#Firewall" {
    name = "fw#{application}##{vertical}#"
    location = azurerm_resource_group.#{application}##{vertical}#ResourceGroup.location
    resource_group_name = azurerm_resource_group.#{application}##{vertical}#ResourceGroup.name
  
    ip_configuration {
        name = "ipconfFW"
        subnet_id = azurerm_subnet.AzureFirewallSubnet.id
        public_ip_address_id = azurerm_public_ip.#{application}##{vertical}#PublicIPforLB.id
    }
}

#Create security group and rule for accessing web application
resource "azurerm_network_security_group" "#{application}##{vertical}#SecurityGroup" {
    name = "sg#{application}##{vertical}#"
    location = "canadaeast"
    resource_group_name = azurerm_resource_group.#{application}##{vertical}#ResourceGroup.name
    
    security_rule {
        name = "SSH"
        priority = 1001
        direction = "Inbound"
        access = "Allow"
        protocol = "Tcp"
        source_port_range = "*"
        destination_port_range = "443"
        source_address_prefix = "*"
        destination_address_prefix = "*"
    }
}

#Create load balancer for 2 front-end web server VMs
resource "azurerm_lb" "#{application}##{vertical}#LoadBalancer" {
    name = "lb#{application}##{vertical}#"
    location = azurerm_resource_group.#{application}##{vertical}#ResourceGroup.location
    resource_group_name = azurerm_resource_group.#{application}##{vertical}#ResourceGroup.name

    frontend_ip_configuration {
        name = "ipconfLB"
        public_ip_address_id = azurerm_public_ip.#{application}##{vertical}#PublicIPforLB.id
    }
}

错误：Code="AzureFirewallPublicIPNotStandard" Message="AzureFirewall fwMyTest 引用非标准公共 IP 地址

我已尝试将 sku 指定为标准；但是我收到以下错误：

错误：Code="PublicIPAndLBSkuDoNotMatch" Message="Basic sku 负载均衡器无法引用标准 sku publicIP

任何帮助将不胜感激！

谢谢！！ :)

Answer 1

我建议查看当前在 PublicIp 上设置的 SKU。 Azure 希望 LB 中的 SKU 与您尝试使用的 PublicIP 资源的 SKU 相匹配（在本例中为“标准”）。它目前已为 PublicIp 注释掉。 PublicIp 和 LB 都默认为“基本”sku。

#Create public ip for load balancer
resource "azurerm_public_ip" "#{application}##{vertical}#PublicIPforLB" {
    name = "lbip#{application}##{vertical}#"
    location = azurerm_resource_group.#{application}##{vertical}#ResourceGroup.location
    resource_group_name = azurerm_resource_group.#{application}##{vertical}#ResourceGroup.name
    allocation_method = "Static"
    sku = "Standard"
}

和

#Create load balancer for 2 front-end web server VMs
resource "azurerm_lb" "#{application}##{vertical}#LoadBalancer" {
    name = "lb#{application}##{vertical}#"
    location = azurerm_resource_group.#{application}##{vertical}#ResourceGroup.location
    resource_group_name = azurerm_resource_group.#{application}##{vertical}#ResourceGroup.name
    sku = "Standard"

    frontend_ip_configuration {
        name = "ipconfLB"
        public_ip_address_id = azurerm_public_ip.#{application}##{vertical}#PublicIPforLB.id
    }
}