如何在 terraform 中使用不同的子网和安全组创建 ec2 实例?

【问题标题】:how to create ec2 instances using different subnet and security groups in terraform?如何在 terraform 中使用不同的子网和安全组创建 ec2 实例?
【发布时间】:2021-07-28 11:53:27
【问题描述】:

我有 3 个不同的服务,例如 valid、jsc、test,并且我已经为它们创建了 3 个不同的子网和 3 个不同的安全组。现在我想为每个具有相应子网 ID 和安全组的服务创建 3 个实例。如何实现这个?

variable "region" {
  type = string
  default = "ap-south-1"
}



variable "subnet-string" {
  type = map
  default = {
    "valid" = "10.0.1.0/28",
    "jsc" = "10.0.2.0/28",
    "test" = "10.0.3.0/28"
}
}

variable "instance_count" {
  type = string
  default = 3
}

variable "vpc-cidr" {
  type = string
  default = "10.0.0.0/16"
}

variable "az" {
  type = string
  default = "ap-south-1c"
  
}

provider "aws" {
 region = var.region
}


resource "aws_vpc" "ecom-vpc" {
  cidr_block = "10.0.0.0/16"
}

 variable "service-names" {
   type = list
   default = ["valid","jsc","test"]
  
 }




 resource "aws_subnet" "ecom-subnet" {
     vpc_id = aws_vpc.ecom-vpc.id
     for_each = var.subnet-string
     cidr_block = each.value
     map_public_ip_on_launch = false
     availability_zone = var.az

     tags = {
         Name = "${each.key}-service"
     }
  
}



variable "sg_ingress_rules" {
    type = map
    default = {
    "valid" = {
      description = "sg rules for validation service"
      rules = [{
        description = "SSH",
        from_port = 22,
        to_port = 22,
        protocol = "tcp",
        cidr_blocks = ["10.0.0.0/16"],
      },{
        description = "withinvpc",
        from_port = 80,
        to_port = 80,
        protocol = "tcp",
        cidr_blocks = ["10.0.0.0/16"],
      },{
        description = "withinvpc",
        from_port = 27017,
        to_port = 27017,
        protocol = "tcp",
        cidr_blocks = ["10.0.0.0/16"],
      }]
    },
    "jsc" = {
      description = "sg rules for jsclient service"
      rules = [{
        description = "SSH",
        from_port = 22,
        to_port = 22,
        protocol = "tcp",
        cidr_blocks = ["10.0.0.0/16"],
      },{
        description = "withinvpc",
        from_port = 80,
        to_port = 80,
        protocol = "tcp",
        cidr_blocks = ["10.0.0.0/16"],
      },{
        description = "withinvpc",
        from_port = 27017,
        to_port = 27017,
        protocol = "tcp",
        cidr_blocks = ["10.0.0.0/16"],
      }]
     },
      "test" = {
      description = "sg rules for 3ds service"
      rules = [{
        description = "SSH",
        from_port = 22,
        to_port = 22,
        protocol = "tcp",
        cidr_blocks = ["10.0.0.0/16"],
      },{
        description = "withinvpc",
        from_port = 80,
        to_port = 80,
        protocol = "tcp",
        cidr_blocks = ["10.0.0.0/16"],
      },{
        description = "withinvpc",
        from_port = 27017,
        to_port = 27017,
        protocol = "tcp",
        cidr_blocks = ["10.0.0.0/16"],
      }]
    }
  }
}

resource "aws_security_group" "ecom-sg" {
  for_each    = var.sg_ingress_rules

  name        = each.key # top-level key is security group name
  description = each.value.description

  dynamic "ingress" {
    for_each = each.value.rules # List of Maps with rule attributes
    content {
      description = ingress.value.description
      from_port   = ingress.value.from_port
      to_port     = ingress.value.to_port
      protocol    = ingress.value.protocol
      cidr_blocks = ingress.value.cidr_blocks
    }
  }
  tags = {
    "Name" = "sg-${each.key}-service"
  }
}
output "security_groups" {
  value = aws_security_group.ecom-sg
}



data "aws_ami" "ecom" {
  most_recent = true


  owners = ["114712064551"] # Canonical
}

现在我必须为每个有效、jsc、测试服务创建 3 个 ec2 实例。

尝试类似下面的东西。但不知道如何实现这一点

 resource "aws_instance" "ecom-validation-service" {
  count = length(var.instance_count)
   ami           = data.aws_ami.ecom.id
   instance_type = "t3.micro"
   for_each = toset(var.service-names)

   tags = {
     Name = "${each.value}-service"
   }
   vpc_security_group_ids = [aws_security_group.ecom-sg.*.id,lookup(each.value)]
   subnet_id = ${element(aws_subnet.ecom-subnet.*.id,${lookup(each.value))}
 }

【问题讨论】:

  • 当前代码有什么问题?
  • 上面的代码没问题,但是不知道怎么用count和for each same time来创建ec2实例
  • 编辑了我的问题。需要有关如何创建 ec2 实例的帮助
  • 所以你想要 3 个实例 valid、3 个实例 test 和 3 个实例 jsc
  • 是的,完全正确

标签: amazon-web-services amazon-ec2 terraform


【解决方案1】:

您可以创建一个辅助变量并使用setproduct

locals {
  helper_map = {for idx, val in setproduct(var.service-names, range(var.instance_count)): 
                   idx => {service_name = val[0]}
               }
}

resource "aws_instance" "ecom-validation-service" {

   for_each      = local.helper_map 

   ami           = data.aws_ami.ecom.id
   instance_type = "t3.micro"

   tags = {
     Name = "${each.value.service_name}-service"
   }
   
   vpc_security_group_ids = [aws_security_group.ecom-sg.*.id, lookup(each.value.service_name)]
   subnet_id = element(aws_subnet.ecom-subnet.*.id, ${lookup(each.value.service_name))
}

【讨论】:

  • 在 main.tf 第 374 行,在资源“aws_instance”“ecom-validation-service”中:│ 374:subnet_id = ${element(aws_subnet.ecom-subnet.*.id, ${lookup (each.value.service_name))} │ │ 这个字符没有在语言中使用
  • 我认为我在语法上犯了一些错误
猜你喜欢
  • 2020-11-30
  • 2020-10-09
  • 1970-01-01
  • 1970-01-01
  • 1970-01-01
  • 2017-02-09
  • 2020-07-19
  • 2020-12-29
  • 2019-11-21
相关资源
最近更新 更多
热门标签
Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode