Terraform 多个 for_each 资源

Question

我使用 for_each 循环创建了多个子网和多个 VPC 端点，如下所示：

### VARIABLES ###

variable "private_cidr_mask" {
  default = {
    "us-west-1a" = "10.0.1.0/24"
    "us-west-1b" = "10.0.2.0/24"
  }
}

variable "vpc_endpoints" {
  default = [
    "com.amazonaws.us-west-1.ecs-agent",
    "com.amazonaws.us-west-1.ecs-telemetry",
    "com.amazonaws.us-west-1.ecs"
  ]
}

### RESOURCES ###

resource "aws_subnet" "private_subnet" {

  for_each = var.private_cidr_mask

  vpc_id = aws_vpc.vpc.id
  availability_zone = each.key
  cidr_block = each.value
}

resource "aws_vpc_endpoint" "vpc_endpoint" {

  for_each = toset(var.vpc_endpoints)

  vpc_id = aws_vpc.vpc.id
  vpc_endpoint_type = "Interface"
  service_name = each.value

  security_group_ids = [ aws_security_group.security_group.id ]

  private_dns_enabled = true
}

现在我必须使用 aws_vpc_endpoint_subnet_association 将每个 VPC 端点分配给每个私有子网：

resource "aws_vpc_endpoint_subnet_association" "vpc_endpoint_subnet_association" {
  vpc_endpoint_id = <every endpoint>
  subnet_id = <every subnet>
}

如何在 Terraform 中实现这一点？我尝试了嵌套的 for_each 循环但没有成功。

Answer 1

在 aws_vpc_endpoint_subnet_association 资源创建中

您是否考虑过基于 Lookup the number of vpc_endpoints 使用 count 命令？

然后，您可以为其中的每个子网 id 设置一个。

Answer 2

原来aws_vpc_endpoint 接受subnet_ids 的列表，而我只是在文档中错过了它，所以我所要做的就是：

resource "aws_vpc_endpoint" "vpc_endpoint" {

  for_each = toset(var.vpc_endpoints)

  vpc_id = aws_vpc.vpc.id
  vpc_endpoint_type = "Interface"
  service_name = each.value

  security_group_ids = [ aws_security_group.security_group.id ]
  subnet_ids = [ for subnet in aws_subnet.private_subnet: subnet.id ]

  private_dns_enabled = true
}