【发布时间】:2021-12-02 12:24:42
【问题描述】:
我正在尝试为 CloudFront IP 自动创建 SG,以便将它们关联到我的 ALB。
This article 非常了解如何实现它,但不幸的是它不适用于我的环境。
这是代码:
data "aws_ip_ranges" "cloudfront" {
regions = ["global"]
services = ["cloudfront"]
}
locals {
chunks_v4 = chunklist(data.aws_ip_ranges.cloudfront.cidr_blocks, 60)
}
resource "aws_security_group" "cloudfront" {
count = length(local.chunks_v4)
ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = [local.chunks_v4[count.index]]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
lifecycle {
create_before_destroy = true
}
}
这就是错误信息:
╷
│ Error: Incorrect attribute value type
│
│ on main.tf line 34, in resource "aws_security_group" "cloudfront":
│ 34: cidr_blocks = [local.chunks_v4[count.index]]
│ ├────────────────
│ │ count.index is a number, known only after apply
│ │ local.chunks_v4 is a list of list of dynamic, known only after apply
│
│ Inappropriate value for attribute "cidr_blocks": element 0: string required.
╵
不应该是这样的:
local.chunks_v4[count.index][0 to 59???]
如何使用 Terraform 实现它?
【问题讨论】:
-
好吧,我的错!我让 PyCharm 转换了旧语法,并在此处保留了括号: ["${local.chunks_v4[count.index]}"]
标签: terraform terraform-provider-aws aws-security-group