【发布时间】:2021-09-22 12:01:57
【问题描述】:
我正在尝试从 Terraform 中的对象映射创建安全组规则,但有时 terraform 会删除这些角色,这是随机发生的。我们使用 s3 作为后端和 dynamodb 锁。
这是我的安全组资源
resource "aws_security_group" "ec2_jumper_sg" {
name = "${var.app_name}-private-sg"
description = "Security Group for Private EC2 instance"
vpc_id = var.vpc_id
egress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = [var.vpc_cidr]
}
}
这些是使用附加到上述安全组的for_each 创建的规则:
resource "aws_security_group_rule" "ec2_jumper_sg_databases_egress" {
for_each = var.databases
security_group_id = aws_security_group.ec2_jumper_sg.id
from_port = each.value.port
to_port = each.value.port
source_security_group_id = each.value.securityGroupId
protocol = "tcp"
type = "egress"
}
这是我的变量映射:
variable "databases" {
type = map(object({
id: string
securityGroupId: string
port: number
}))
default = {
"db-1": {
id : "db-1",
securityGroupId : "sg-000000000",
port : 5432
},
"db-2": {
id : "db2",
securityGroupId : "sg-000000000",
port : 3306
}
}
}
当规则不存在时,它会创建它们,但是当它们存在时,它将删除它们:
- {
- cidr_blocks = []
- description = ""
- from_port = 3306
- ipv6_cidr_blocks = []
- prefix_list_ids = []
- protocol = "tcp"
- security_groups = [
- "sg-0000000",
]
- self = false
- to_port = 3306
},
- {
- cidr_blocks = []
- description = ""
- from_port = 5432
- ipv6_cidr_blocks = []
- prefix_list_ids = []
- protocol = "tcp"
- security_groups = [
- "sg-00000000",
]
- self = false
- to_port = 5432
},
为什么会这样?
【问题讨论】:
标签: amazon-web-services terraform