尝试创建安全组时,我的 terraform 代码出现循环错误。最初,安全组相互引用,但出于调试目的,我删除了这些引用。但是,错误仍然存在。
这是错误:
Error: Cycle: aws_security_group.security_groups["SSH-Security-Group"], aws_security_group.security_groups["Backend-Security-Group"], aws_security_group.security_groups["Frontend-Security-Group"], aws_security_group.security_groups["Frontend-ALB-Security-Group"], aws_security_group.security_groups["Database-Security-Group"], aws_security_group.security_groups["Backend-NLB-Security-Group"]
资源定义:
variable "security_groups" {}
locals {
vpc_id = {
tersu = data.aws_vpc.tersu
}
}
resource "aws_security_group" "security_groups" {
for_each = var.security_groups
name = each.value.name
description = each.value.description
vpc_id = local.vpc_id[each.value.vpc].id
dynamic "ingress" {
for_each = each.value.ingress
content {
description = ingress.value.description
from_port = ingress.value.from_port
to_port = ingress.value.to_port
protocol = ingress.value.protocol
cidr_blocks = lookup(ingress.value, "cidr_blocks", null) != null ? ingress.value.cidr_blocks : null
security_groups = lookup(ingress.value, "security_groups", null) != null ? [for sg in ingress.value.security_groups : aws_security_group.security_groups[sg].id] : null
}
}
dynamic "egress" {
for_each = each.value.egress
content {
description = egress.value.description
from_port = egress.value.from_port
to_port = egress.value.to_port
protocol = egress.value.protocol
cidr_blocks = lookup(egress.value, "cidr_blocks", null) != null ? egress.value.cidr_blocks : null
security_groups = lookup(egress.value, "security_groups", null) != null ? [for sg in egress.value.security_groups : aws_security_group.security_groups[sg].id] : null
}
}
tags = merge(each.value.tags, local.tags)
}
值文件中的值:
security_groups = {
"Frontend-ALB-Security-Group" = {
name = "Frontend-ALB-Security-Group"
description = "Enable http/https access on port 80/443"
vpc = "tersu"
ingress = [
{
description = "http access"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
},
{
description = "https access"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
]
egress = [
{
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
]
tags = {
Name = "Frontend-ALB-Security-Group"
}
}
"Backend-NLB-Security-Group" = {
name = "Backend-NLB-Security-Group"
description = "Enable http/https access on port 5000"
vpc = "tersu"
ingress = [
{
description = "Backend access from frontend"
from_port = 5000
to_port = 5000
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
]
egress = [
{
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
]
tags = {
Name = "Backend-ALB-Security-Group"
}
},
"Frontend-Security-Group" = {
name = "Frontend-Security-Group"
description = "Enable http, https, and ssh access on ports 80, 443, and 22 respectively"
vpc = "tersu"
ingress = [
{
description = "HTTP access"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
},
{
description = "HTTPS access"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
},
{
description = "ssh access"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
]
egress = [
{
description = "Allow outbound traffic to backend"
from_port = 5000
to_port = 5000
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
]
tags = {
Name = "Frontend-Security-Group"
}
}
"Backend-Security-Group" = {
name = "Backend-Security-Group"
description = "Enable http, https, on port 5000 for ingress, and 5432 for egress respectively"
vpc = "tersu"
ingress = [
{
description = "Allow inbound traffic from frontend"
from_port = 5000
to_port = 5000
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
]
egress = [
{
description = "Allow outbound traffic to database"
from_port = 5432
to_port = 5432
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
]
tags = {
Name = "Backend-Security-Group"
}
}
"Database-Security-Group" = {
name = "Database-Security-Group"
description = "Enable Postgresql access on port 5432"
vpc = "tersu"
ingress = [
{
description = "https access"
from_port = 5432
to_port = 5432
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
]
egress = [
{
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
]
tags = {
Name = "Database-Security-Group"
}
}
"SSH-Security-Group" = {
name = "SSH-Security-Group"
description = "Enable SSH access on port 22"
vpc = "tersu"
ingress = [
{
description = "ssh access"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
]
egress = [
{
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
]
tags = {
Name = "SSH-Security-Group"
}
}
}
我不确定错误可能是什么,因为即使我只为安全组保留一个值,我也会收到自引用错误。
请问可能是什么问题?
根据文档:
security_groups -(可选)安全组列表。可以使用相对于默认 VPC 的组名称。否则,组 ID。
由于可以使用组名称,我会使用它,在您的值中,名称与键相同,因此我们可以快速检索那些
keys(var.security_groups)
,不再循环引用同一资源,这就是您的原因循环错误
您可以执行以下操作:
locals {
vpc_id = {
tersu = data.aws_vpc.v
}
security_groups = keys(var.security_groups)
}
resource "aws_security_group" "security_groups" {
for_each = var.security_groups
name = each.value.name
vpc_id = local.vpc_id[each.value.vpc].id
dynamic "ingress" {
for_each = each.value.ingress
content {
from_port = ingress.value.from_port
to_port = ingress.value.to_port
protocol = ingress.value.protocol
cidr_blocks = lookup(ingress.value, "cidr_blocks", null)
security_groups = lookup(ingress.value, "security_groups", null) != null ? local.security_groups : null
}
}
dynamic "egress" {
for_each = each.value.egress
content {
from_port = egress.value.from_port
to_port = egress.value.to_port
protocol = egress.value.protocol
cidr_blocks = lookup(egress.value, "cidr_blocks", null)
security_groups = lookup(egress.value, "security_groups", null) != null ? local.security_groups : null
}
}
}