在 terraform.tfvars 中,我声明了如下变量
sg_rules = {
nlb_rules = {
"ir_web_subnet" = { "cidr_ipv4" :"170.20.5.0/24", "from_port" = "9003", "ip_protocol" = "tcp", "to_port" = "9003", "description" = "Web Subnet AU-SY" }
"ir_app_subnet" = { "cidr_ipv4" :"170.20.10.0/24", "from_port" = "9004", "ip_protocol" = "tcp", "to_port" = "9003", "description" = "App Subnet AU-SY" }
}
alb_rules = {
"ir_http" = { "cidr_ipv4" :"0.0.0.0/0", "from_port" = "80", "ip_protocol" = "tcp", "to_port" = "80", "description" = "HTTP Traffic" }
"ir_https" = { "cidr_ipv4" :"0.0.0.0/0", "from_port" = "443", "ip_protocol" = "tcp", "to_port" = "443", "description" = "HTTPS Traffic" }
}
}
当我尝试访问它来为安全组创建入口规则时
resource "aws_security_group" "nlb" {
name = "allow-access-to-nlb"
description = "Security group for network load balancer"
vpc_id = var.vpc_id
tags = {
Name = "allow-access-to-nlb"
}
}
resource "aws_security_group" "alb" {
name = "allow-access-to-nlb"
description = "Security group for application load balancer"
vpc_id = var.vpc_id
tags = {
Name = "allow-access-to-alb"
}
}
resource "aws_vpc_security_group_ingress_rule" "nlb-rules" {
for_each = var.sg_rules
security_group_id = aws_security_group.nlb.id
cidr_ipv4 = each.value.nlb_rules["cidr_ipv4"]
from_port = each.value.nlb_rules["from_port"]
ip_protocol = each.value.nlb_rules["ip_protocol"]
to_port = each.value.nlb_rules["to_port"]
description = each.value.nlb_rules["description"]
}
resource "aws_vpc_security_group_ingress_rule" "alb-rules" {
for_each = var.sg_rules
security_group_id = aws_security_group.alb.id
cidr_ipv4 = each.value.alb_rules["cidr_ipv4"]
from_port = each.value.alb_rules["from_port"]
ip_protocol = each.value.alb_rules["ip_protocol"]
to_port = each.value.alb_rules["to_port"]
description = each.value.alb_rules["description"]
}
我收到错误:
each.value 是具有 28 个属性的对象。该对象没有名为“alb_rules”的属性。
你的变量实际上是
map(map(map(string)))
类型。为了使您的代码正常工作,您需要引用正确的密钥。它需要一个小的调整:
resource "aws_security_group" "nlb" {
name = "allow-access-to-nlb"
description = "Security group for network load balancer"
vpc_id = var.vpc_id
tags = {
Name = "allow-access-to-nlb"
}
}
resource "aws_security_group" "alb" {
name = "allow-access-to-nlb"
description = "Security group for application load balancer"
vpc_id = var.vpc_id
tags = {
Name = "allow-access-to-alb"
}
}
resource "aws_vpc_security_group_ingress_rule" "nlb-rules" {
for_each = var.sg_rules.nlb_rules
security_group_id = aws_security_group.nlb.id
cidr_ipv4 = each.value.cidr_ipv4
from_port = each.value.from_port
ip_protocol = each.value.ip_protocol
to_port = each.value.to_port
description = each.value.description
}
resource "aws_vpc_security_group_ingress_rule" "alb-rules" {
for_each = var.sg_rules.alb_rules
security_group_id = aws_security_group.alb.id
cidr_ipv4 = each.value.cidr_ipv4
from_port = each.value.from_port
ip_protocol = each.value.ip_protocol
to_port = each.value.to_port
description = each.value.description
}