我有一个 AWS 规则组,它是 AWS 网络防火墙的一部分。
当每个规则都在单独的文件中时,我需要能够在 terraform 中编写规则,以及合并(连接)规则组下所有规则的方法:
这是一个包含 2
stateful_ruleresource "aws_networkfirewall_rule_group" "test" {
capacity = 10
description = test"
name = test"
rules = null
tags = {}
tags_all = {}
type = "STATEFUL"
rule_group {
rules_source {
rules_string = null
stateful_rule {
action = "PASS"
header {
destination = "1.1.1.2"
destination_port = "25"
direction = "FORWARD"
protocol = "TCP"
source = "1.1.1.1"
source_port = "ANY"
}
rule_option {
keyword = "sid"
settings = ["1"]
}
}
stateful_rule {
action = "PASS"
header {
destination = "2.2.2.2"
destination_port = "25"
direction = "FORWARD"
protocol = "TCP"
source = "2.2.2.3"
source_port = "ANY"
}
rule_option {
keyword = "sid"
settings = ["2"]
}
}
}
stateful_rule_options {
rule_order = "STRICT_ORDER"
}
}
}
我需要能够用这个块写入许多tf文件
stateful_rule {
action = "PASS"
header {
destination = "some dst ip"
destination_port = "some dst port"
direction = "FORWARD"
protocol = "TCP"
source = "some source ip"
source_port = "ANY"
}
rule_option {
keyword = "foo"
settings = ["bar"]
}
}
还有一种将所有
stateful_rule我尝试使用覆盖机制,但因为
stateful_rule您可以使用动态块来实现这一点
代码可能类似于:
locals {
stateful_rules = {
1 = { destination = "1.1.1.2", source = "1.1.1.1" },
2 = { destination = "2.2.2.2", source = "2.2.2.3" },
}
}
resource "aws_networkfirewall_rule_group" "test" {
capacity = 10
name = "test"
type = "STATEFUL"
rule_group {
rules_source {
rules_string = null
dynamic "stateful_rule" {
for_each = local.stateful_rules
content {
action = "PASS"
header {
destination = setting.value.destination
destination_port = "25"
direction = "FORWARD"
protocol = "TCP"
source = setting.value.source
source_port = "ANY"
}
rule_option {
keyword = "sid"
settings = ["1"]
}
}
}
}
}
}