我正在使用 Terraform 对我的 AWS 环境运行一些检查。 我想检查是否存在任何 VCP(我不知道是否存在),如果它们存在,我需要设置标签并允许 vpc_flow_logs。
我正在尝试使用此代码,但我无法收到有关 vpc 的信息。
locals {
flow_logs_to_cw_logs = var.enable_flow_logs && var.flow_logs_destination_type == "cloud-watch-logs"
}
output "aws_vpc" {
description = "The VPC."
value = aws_vpc.my_vpc
}
data "aws_vpcs" "my_vpcs" {
tags = merge(
var.tags
)
}
data "aws_vpc" "my_vpc" {
count = length(data.aws_vpcs.my_vpcs.ids)
id = tolist(data.aws_vpcs.my_vpcs.ids)[count.index]
}
resource "aws_cloudwatch_log_group" "vpc_flow_logs" {
count = var.enable_flow_logs && local.flow_logs_to_cw_logs ? 1 : 0
name = var.flow_logs_log_group_name
retention_in_days = var.flow_logs_retention_in_days
tags = var.tags
}
resource "aws_flow_log" "vpc_flow_logs" {
count = var.enable_flow_logs ? 1 : 0
log_destination_type = var.flow_logs_destination_type
log_destination = local.flow_logs_to_cw_logs ? aws_cloudwatch_log_group.vpc_flow_logs[0].arn : "${var.flow_logs_s3_arn}/${var.flow_logs_s3_key_prefix}"
iam_role_arn = local.flow_logs_to_cw_logs ? var.flow_logs_iam_role_arn : null
count_vpc_id = length(data.aws_vpcs.my_vpcs.ids)
vpc_id = data.aws_vpc.my_vpc[count_vpc_id.index].id
traffic_type = "ALL"
tags = var.tags
}