Terraform創建的安全組沒有規則-有解無憂

我現在正在研究 Terraform，并撰寫了一個簡單的腳本來創建一些 AWS 資源。

從我的腳本中，它可以創建一個帶有子網的 VPC，以及一個附加安全組的實體。它們都是由 terraform 腳本新創建的。當我運行 terraform plan 或 terraform apply 時，沒有顯示并成功創建錯誤或警告。但是，當我在 AWS 控制臺上檢查那些新創建的資源時，我發現安全組已經創建但沒有附加規則。

任何人都可以幫忙嗎？非常感謝。

以下是我的地形腳本。

provider "aws" {
  region = var.AWS_REGION
  access_key = var.AWS_ACCESS_KEY
  secret_key = var.AWS_SECRET_KEY
}

data "aws_ami" "amazon-2" {
  most_recent = true
  owners = [ "amazon" ]

  filter {
    name = "name"
    values = [ "amzn2-ami-hvm-*-x86_64-ebs" ]
  }
}

resource "aws_key_pair" "generate_keypair" {
  key_name = var.key_name
  public_key = var.public_key
  tags = var.default_tags
}

resource "aws_vpc" "study" {
  cidr_block = "10.0.0.0/20"
  tags = var.default_tags
}

resource "aws_subnet" "study-public" {
  vpc_id = aws_vpc.study.id
  cidr_block = "10.0.0.0/26"
  tags = var.default_tags
}

resource "aws_security_group" "public-instance" {
  vpc_id = aws_vpc.study.id
  name = "public-instance"
  description = "Group for public instance"
  tags = var.default_tags

  ingress {
    description = "Port 80 ingress"
    from_port = 80
    to_port = 80
    protocol = "tcp"
  }

  ingress {
    description = "Port 22 ingress"
    from_port = 22
    to_port = 22
    protocol = "ssh"
  }

  egress {
    from_port = 0
    to_port = 0
    protocol = "all"
  }
}

resource "aws_instance" "linux" {
  ami = data.aws_ami.amazon-2.id
  instance_type = "t3.micro"
  key_name = aws_key_pair.generate_keypair.key_name
  vpc_security_group_ids = [ aws_security_group.public-instance.id ]
  subnet_id = aws_subnet.study-public.id
  tags = var.default_tags
}

Terraform 創建的安全組沒有規則

uj5u.com熱心網友回復：

您需要至少指定任何一個規則目標，例如 CIDR 塊、安全組 ID 或前綴串列。

下面的代碼片段適合您。我cidr_blocks在這種情況下使用過。

resource "aws_security_group" "public-instance" {
  vpc_id      = aws_vpc.study.id
  name        = "public-instance"
  description = "Group for public instance"

  ingress {
    description = "Port 80 ingress"
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    description = "Port 22 ingress"
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "all"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

uj5u.com熱心網友回復：

添加cidr_blocks = ["<your ip cidr>"]和更改protocol = "tcp"

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]

  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "all"
    cidr_blocks = ["0.0.0.0/0"]
  }

轉載請註明出處，本文鏈接：https://www.uj5u.com/ruanti/415860.html

標籤：

上一篇：將AMI從AWS提取到本地

下一篇：來自onSnapshot的Firebase9陣列