Terraform-使用在单独的文件中创建的安全组ID来创建EC2实例 [英] Terraform - Use security group ID created in separate file for EC2 instance creation

问题描述

我使用了此模块，以在AWS VPC中创建安全组.如何在单独的文件中引用由此创建的资源?我正在同一仓库中的单独目录中创建堡垒实例.

I have used this module to create a security group in AWS VPC. How do I reference the resource created from this in a separate file? I am creating our bastion instance in a separate directory in the same repo.

我的堡垒配置如下所示，使用Terraform EC2模块，并且在我对vpc安全组ID进行硬编码时可以使用，但是我希望它能够直接从创建安全组时获取，因为这可能会发生变化将来..

My bastion config looks like the following, uses the Terraform EC2 module and works if I hard code the vpc security group ID, but I want it to be able to take it directly from when the security group is created as this could change in the future..

地形/aws/layers/bastion/main.tf

    provider "aws" {
        region = var.region
    }

    module "ec2-instance" {
      source = "terraform-aws-modules/ec2-instance/aws"

      name                   = "bastion"
      instance_count.        = 1
      ami                    = var.image_id
      instance_type          = var.instance_type
      vpc_security_group_ids = ["${}"]
      subnet_id              = var.subnet
      iam_instance_profile   = "aws-example-ec2-role"

      tags = {
        Layer = "Bastion"
      }
    }

这是我创建安全组的方式: terraform/aws/global/vpc/bastion_sg.tf

This is how I have created the security group: terraform/aws/global/vpc/bastion_sg.tf

        module "bastion-sg" {
          source = "terraform-aws-modules/security-group/aws"
    
      name        = "Bastion"
      description = "Bastion example group"
      vpc_id      = "vpc-12345"
    
      ingress_with_cidr_blocks = [
        {
          from_port   = ##
          to_port     = ##
          protocol    = "##"
          description = "Bastion SSH"
          cidr_blocks = "1.2.3.4/5"
        },
        {
          from_port   = ##
          to_port     = ##
          protocol    = "##"
          description = "Bastion SSH"
          cidr_blocks = "1.2.3.4/5"
        }
      ]
      egress_with_source_security_group_id = [
        {
          from_port                = ##
          to_port                  = ##
          protocol                 = "##"
          description              = "Access to default server security group"
          source_security_group_id = "sg-12345"
        },
        {
          from_port                = ##
          to_port                  = ##
          protocol                 = "##"
          description              = "Access to db"
          source_security_group_id = "sg-12345"      
        }
      ]
    }

在象下面的bastion/main.tf中引用安全组ID之前，是否需要将安全组ID输出到由bastion_sg.tf创建的outputs.tf中?

Do I need to output the security group ID to outputs.tf where I have created by bastion_sg.tf before I can reference it within bastion/main.tf like below?

    module "bastion_sg"
        source "../../global/vpc"

然后以某种方式将ID传递给vpc_security_group_id =?

and then somehow pass the ID into vpc_security_group_id = ?

推荐答案

从您正在使用的模块文档中，这些是

From the module documentation that you're using, these are the outputs.

在您自己的Terraform中对其进行引用的方式为:

module.bastion-sg.this_security_group_id

因此，您的terraform/aws/layers/bastion/main.tf文件如下所示:

So your terraform/aws/layers/bastion/main.tf file would look like:

provider "aws" {
    region = var.region
}

module "ec2-instance" {
  source = "terraform-aws-modules/ec2-instance/aws"

  name                   = "bastion"
  instance_count.        = 1
  ami                    = var.image_id
  instance_type          = var.instance_type
  vpc_security_group_ids = [module.bastion-sg.this_security_group_id]
  subnet_id              = var.subnet
  iam_instance_profile   = "aws-example-ec2-role"

  tags = {
    Layer = "Bastion"
  }
}

这篇关于Terraform-使用在单独的文件中创建的安全组ID来创建EC2实例的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！