terraform从vpc端点子网选项卡获取子网集成ips [英] terraform get subnet integration ips from vpc endpoint subnets tab

问题描述

流程就像

1. vpc-> vpc_endpoint(com.amazonaws.us-east-1.transfer.server)->[subnet_1，subnet_2]

2. net->nlb->目标组->[subnet_ip_1，subnet_ip_2]

我正在创建一个NLB，目标组指向为用于sftp的AWS传输"而创建的VPC端点. com.amazonaws.us-east-1.transfer.server ，但是terraform不会返回与VPC端点集成的子网的ips

I am creating a NLB with target groups pointing to VPC endpoint created for 'AWS transfers for sftp' com.amazonaws.us-east-1.transfer.server but terraform doesn't return the ips of the subnets that are integrated with VPC endpoint

因此，当前，我正在从vpc端点下的子网"选项卡中手动复制ips.但是，我想使用terraform

So, currently i'm manually copying the ips from subnets tab under vpc endpoint. But, I want to automate this complete process using terraform

任何帮助将不胜感激

resource "aws_eip" "nlb" {
  count = length(var.public_subnet_ids)
  vpc   = true
}

resource "aws_lb" "network" {
  name               = "${var.service_name}-${var.env}-nlb"
  load_balancer_type = "network"

  dynamic subnet_mapping {
    for_each = [for i in range(length(module.vpc.public_subnet_ids)) : {
      subnet_id     = var.public_subnet_ids[i]
      allocation_id = aws_eip.nlb[i].id
    }]
    content {
      subnet_id     = subnet_mapping.value.subnet_id
      allocation_id = subnet_mapping.value.allocation_id
    }
  }
}

resource "aws_lb_target_group" "target-group" {
  name        = "${var.service_name}-${var.env}-nlb-target-group"
  port        = 22
  protocol    = "TCP"
  target_type = "ip"
  vpc_id      = var.vpc_id
}

// TODO need to add vpc endpoint subnet ip addresses manually to nlb target group as terraform doesn't export the subnet ip addresses
//resource "aws_lb_target_group_attachment" "vpc-endpoint" {
//  count = length(var.public_subnet_ids)
//  target_group_arn = aws_lb_target_group.target-group.arn
//  target_id        = this needs ip of subnets intgerated with vpc endpoint 
//  port             = 22
//}

resource "aws_vpc_endpoint" "transfer" {
  vpc_id              = var.vpc_id
  service_name        = "com.amazonaws.${var.aws_region}.transfer.server"
  vpc_endpoint_type   = "Interface"
  subnet_ids          = var.public_subnet_ids
  private_dns_enabled = true
}

resource "aws_transfer_server" "sftp" {
  identity_provider_type = "API_GATEWAY"
  endpoint_type = "VPC_ENDPOINT"
  endpoint_details {
    vpc_endpoint_id = aws_vpc_endpoint.transfer.id
  }
  url = aws_api_gateway_deployment.deploy.invoke_url
  invocation_role = aws_iam_role.transfer-identity-provider-role.arn
  logging_role = aws_iam_role.transfer-logging-role.arn

  depends_on = [aws_vpc_endpoint.transfer]
}

推荐答案

尝试如下操作:

## Data Section
data "aws_network_interface" "eni_0" {
  id = "${aws_vpc_endpoint.transfer.network_interface.ids {0}"
}

  data "aws_network_interface" "eni_1" {
  id = "${aws_vpc_endpoint.transfer.network_interface.ids {1}"
}


## Resource Section
resource "aws_alb_target_group_attachment" "tg_att_0" {
  target_group_arn = "$aws_lb_target_group.group.arn}"
  target_id = "${data.aws_network_interface.eni_0.private_ips[0]}"
  port = 22
}

resource "aws_alb_target_group_attachment" "tg_att_1" {
  target_group_arn = "$aws_lb_target_group.group.arn}"
  target_id = "${data.aws_network_interface.eni_1.private_ips[0]}"
  port = 22
}

这确实有效，但是还没有时间优化代码...它将使您可以将NLB附加到VPC端点内部地址.

This does work but didn't have time to optimize the code yet... It will allow you to attach the NLB to the VPC endpoint internal address.

祝你好运.

这篇关于terraform从vpc端点子网选项卡获取子网集成ips的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！