想识别terraform执行环境的公网ip，加入安全组 [英] I want to identify the public ip of the terraform execution environment and add it to the security group

问题描述

我要识别 terraform 执行环境的公网 IP并将其添加到 aws 安全组入站以防止来自其他环境的访问.

I want to identify the public IP of the terraform execution environment and add it to aws security group inbound to prevent access from other environments.

目前，我正在手动编辑 variables.tf 文件中的值.

Currently, I am manually editing the values in the variables.tf file.

变量.tf

variable public_ip_address {
  default     = "xx"
}

我想在本地主机上执行curl ifconfig.co"命令，根据结果自动设置安全组

I would like to execute the "curl ifconfig.co" command on the local host and automatically set the security group based on the result

有没有办法做这样的事情?

Is there a way to do such things?

我可以通过将 local-exec 的结果放入某个变量中来做到这一点但我不知道该怎么做.

I could do it by putting the result of local-exec in some variable but I don't know how to do it.

感谢您阅读我的问题.

推荐答案

有一种更简单的方法可以做到这一点，无需任何脚本.诀窍是拥有一个诸如 icanhazip.com 之类的网站来检索您的 IP，因此在您的 terraform 文件中将其设置为 data:

There's an easier way to do that without any scripts. The trick is having a website such as icanhazip.com which retrieve your IP, so set it in your terraform file as data:

data "http" "myip" {
  url = "http://ipv4.icanhazip.com"
}

只要你想放置你的IP，只需使用data.http.myip.body，例如:

And whenever you want to place your IP just use data.http.myip.body, example:

ingress {
  from_port = 5432
  to_port = 5432
  protocol = "tcp"
  cidr_blocks = ["${chomp(data.http.myip.body)}/32"]
}

• 注意，我使用 terraform chomp() 方法来删​​除正文中的任何尾随空格或新行.

  • Note I used terraform chomp() method to remove any trailing space or new line which comes with body.

    您可以将 ipv6 与 http://ipv6.icanhazip.com 一起使用.小心使用 http://icanhazip.com 因为它可以检索 ipv4 或 ipv6

    You can use your ipv6 with http://ipv6.icanhazip.com. Take care by just using http://icanhazip.com because it can retrieve ipv4 or ipv6

    这篇关于想识别terraform执行环境的公网ip，加入安全组的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！