想识别terraform执行环境的公网ip,加入安全组 [英] I want to identify the public ip of the terraform execution environment and add it to the security group
问题描述
我要识别 terraform 执行环境的公网 IP并将其添加到 aws 安全组入站以防止来自其他环境的访问.
I want to identify the public IP of the terraform execution environment and add it to aws security group inbound to prevent access from other environments.
目前,我正在手动编辑 variables.tf 文件中的值.
Currently, I am manually editing the values in the variables.tf file.
变量.tf
variable public_ip_address {
default = "xx"
}
我想在本地主机上执行curl ifconfig.co"命令,根据结果自动设置安全组
I would like to execute the "curl ifconfig.co" command on the local host and automatically set the security group based on the result
有没有办法做这样的事情?
Is there a way to do such things?
我可以通过将 local-exec 的结果放入某个变量中来做到这一点但我不知道该怎么做.
I could do it by putting the result of local-exec in some variable but I don't know how to do it.
感谢您阅读我的问题.
推荐答案
有一种更简单的方法可以做到这一点,无需任何脚本.诀窍是拥有一个诸如 icanhazip.com
之类的网站来检索您的 IP,因此在您的 terraform 文件中将其设置为 data
:
There's an easier way to do that without any scripts. The trick is having a website such as icanhazip.com
which retrieve your IP, so set it in your terraform file as data
:
data "http" "myip" {
url = "http://ipv4.icanhazip.com"
}
只要你想放置你的IP,只需使用data.http.myip.body
,例如:
And whenever you want to place your IP just use data.http.myip.body
, example:
ingress {
from_port = 5432
to_port = 5432
protocol = "tcp"
cidr_blocks = ["${chomp(data.http.myip.body)}/32"]
}
注意,我使用 terraform
chomp()
方法来删除正文中的任何尾随空格或新行.Note I used terraform
chomp()
method to remove any trailing space or new line which comes with body.您可以将 ipv6 与 http://ipv6.icanhazip.com 一起使用.小心使用 http://icanhazip.com 因为它可以检索 ipv4 或 ipv6
You can use your ipv6 with http://ipv6.icanhazip.com. Take care by just using http://icanhazip.com because it can retrieve ipv4 or ipv6
这篇关于想识别terraform执行环境的公网ip,加入安全组的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!