terraform - 允许使用 terraform 访问一个 AWS 安全组到另一个

Question

我想将一个安全组的访问权限授予另一个安全组，但我无法使其正常工作，有人可以指出我哪里做错了吗。

这是我模块的ma​​in.tf:

resource "aws_security_group" "rds_sg" {
    name = "${var.name}-${var.environment}-rds"
    description = "Security Group ${var.name}-${var.environment}"
    vpc_id = "${var.vpc_id}"
    tags {
        Name = "${var.name}-${var.environment}-rds"
        environment =  "${var.environment}"
    }

    // allows traffic from the SG itself
    ingress {
        from_port = 0
        to_port = 0
        protocol = "-1"
        self = true
    }

    // allow traffic for TCP 3306
    ingress {
        from_port = 3306
        to_port = 3306
        protocol = "tcp"
        security_group_id = "${var.security_group_id}"
    }

    // outbound internet access
    egress {
        from_port = 0
        to_port = 0
        protocol = "-1"
        cidr_blocks = ["0.0.0.0/0"]
    }
}

output "rds_sg_id" {
    value = "${aws_db_security_group.rds_sg.id}"
}

模块的variables.tf:

// Module specific variables
variable "name" {
    default = "test"
}

variable "environment" {
    default = "test"
}

variable "vpc_id" {
    description = "The VPC this security group will go in"
}

variable "security_group_id" {
    description = "Security Group id"
}

security_groups_id 的值传到另一个模块，所以在我的主文件中是这样的:

module "rds_sg" {
    source = "./modules/rds_sg"
    name = "tendo"
    environment = "dev"
    vpc_id = "${module.vpc_subnets.vpc_id}"
    security_group_id = "${module.web_sg.web_sg_id}"
}

但是当我尝试执行“terraform”时，出现了这个错误:

Errors:

  * 1 error(s) occurred:

* module root: module rds_sg: security_group_id is not a valid parameter

Answer 1

我想我已经找到问题所在；您在模块的 main.tf 中使用了错误的参数来提供安全组。请参阅下面修改后的代码和文档 here .

// allow traffic for TCP 3306
ingress {
    from_port = 3306
    to_port = 3306
    protocol = "tcp"
    security_groups = ["${var.security_group_id}"]
}