Terraform:如何在 "for_each"中使用多个局部变量和变量

Question

我有一个创建多个 EC2 实例的 Terraform 模板。然后，我在 AWS 控制台中创建了一些弹性网络接口(interface)，并将它们作为本地接口(interface)添加到 Terraform 模板中。现在，我想将适当的 ENI 映射到实例，因此我添加了局部变量和变量，如下所示。

locals {
  instance_ami = {
    A  = "ami-11111"
    B = "ami-22222"
    C  = "ami-33333"
    D   = "ami-4444"
  }
}

variable "instance_eni" {
  description = "Pre created Network Interfaces"
  default = [
    {
      name = "A"
      id   = "eni-0a15890a6f567f487"
    },
    {
      name = "B"
      id   = "eni-089a68a526af5775b"
    },
    {
      name = "C"
      id   = "eni-09ec8ad891c8e9d91"
    },
    {
      name = "D"
      id   = "eni-0fd5ca23d3af654a9"
    }
  ]
}


resource "aws_instance" "instance" {
  for_each = local.instance_ami

  ami           = each.value
  instance_type = var.instance_type
  key_name      = var.keypair

  root_block_device {
    delete_on_termination = true
    volume_size           = 80
    volume_type           = "gp2"
  }


  dynamic "network_interface" {
    for_each = [for eni in var.instance_eni : {
      eni_id = eni.id
    }]

    content {
      device_index          = 0
      network_interface_id  = network_interface.value.eni_id
      delete_on_termination = false
    }
  }
}

我遇到以下错误:

Error: Error launching source instance: InvalidParameterValue: Each network interface requires a unique device index. status code: 400, request id: 4a482753-bddc-4fc3-90f4-2f1c5e2472c7

我认为 Terraform 很难将所有 4 个 ENI 仅附加到单个实例。应该如何将 ENI 附加到单个实例？

Answer 1

您在问题中共享的配置要求 Terraform 管理四个实例，每个实例都有四个与之关联的网络接口(interface)。这在两个不同的方面是有问题的:

• 每个实例上的所有网络接口(interface)都配置了相同的 device_index，这是无效的，也是此处报告的错误消息。
• 即使您要修复该问题，它也会尝试将相同的四个网络接口(interface)附加到四个不同的 EC2 实例，这是无效的:每个网络接口(interface)一次只能附加到一个实例。

要解决这个问题并获得您想要的行为，您只需要一个 network_interface block ，每个实例的内容都不同:

locals {
  instance_ami = {
    A = "ami-11111"
    B = "ami-22222"
    C = "ami-33333"
    D = "ami-4444"
  }
}

variable "instance_eni" {
  description = "Pre created Network Interfaces"
  default = [
    {
      name = "A"
      id   = "eni-0a15890a6f567f487"
    },
    {
      name = "B"
      id   = "eni-089a68a526af5775b"
    },
    {
      name = "C"
      id   = "eni-09ec8ad891c8e9d91"
    },
    {
      name = "D"
      id   = "eni-0fd5ca23d3af654a9"
    }
  ]
}

locals {
  # This expression is transforming the instance_eni
  # value into a more convenient shape: a map from
  # instance key to network interface id. You could
  # also choose to just change directly the
  # definition of variable "instance_eni" to already
  # be such a map, but I did it this way to preserve
  # your module interface as given.
  instance_network_interfaces = {
    for ni in var.instance_eni : ni.name => ni.id
  }
}

resource "aws_instance" "instance" {
  for_each = local.instance_ami

  ami           = each.value
  instance_type = var.instance_type
  key_name      = var.keypair

  root_block_device {
    delete_on_termination = true
    volume_size           = 80
    volume_type           = "gp2"
  }

  network_interface {
    device_index          = 0
    network_interface_id  = local.instance_network_interfaces[each.key]
    delete_on_termination = false
  }
}

现在每个实例只有 一个 网络接口(interface)，每个都附加到输入变量中给定的相应 ENI ID。引用 each.key 和 each.value 是我们如何在使用资源 for_each 时声明的每个实例之间创建差异；我们不需要任何其他重复结构，除非我们想创建嵌套重复，比如为每个实例拥有动态数量的网络接口(interface)。