我是terraform的新手,我正在利用terragrunt来帮助我实现目标 . 我有相当数量的基础设施可以迁移和设置w / terraform,但我首先得到了我的脚 . 我们在不同地区有多个VPC,并且使用了很多相同的安全组规则,即(web,db等),我想在每个区域复制 .
我有一个简单的例子,说明我目前如何设置EC2模块以重新创建安全组规则,并且想知道是否有更好的方法来组织此代码,因此我不必为每个规则创建相同SG规则的新模块区域?即为我的vpc,提供商等利用列表的一些聪明的方法......
因为这只是跨越两个地区的一条SG规则,所以我试图避免这种不断增长的丑陋,因为我们扩展到更多区域并输入多个SG规则
我的状态目前存储在S3中,在此设置中我拉状态,以便我可以从我用于创建VPC的另一个模块访问VPC输出
terraform {
backend "s3" {}
}
provider "aws" {
version = "~> 1.31.0"
region = "${var.region}"
profile = "${var.profile}"
}
provider "aws" {
version = "~> 1.31.0"
alias = "us-west-1"
region = "us-west-1"
profile = "${var.profile}"
}
#################################
# Data sources to get VPC details
#################################
data "terraform_remote_state" "vpc" {
backend = "s3"
config {
bucket = "${var.vpc_remote_state_bucket}"
key = "${var.vpc_remote_state_key}"
region = "${var.region}"
profile = "${var.profile}"
}
}
#####################
# Security group rule
#####################
module "east1_vpc_web_server_sg" {
source = "terraform-aws-modules/security-group/aws"
version = "2.5.0"
name = "web-server"
description = "Security group for web-servers with HTTP ports open within the VPC"
vpc_id = "${data.terraform_remote_state.vpc.us_east_vpc1_id}"
# Allow VPC public subnets to talk to each other for API's
ingress_cidr_blocks = ["${data.terraform_remote_state.vpc.us_east_vpc1_public_subnets_cidr_blocks}"]
ingress_rules = ["https-443-tcp", "http-80-tcp"]
# List of maps
ingress_with_cidr_blocks = "${var.web_server_ingress_with_cidr_blocks}"
# Allow engress all protocols to outside
egress_rules = ["all-all"]
tags = {
Terraform = "true"
Environment = "${var.environment}"
}
}
module "west1_vpc_web_server_sg" {
source = "terraform-aws-modules/security-group/aws"
version = "2.5.0"
providers {
aws = "aws.us-west-1"
}
name = "web-server"
description = "Security group for web-servers with HTTP ports open within the VPC"
vpc_id = "${data.terraform_remote_state.vpc.us_west_vpc1_id}"
# Allow VPC public subnets to talk to each other for API's
ingress_cidr_blocks = ["${data.terraform_remote_state.vpc.us_west_vpc1_public_subnets_cidr_blocks}"]
ingress_rules = ["https-443-tcp", "http-80-tcp"]
ingress_with_cidr_blocks = "${var.web_server_ingress_with_cidr_blocks}"
# Allow engress all protocols to outside
egress_rules = ["all-all"]
tags = {
Terraform = "true"
Environment = "${var.environment}"
}
}
1 回答
您当前的设置使用了提供程序中不同模块的两倍 . 您可以将多个提供程序传递给该模块(see the documentation) . 然后,在模块中,您可以使用在主文档中指定的相同变量来创建所需的所有实例 .
但是,由于您为每种资源类型使用一个单独的提供程序,因此您必须至少有一些代码重复 .
您的代码可能看起来像这样
在模块内,您可以使用
main
和secondary
提供程序来部署所有必需的资源 .