有没有办法合并terraform变量以跨多个AWS区域使用相同的模块？-Java 学习之路

我是terraform的新手，我正在利用terragrunt来帮助我实现目标 . 我有相当数量的基础设施可以迁移和设置w / terraform，但我首先得到了我的脚 . 我们在不同地区有多个VPC，并且使用了很多相同的安全组规则，即（web，db等），我想在每个区域复制 .

我有一个简单的例子，说明我目前如何设置EC2模块以重新创建安全组规则，并且想知道是否有更好的方法来组织此代码，因此我不必为每个规则创建相同SG规则的新模块区域？即为我的vpc，提供商等利用列表的一些聪明的方法......

因为这只是跨越两个地区的一条SG规则，所以我试图避免这种不断增长的丑陋，因为我们扩展到更多区域并输入多个SG规则

我的状态目前存储在S3中，在此设置中我拉状态，以便我可以从我用于创建VPC的另一个模块访问VPC输出

terraform {
  backend "s3" {}
}

provider "aws" {
  version = "~> 1.31.0"
  region  = "${var.region}"
  profile = "${var.profile}"
}

provider "aws" {
  version = "~> 1.31.0"
  alias  = "us-west-1"
  region = "us-west-1"
  profile = "${var.profile}"
}

#################################
# Data sources to get VPC details
#################################

data "terraform_remote_state" "vpc" {
  backend = "s3"

  config {
    bucket = "${var.vpc_remote_state_bucket}"
    key    = "${var.vpc_remote_state_key}"
    region = "${var.region}"
    profile = "${var.profile}"
  }
}

#####################
# Security group rule
#####################

module "east1_vpc_web_server_sg" {
  source = "terraform-aws-modules/security-group/aws"
  version = "2.5.0"

  name        = "web-server"
  description = "Security group for web-servers with HTTP ports open within the VPC"
  vpc_id      = "${data.terraform_remote_state.vpc.us_east_vpc1_id}"

  # Allow VPC public subnets to talk to each other for API's
  ingress_cidr_blocks = ["${data.terraform_remote_state.vpc.us_east_vpc1_public_subnets_cidr_blocks}"]
  ingress_rules       = ["https-443-tcp", "http-80-tcp"]

  # List of maps
  ingress_with_cidr_blocks = "${var.web_server_ingress_with_cidr_blocks}"

  # Allow engress all protocols to outside
  egress_rules = ["all-all"]

  tags = {
    Terraform = "true"
    Environment = "${var.environment}"
  }
}

module "west1_vpc_web_server_sg" {
  source = "terraform-aws-modules/security-group/aws"
  version = "2.5.0"

  providers {
    aws = "aws.us-west-1"
  }

  name        = "web-server"
  description = "Security group for web-servers with HTTP ports open within the VPC"
  vpc_id      = "${data.terraform_remote_state.vpc.us_west_vpc1_id}"

  # Allow VPC public subnets to talk to each other for API's
  ingress_cidr_blocks = ["${data.terraform_remote_state.vpc.us_west_vpc1_public_subnets_cidr_blocks}"]
  ingress_rules       = ["https-443-tcp", "http-80-tcp"]

  ingress_with_cidr_blocks = "${var.web_server_ingress_with_cidr_blocks}"

  # Allow engress all protocols to outside
  egress_rules = ["all-all"]

  tags = {
    Terraform = "true"
    Environment = "${var.environment}"
  }
}

1 回答

您当前的设置使用了提供程序中不同模块的两倍 . 您可以将多个提供程序传递给该模块（see the documentation） . 然后，在模块中，您可以使用在主文档中指定的相同变量来创建所需的所有实例 .

但是，由于您为每种资源类型使用一个单独的提供程序，因此您必须至少有一些代码重复 .

您的代码可能看起来像这样

module "vpc_web_server_sg" {
  source = "terraform-aws-modules/security-group/aws"
  version = "2.5.0"

  providers {
    aws.main = "aws"
    aws.secondary = "aws.us-west-1"
  }

  name        = "web-server"
  description = "Security group for web-servers with HTTP ports open within the VPC"
  vpc_id      = "${data.terraform_remote_state.vpc.us_west_vpc1_id}"

  # Allow VPC public subnets to talk to each other for API's
  ingress_cidr_blocks = ["${data.terraform_remote_state.vpc.us_west_vpc1_public_subnets_cidr_blocks}"]
  ingress_rules       = ["https-443-tcp", "http-80-tcp"]

  ingress_with_cidr_blocks = "${var.web_server_ingress_with_cidr_blocks}"

  # Allow engress all protocols to outside
  egress_rules = ["all-all"]

  tags = {
    Terraform = "true"
    Environment = "${var.environment}"
  }
}

在模块内，您可以使用 main 和 secondary 提供程序来部署所有必需的资源 .

回复于 2024-04-26T08:21:46+08:00

有没有办法合并terraform变量以跨多个AWS区域使用相同的模块？

1 回答

相关问题