amazon-web-services - 在 terraform 中有条件地创建带有计数的 aws_security_group_rule

问题描述

我的 terraform 脚本中有以下代码

variable "sg_ingress_rules" {
  type = map(map(any))
  default = {
    port_22   = { from = 22, to = 22, proto = "tcp", cidr = "0.0.0.0/0", desc = "Allow port 22 from all" }
    port_3306 = { from = 3306, to = 3306, proto = "tcp", cidr = "10.0.0.0/8", desc = "Allow port 3306 from all" }
    port_3307 = { from = 3307, to = 3307, proto = "tcp", cidr = "10.0.0.0/8", desc = "Allow port 3307 from all" },
    port_3308 = { from = 3308, to = 3308, proto = "tcp", cidr = "10.0.0.0/8", desc = "Allow port 3308 from all" },
    port_9103 = { from = 9103, to = 9103, proto = "tcp", cidr = "10.0.0.0/8", desc = "Allow port 9103 from all" },
  }
}

resource "aws_security_group_rule" "mysql_ingress_rules" {
  for_each          = var.sg_ingress_rules
  type              = "ingress"
  from_port         = each.value.from
  to_port           = each.value.to
  protocol          = each.value.proto
  cidr_blocks       = [each.value.cidr]
  description       = each.value.desc
  security_group_id = aws_security_group.this[*].id
}

现在我只想在创建 mysql 实例时有条件地创建此规则。如果 launch_mysql 为 false，它不会创建任何规则。我尝试了这种方法，这显然是错误的，因为您不能同时使用 count 和 for_each。

resource "aws_security_group_rule" "mysql_ingress_rules" {
  count             = var.launch_mysql ? 1 : 0
  for_each          = var.sg_ingress_rules
  type              = "ingress"
  from_port         = each.value.from
  to_port           = each.value.to
  protocol          = each.value.proto
  cidr_blocks       = [each.value.cidr]
  description       = each.value.desc
  security_group_id = var.launch_mysql ? join("", aws_security_group.this[*].id) : "null"
}

我正在使用 terraform 1.0.2 版。

我无法想到任何其他方式。有人可以帮我吗？

标签： amazon-web-servicesterraformterraform-provider-awsterraform0.12+