amazon-web-services - 如何在 Terraform 中为子网创建有效的 CIDR 块值
问题描述
您好我正在使用 Terraform 项目以允许我的 Lambda 函数访问互联网 + RDS 数据库。我已经在控制台中手动构建了所有内容并且它正在工作,现在我正在 Terraform 中制作相同的结构。
我一直在弄清楚为我的公共和私有子网的 cidr_blocks 放置什么,以及为我正在创建的 EIP 放置什么为 private_ip。同样,我通过在控制台中摆弄来手动为这些参数创建有效值,但肯定有一种编程方式可以做到这一点吗?
resource "aws_default_vpc" "jacobs_vpc_tf" {
}
resource "aws_subnet" "jacobs_public_subnet" {
vpc_id = aws_default_vpc.jacobs_vpc_tf.id
cidr_block = aws_default_vpc.jacobs_vpc_tf.cidr_block # idk what to put here or how to make it automatically select a valid cidr block
map_public_ip_on_launch = true
}
resource "aws_subnet" "jacobs_private_subnet" {
vpc_id = aws_default_vpc.jacobs_vpc_tf.id
cidr_block = aws_default_vpc.jacobs_vpc_tf.cidr_block # idk what to put here or how to make it automatically select a valid cidr block
}
resource "aws_internet_gateway" "jacobs_gw" {
vpc_id = aws_default_vpc.jacobs_vpc_tf.id
}
resource "aws_nat_gateway" "jacobs_nat_gw" {
allocation_id = aws_eip.jacobs_eip.id
subnet_id = aws_subnet.jacobs_public_subnet.id
depends_on = [aws_internet_gateway.jacobs_gw]
}
resource "aws_network_interface" "jacobs_network_interface" {
subnet_id = aws_subnet.jacobs_public_subnet.id
private_ips = ["10.0.0.50"] # idk what to put here or how to make it automatically select a valid IP
attachment {
instance = aws_nat_gateway.jacobs_nat_gw.id
device_index = 1
}
}
resource "aws_eip" "jacobs_eip" {
vpc = true
network_interface = aws_network_interface.jacobs_network_interface.id
depends_on = [aws_internet_gateway.jacobs_gw]
}
### route tables & associations - these cidr block values should be correct and don't need to be changed
resource "aws_route_table" "jacobs_private_route_table" {
vpc_id = aws_default_vpc.jacobs_vpc_tf.id
nat_gateway_id = aws_nat_gateway.jacobs_nat_gw.id
route = [
{
cidr_block = "0.0.0.0/0"
gateway_id = aws_nat_gateway.jacobs_nat_gw.id
}
]
}
resource "aws_route_table" "jacobs_public_route_table" {
vpc_id = aws_default_vpc.jacobs_vpc_tf.id
gateway_id = aws_internet_gateway.jacobs_gw.id
route = [
{
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.jacobs_gw.id
}
]
}
resource "aws_route_table_association" "jacobs_private_route" {
subnet_id = aws_subnet.jacobs_private_subnet.id
route_table_id = aws_route_table.jacobs_private_route_table.id
}
resource "aws_route_table_association" "jacobs_public_route" {
subnet_id = aws_subnet.jacobs_public_subnet.id
route_table_id = aws_route_table.jacobs_public_route_table.id
}
我认为我不在乎 cidr_blocks 和私有 ip 的值是什么,我只需要在其中放入一些有效值,以便我可以访问。如果有人有解决方案或可以向我指出一些相关资源,我将不胜感激!
解决方案
我修改了代码以创建自定义 VPC(而不是重新创建默认 VPC),并自动设置了所有内容。对于 CIDR 范围,您可以使用cidrsubnet:
resource "aws_vpc" "jacobs_vpc_tf" {
cidr_block = "10.0.0.0/16"
tags = {
Name = "jacobs-vpc"
}
}
resource "aws_subnet" "jacobs_public_subnet" {
vpc_id = aws_vpc.jacobs_vpc_tf.id
cidr_block = cidrsubnet(aws_vpc.jacobs_vpc_tf.cidr_block, 8, 1)
map_public_ip_on_launch = true
}
resource "aws_subnet" "jacobs_private_subnet" {
vpc_id = aws_vpc.jacobs_vpc_tf.id
cidr_block = cidrsubnet(aws_vpc.jacobs_vpc_tf.cidr_block, 8, 2)
}
resource "aws_internet_gateway" "jacobs_gw" {
vpc_id = aws_vpc.jacobs_vpc_tf.id
}
resource "aws_eip" "jacobs_eip" {
vpc = true
#network_interface = aws_network_interface.jacobs_network_interface.id
depends_on = [aws_internet_gateway.jacobs_gw]
}
resource "aws_nat_gateway" "jacobs_nat_gw" {
allocation_id = aws_eip.jacobs_eip.id
subnet_id = aws_subnet.jacobs_public_subnet.id
#depends_on = [aws_internet_gateway.jacobs_gw]
}
### route tables & associations - these cidr block values should be correct and don't need to be changed
resource "aws_route_table" "jacobs_private_route_table" {
vpc_id = aws_vpc.jacobs_vpc_tf.id
#nat_gateway_id = aws_nat_gateway.jacobs_nat_gw.id
route {
cidr_block = "0.0.0.0/0"
nat_gateway_id = aws_nat_gateway.jacobs_nat_gw.id
}
}
resource "aws_route_table" "jacobs_public_route_table" {
vpc_id = aws_vpc.jacobs_vpc_tf.id
#gateway_id = aws_internet_gateway.jacobs_gw.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.jacobs_gw.id
}
}
resource "aws_route_table_association" "jacobs_private_route" {
subnet_id = aws_subnet.jacobs_private_subnet.id
route_table_id = aws_route_table.jacobs_private_route_table.id
}
resource "aws_route_table_association" "jacobs_public_route" {
subnet_id = aws_subnet.jacobs_public_subnet.id
route_table_id = aws_route_table.jacobs_public_route_table.id
}
推荐阅读
- javascript - JSON 嵌套子元素引用
- mongodb - 在mongodb中进行分组时如何使用条件计数?
- apache-spark - 在pyspark中交换列值
- ansible - 如果在 ansible 打印语句中为 else
- android - 如何跟踪在android中重试指纹登录的剩余时间?
- c# - 我将如何在 C# 中截取我的额外桌面
- sql - 统计日期的 SQL 查询没有返回结果
- java - 在我的 JAVA 程序中,我有三个套接字,我需要多少个线程来处理它?
- r - R粘贴函数为每个单词重复第一个参数
- phonegap-plugins - launchnavigator 插件构建在 phonegap buid 中出错