terraform - Terraform 不喜欢在我的 NACL 块中包含字符串列表的变量,不知道为什么
问题描述
我想制定一个使用一系列 cidr 块来减少规则数量的规则。我似乎无法让 terraform 接受以字符串形式输出的变量或数据
代码:
data "aws_ip_ranges" "az_s3" {
regions = ["region-1"]
services = ["s3"]
}
variable "wan_range" {
description = "WAN cidr ranges"
type = list(string)
default = ["10.0.0.0/8", "172.16.0.0/16", "192.168.0.0/24"]
}
resource "aws_network_acl" "NACL_1" {
vpc_id = aws_vpc.sec_vpc.id
subnet_ids = [aws_subnet.private_subnet.id]
count = length(var.sd_wan_range)
egress = [
{
protocol = "tcp"
rule_no = 100
action = "allow"
cidr_block = data.aws_ip_ranges.az_s3.cidr_blocks
from_port = 80
to_port = 80
icmp_code = 0
icmp_type = 0
ipv6_cidr_block = null
},
{
protocol = "tcp"
rule_no = 200
action = "allow"
cidr_block = var.wan_range[count.index]
from_port = 32768
to_port = 65535
icmp_code = 0
icmp_type = 0
ipv6_cidr_block = null
}
]
这是计划中的错误:
├────────────────
│ │ count.index is 0
│ │ data.aws_ip_ranges.az_s3.cidr_blocks is list of string with 6 elements
│ │ var.wan_range is list of string with 3 elements
│
│ Inappropriate value for attribute "egress": element 2: attribute "cidr_block": string required.
解决方案
你也需要索引data.aws_ip_ranges.az_s3.cidr_blocks。该cidr_blocks属性是一个列表。
例如
cidr_block = data.aws_ip_ranges.az_s3.cidr_blocks[count.index]