search

hashicorp / terraform

Terraform enables you to safely and predictably create, change, and improve infrastructure. It is a source-available tool that codifies APIs into declarative configuration files that can be shared amongst team members, treated as code, edited, reviewed, and versioned.
https://www.terraform.io/
Other
41.76k stars 9.42k forks source link

Auto aws_security_group_rule #19654

Closed lpolloni closed 5 years ago

lpolloni commented 5 years ago

I am trying to create a module for aws_security_group and another one to aws_security_group_rule, like this:


 "aws_security_group" "resource_sg" {
  count = "${var.create ? length(var.auto_rules[var.sg_regra]) : 0}"

  name         = "${var.sg_regra}-${count.index}"
  description  = "sg-${var.sg_regra}-${count.index}"
  vpc_id       = "${element(var.vpc_id, count.index)}"

  tags {
    Name       = "sg-${var.sg_regra}-${count.index+1}"
  }
}
resource "aws_security_group_rule" "ingress_rules" {
  count             = "${var.create ? 6 : 0}"

  type              = "ingress"
  from_port         = "${element(var.ingress_rules[element(var.auto_ingress_rules[element(var.auto_rules[var.sg_regra], count.index)], count.index)], 0)}"
  to_port           = "${element(var.ingress_rules[element(var.auto_ingress_rules[element(var.auto_rules[var.sg_regra], count.index)], count.index)], 1)}"
  protocol          = "${element(var.ingress_rules[element(var.auto_ingress_rules[element(var.auto_rules[var.sg_regra], count.index)], count.index)], 2)}"
  cidr_blocks       = ["0.0.0.0/0"]
  description       = "${element(var.ingress_rules[element(var.auto_ingress_rules[element(var.auto_rules[var.sg_regra], count.index)], count.index)], 3)}"
  security_group_id = "${element(var.sg_id)}"
}

And i have map variables to each field:

variable "ingress_rules" {
  type = "map"

  default = {
    http-80-tcp   = [80, 80, "tcp", "http"]
    http-443-tcp  = [443, 443, "tcp", "https"]
    ssh-22-tcp    = [22, 22, "tcp", "ssh"]
    ftp-21-tcp    = [21, 21, "tcp", "ftp"]
  }
}

variable "auto_ingress_rules" {
  type = "map"

  default = {
    goku      = ["http-80-tcp", "http-443-tcp", "ssh-22-tcp"]
    vegeta    = ["ssh-22-tcp", "http-80-tcp"]
  }
}

variable "auto_rules" {
  type = "map"

  default = {
    dev   = ["goku"]
    stage = ["goku"]
    prod  = ["goku", "vegeta"]
  }
}

My doubt is, how i turn auto create many aws_security_group_rules for each aws_security_group that i will create? I cant find the simple solution for that, thanks.

ghost commented 5 years ago

This issue has been automatically migrated to terraform-providers/terraform-provider-aws#6878 because it looks like an issue with that provider. If you believe this is not an issue with the provider, please reply to terraform-providers/terraform-provider-aws#6878.

ghost commented 4 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.