Terraform for_each azurerm_firewall_policy_rule_collection_group动态规则

rkue9o1l  于 2023-11-21  发布在  其他
关注(0)|答案(1)|浏览(202)

我有一个terraform文件nonfunctionalvms.tf,它可以创建多个虚拟机

module "nonfunctional" {
  source         = "../../modules/additionalvms"
  resource_group = var.resource_group
  vmname        = "nf-add-vm"
  instances = {
    TICKET-F2345 = { name = "F2345" }
    TICKET-F2471 = { name = "F2371" }   
  }
}

字符串
创建虚拟机,操作系统磁盘,NIC和配置操作系统-所有工作正常。在该模块中,我需要(尝试)动态允许http/s访问。我试图在防火墙策略下创建动态部分,但没有成功。

modules/additionalvms/firewall_policy.tf文件内容:

resource "azurerm_firewall_policy_rule_collection_group" "policy-additionalvms" {
  name               = "policy-additionalvms"
  firewall_policy_id = data.azurerm_firewall_policy.nonfunctional.id
  priority           = 2300
  application_rule_collection {
    name     = "policy-additionalvms"
    priority = 2312
    action   = "Allow"
    dynamic "rule" {
      for_each = var.instances
      content {
        name = allow-web-out[each.key]
        protocols {
          type = "Http"
          port = 80
        }
        protocols {
          type = "Https"
          port = 443
        }
        source_addresses  = [azurerm_network_interface.additionalvms[each.key].private_ip_address]
        destination_fqdns = ["*"]
      }
    }
  }
}


我只需要将VM的其他IP添加到现有规则集合中我错在哪里?这是我得到的错误:

│ Error: Invalid reference
│   on ../../modules/jenkins/firewall_policy.tf line 12, in resource "azurerm_firewall_policy_rule_collection_group" "Policy-additionalvms":
│   12:       name = allow-web-out[each.key]
│ A reference to a resource type must be followed by at least one attribute access, specifying the resource name.
│ Error: Reference to "each" in context without for_each
│   on ../../modules/jenkins/firewall_policy.tf line 12, in resource "azurerm_firewall_policy_rule_collection_group" "Policy-additionalvms":
│   12:       name = allow-web-out[each.key]
│ The "each" object can be used only in "module" or "resource" blocks, and only when the "for_each" argument is set.
│ Error: Reference to "each" in context without for_each
│   on ../../modules/jenkins/firewall_policy.tf line 21, in resource "azurerm_firewall_policy_rule_collection_group" "Policy-additionalvms":
│   21:       source_addresses  = [azurerm_network_interface.additionalvms-nic[each.key].private_ip_address]
│ The "each" object can be used only in "module" or "resource" blocks, and only when the "for_each" argument is set.

h43kikqp

h43kikqp1#

答案是:

module "nonfunctional" {
  source         = "../../modules/additionalvms"
  resource_group = var.resource_group
  vmname        = "nf-add-vm"
  instances = {
    TICKET-F2345 = { name = "F2345" }
    TICKET-F2471 = { name = "F2371" }   
  }
}

字符串
防火墙策略是:

resource "azurerm_firewall_policy_rule_collection_group" "policy-additionalvms" {
  name               = "policy-additionalvms"
  firewall_policy_id = data.azurerm_firewall_policy.nonfunctional.id
  priority           = 2300
  application_rule_collection {
    name     = "policy-additionalvms"
    priority = 2312
    action   = "Allow"
    dynamic "rule" {
      for_each = var.instances
      content {
        name = "allow-web-out-${rule.key}"
        protocols {
          type = "Http"
          port = 80
        }
        protocols {
          type = "Https"
          port = 443
        }
        source_addresses  = [azurerm_network_interface.additionalvms[rule.key].private_ip_address]
        destination_fqdns = ["*"]
      }
    }
  }
}

相关问题