你好吗?我遇到了一个问题。看看下面的代码。我创建了两个安全组:
resource "aws_security_group" "ec2_sg" {
name = "${var.project_name}-${var.environment}-ec2-sg"
vpc_id = var.vpc_id
description = "Security Group for EC2 instance"
ingress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["172.15.0.0/16", "172.18.0.0/16", "172.19.0.0/16"]
}
tags = {
Name = "${var.project_name}-${var.environment}-ec2-sg"
Environment = var.environment
Project = var.project_name
ResourceType = "security-group"
}
}
resource "aws_security_group" "rds_sg" {
name = "${var.project_name}-${var.environment}-rds-sg"
vpc_id = var.vpc_id
description = "Security Group for RDS"
ingress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["172.15.0.0/16", "172.18.0.0/16", "172.19.0.0/16"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "${var.project_name}-${var.environment}-rds-sg"
Environment = var.environment
Project = var.project_name
ResourceType = "security-group"
}
}
之后,我创建了两条允许它们之间交叉流量的规则:
resource "aws_security_group_rule" "ec2_rule" {
depends_on = [aws_security_group.ec2_sg, aws_security_group.rds_sg]
type = "ingress"
from_port = 0
to_port = 0
protocol = "-1"
source_security_group_id = aws_security_group.rds_sg.id
security_group_id = aws_security_group.ec2_sg.id
}
resource "aws_security_group_rule" "rds_rule" {
depends_on = [aws_security_group.ec2_sg, aws_security_group.rds_sg]
type = "ingress"
from_port = 0
to_port = 0
protocol = "-1"
source_security_group_id = aws_security_group.ec2_sg.id
security_group_id = aws_security_group.rds_sg.id
}
到目前为止一切都很好;我应用了代码,它奏效了。然而,我注意到,每次我对Terraform进行更改时,即使是对其他资源,无论它们是什么,这些允许交叉流量的规则只会消失。
我必须注释掉代码的这一特定部分并应用它;地形图显示规则将被删除(即使它们在SG中不可见)。然后,我取消对规则的注释,并再次应用它们。
目前还可以,但在生产中会出现问题。知道为什么会发生这种情况以及如何解决吗?
