我使用了这个模块在AWS VPC中创建了一个安全组。我如何在单独的文件中引用所创建的资源?我正在同一仓库的不同目录中创建我们的堡垒机实例。
我的堡垒机配置如下,使用Terraform EC2模块,并且如果我硬编码vpc安全组ID,则可以正常工作,但我希望它能够直接从创建安全组时获取,因为这可能会在未来更改。
terraform/aws/layers/bastion/main.tf
provider "aws" {
region = var.region
}
module "ec2-instance" {
source = "terraform-aws-modules/ec2-instance/aws"
name = "bastion"
instance_count. = 1
ami = var.image_id
instance_type = var.instance_type
vpc_security_group_ids = ["${}"]
subnet_id = var.subnet
iam_instance_profile = "aws-example-ec2-role"
tags = {
Layer = "Bastion"
}
}
我创建安全组的方式如下: terraform/aws/global/vpc/bastion_sg.tf
module "bastion-sg" {
source = "terraform-aws-modules/security-group/aws"
name = "Bastion"
description = "Bastion example group"
vpc_id = "vpc-12345"
ingress_with_cidr_blocks = [
{
from_port = ##
to_port = ##
protocol = "##"
description = "Bastion SSH"
cidr_blocks = "1.2.3.4/5"
},
{
from_port = ##
to_port = ##
protocol = "##"
description = "Bastion SSH"
cidr_blocks = "1.2.3.4/5"
}
]
egress_with_source_security_group_id = [
{
from_port = ##
to_port = ##
protocol = "##"
description = "Access to default server security group"
source_security_group_id = "sg-12345"
},
{
from_port = ##
to_port = ##
protocol = "##"
description = "Access to db"
source_security_group_id = "sg-12345"
}
]
}
在我创建了bastion_sg.tf之后,我需要将安全组ID输出到outputs.tf中,然后才能在bastion/main.tf中像下面这样引用它吗?
module "bastion_sg"
source "../../global/vpc"
然后以某种方式将该ID传递到vpc_security_group_id = ?