问题描述

我正在每个区域创建一堆 Route 53 解析器规则，这与 for_each 循环配合得很好:

I am creating a bunch of Route 53 resolver rules in each region and this works great with for_each loop:

resource "aws_route53_resolver_rule" "resolver-rule" {
  for_each = var.resolver-rules
  domain_name          = each.value.domain-name
  name                 = format("core-%s", each.value.domain-label)
  rule_type            = "FORWARD"
  resolver_endpoint_id = aws_route53_resolver_endpoint.outbound-endpoint.id
  target_ip {
    ip = each.value.forwarder1
  }
  target_ip {
    ip = each.value.forwarder2
  }

  tags     = merge(var.tags, map("Name", format("core-%s-%s-%s", var.team_name, var.environment, each.value.domain-label)))
}

我的 var 看起来像这样:

My var looks like this:

variable "resolver-rules" {
  description = "A map of parameters needed for each resolver rule"
  type = map(object({
    domain-name   = string
    domain-label  = string
    forwarder1    = string
    forwarder2    = string
  }))
}

resolver-rules = {
    "resolver-rule1" = {
        domain-name     = "10.in-addr.arpa."
        domain-label    = "10-in-addr-arpa"
        forwarder1      = "10.10.1.100"
        forwarder2      = "10.10.2.100"
    }
    "resolver-rule2" = {
        domain-name     = "mycompany.com."
        domain-label    = "mycompany-com"
        forwarder1      = "10.10.1.100"
        forwarder2      = "10.10.2.100"
    }
}

现在我需要将这些规则与资源共享相关联(不在此处发布):

Now I need to associate those rules with resource share (not posting here):

resource "aws_ram_resource_association" "rule-association" {
  for_each           = var.resolver-rules
  resource_arn       = aws_route53_resolver_rule.resolver-rule.arn
  resource_share_arn = aws_ram_resource_share.rte53-resolver-share.arn
}

问题:如何修改(枚举)我的资源关联部分，以便为我定义的每个规则创建每个关联(它必须是 1 对 1 关联).我就是无法理解它:)

Question: how do I modify (enumerate) my resource association part, so that each association would be created for each rule I define (it has to be 1 to 1 association). I just can't wrap my head around it :)

推荐答案

您的 aws_route53_resolver_rule.resolver-rule 将是 resolver-rule1 的 带有键的映射 和 resolver-rule2.

因此，要在 rule-association 中访问其 arn，您可以执行以下操作:

Therefore to access its arn in your rule-association you could do the following:

resource "aws_ram_resource_association" "rule-association" {
  for_each           = var.resolver-rules
  resource_arn       = aws_route53_resolver_rule.resolver-rule[each.key].arn
  resource_share_arn = aws_ram_resource_share.rte53-resolver-share.arn
}

在您的问题中，aws_ram_resource_share.rte53-resolver-share.arn 未显示，因此我不知道您是否还需要对其进行一些更改.

In your question, aws_ram_resource_share.rte53-resolver-share.arn is not shown, thus I don't know if you also require some changes to it or not.

这篇关于Terraform for_each 用例的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！