问题描述

流程就像

1. vpc-> vpc_endpoint(com.amazonaws.us-east-1.transfer.server)->[subnet_1，subnet_2]

2. net->nlb->目标组->[subnet_ip_1，subnet_ip_2]

我正在创建一个NLB，目标组指向为用于sftp的AWS传输"而创建的VPC端点. com.amazonaws.us-east-1.transfer.server ，但是terraform不会返回与VPC端点集成的子网的ips

I am creating a NLB with target groups pointing to VPC endpoint created for 'AWS transfers for sftp' com.amazonaws.us-east-1.transfer.server but terraform doesn't return the ips of the subnets that are integrated with VPC endpoint

因此，当前，我正在从vpc端点下的子网"选项卡中手动复制ips.但是，我想使用terraform

So, currently i'm manually copying the ips from subnets tab under vpc endpoint.But, I want to automate this complete process using terraform

任何帮助将不胜感激

resource "aws_eip" "nlb" {
  count = length(var.public_subnet_ids)
  vpc   = true
}

resource "aws_lb" "network" {
  name               = "${var.service_name}-${var.env}-nlb"
  load_balancer_type = "network"

  dynamic subnet_mapping {
    for_each = [for i in range(length(module.vpc.public_subnet_ids)) : {
      subnet_id     = var.public_subnet_ids[i]
      allocation_id = aws_eip.nlb[i].id
    }]
    content {
      subnet_id     = subnet_mapping.value.subnet_id
      allocation_id = subnet_mapping.value.allocation_id
    }
  }
}

resource "aws_lb_target_group" "target-group" {
  name        = "${var.service_name}-${var.env}-nlb-target-group"
  port        = 22
  protocol    = "TCP"
  target_type = "ip"
  vpc_id      = var.vpc_id
}

// TODO need to add vpc endpoint subnet ip addresses manually to nlb target group as terraform doesn't export the subnet ip addresses
//resource "aws_lb_target_group_attachment" "vpc-endpoint" {
//  count = length(var.public_subnet_ids)
//  target_group_arn = aws_lb_target_group.target-group.arn
//  target_id        = this needs ip of subnets intgerated with vpc endpoint
//  port             = 22
//}

resource "aws_vpc_endpoint" "transfer" {
  vpc_id              = var.vpc_id
  service_name        = "com.amazonaws.${var.aws_region}.transfer.server"
  vpc_endpoint_type   = "Interface"
  subnet_ids          = var.public_subnet_ids
  private_dns_enabled = true
}

resource "aws_transfer_server" "sftp" {
  identity_provider_type = "API_GATEWAY"
  endpoint_type = "VPC_ENDPOINT"
  endpoint_details {
    vpc_endpoint_id = aws_vpc_endpoint.transfer.id
  }
  url = aws_api_gateway_deployment.deploy.invoke_url
  invocation_role = aws_iam_role.transfer-identity-provider-role.arn
  logging_role = aws_iam_role.transfer-logging-role.arn

  depends_on = [aws_vpc_endpoint.transfer]
}

推荐答案

尝试如下操作:

## Data Section
data "aws_network_interface" "eni_0" {
  id = "${aws_vpc_endpoint.transfer.network_interface.ids {0}"
}

  data "aws_network_interface" "eni_1" {
  id = "${aws_vpc_endpoint.transfer.network_interface.ids {1}"
}


## Resource Section
resource "aws_alb_target_group_attachment" "tg_att_0" {
  target_group_arn = "$aws_lb_target_group.group.arn}"
  target_id = "${data.aws_network_interface.eni_0.private_ips[0]}"
  port = 22
}

resource "aws_alb_target_group_attachment" "tg_att_1" {
  target_group_arn = "$aws_lb_target_group.group.arn}"
  target_id = "${data.aws_network_interface.eni_1.private_ips[0]}"
  port = 22
}

这确实有效，但是还没有时间优化代码...它将使您可以将NLB附加到VPC端点内部地址.

This does work but didn't have time to optimize the code yet...It will allow you to attach the NLB to the VPC endpoint internal address.

祝你好运.

这篇关于terraform从vpc端点子网选项卡获取子网集成ips的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持！