![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
"network_interface": conflicts with vpc_security_group_ids
if you define the network_interface block then you're overriding the default ENI and so
can't specify security groups at the instance level.
Outgoing Taffice
By default, AWS creates an ALLOW ALL egress rule when creating a new Security Group inside of a VPC.
When creating a new Security Group inside a VPC, Terraform will remove this default rule, and require you specifically re-create it if you desire that rule.
resource "aws_security_group" "example" {
..
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}Allow Ping
aws_key_pair
resource "aws_key_pair" "deployer" {
key_name = "deployer-key"
public_key = "ssh-rsa ..."
}public key 放在另一個 file
public_key = file("/root/.ssh/id_rsa.pub")
aws_ec2_managed_prefix_list
resource "aws_ec2_managed_prefix_list" "admin_ip-pl" {
name = "admin_ip-pl"
address_family = "IPv4"
max_entries = 10
entry {
description = "o1"
cidr = "n.n.n.n/32"
}
entry {
description = "o2"
cidr = "m.m.m.m/32"
}
}max_entries - (Required) Maximum number of entries that this prefix list can contain.
不用 tags = { Name = "admin_ip" }, 因為它 Console 只有 "name", 沒有 tags 的 Name
使用
resource "aws_security_group_rule" "admins-sg" {
...
//cidr_blocks = ["n.n.n.n/32", "m.m.m.m/32"]
prefix_list_ids = [aws_ec2_managed_prefix_list.admin_ip-pl.id]
}
terraform aws change region
provider "aws" {
alias = "us-east-1"
region = "us-east-1"
shared_credentials_files = ["~/.aws/credentials"]
}
# Selecting Alternate Provider Configurations
resource ... {
...
provider = "aws.us-east-1"
}
Default Provider: A provider block without an "alias" argument
Resources that don't set the provider meta-argument will use the default provider
alias
You can optionally define multiple configurations for the same provider
(i.e. multiple regions)
For each additional non-default configuration, use the alias meta-argument to provide an extra name segment.
