问题描述
我正在 terraform 11 中添加额外的安全组,使用 AWS Provider 2.70.0 到 EFS 挂载目标。
代码块是:
resource "aws_efs_mount_target" "default" {
count = "${length(split(",",var.backend_subnets)) > 0 ? length(split(",var.backend_subnets)) : 0}"
file_system_id = "${aws_efs_file_system.default.id}"
ip_address = "${var.mount_target_ip_address}"
subnet_id = "${element(split(",var.backend_subnets),count.index)}"
security_groups = ["${var.additional_security_groups == "" ? aws_security_group.efs_default_sg.id : format("%s,%s",var.additional_security_groups,aws_security_group.efs_default_sg.id)}"]
}
变量定义为:
variable "additional_security_groups" {
description = "Comma separated string of security group ID's"
default = ""
}
但是出现以下错误:
* module.efs.aws_efs_mount_target.default[1]: 1 error(s) occurred:
* aws_efs_mount_target.default.1: ValidationException:
status code: 400,request id: 5ee48121-27c3-432b-98e9-e2ffdc6e0fdd
plugin.terraform-provider-aws_v2.70.0_x4: 2021/03/26 17:49:50 [ERR] plugin: plugin server: accept unix /tmp/plugin935042092: use of closed network connection
在没有附加安全组的情况下运行没有问题。
任何想法或提示将不胜感激!
解决方法
所以问题不在于插件,而在于安全组的比较语句。
工作比较:
security_groups = ["${split(",",length(var.additional_security_groups) > 0 ? join(",concat(list(aws_security_group.efs_default_sg.id),var.additional_security_groups)) : join(",list(aws_security_group.efs_default_sg.id)))}"]
为了支持这一点,必须将变量类型更改为列表:
variable "additional_security_groups" {
description = "Comma separated list of security group ID's"
default = ["sg-123","sg-789"]
}