如何检索多个VPC端点？

发布于 2025-02-03 06:14:06 字数 1140 浏览 4 评论 0原文

错误：找不到匹配的VPC端点（参考数据代码块的错误）

我正在尝试从数据“ AWS_VPC_ENDPOINT”资源中检索多个端点。我创建了当地人来检索共享前几个字符的多个端点的服务名称。之后，端点具有独特的字符来单独识别它们。

我希望数据资源通过数据循环并检索共享这些字符的每个端点。然后获取“ AWS_ROUTE”的每个端点ID。 FYI: The endpoints are being created from resource "aws_networkfirewall_firewall" The main thing to look at in this code snippet is locals, data, and the last line for resource "aws_route" How can I express in locals that the service_name does not end there and字符串的其余部分是端点所独有的，而无需硬编码每个Service_name？

locals {
  endpoints = {
    service_name = "com.amazonaws.vpce.us-east-1.vpce-svc-"
  }
}

data "aws_vpc_endpoint" "firewall-endpoints" {
  for_each = local.endpoints
  vpc_id   = aws_vpc.vpc.id

  service_name = each.value

  #filter {
  #  name = "tag:AWSNetworkFirewallManaged"
  #  values = [true]
  #}
}

resource "aws_route" "tgw_route" {
  count                  = var.number_azs
  route_table_id         = aws_route_table.tgw_rt[count.index].id
  destination_cidr_block = var.tgw_aws_route[0]
  vpc_endpoint_id        = data.aws_vpc_endpoint.firewall-endpoints["service_name"].id
}

原文

ERROR: no matching VPC Endpoint found
(error referring to data code block)

I am trying to retrieve multiple endpoints from data "aws_vpc_endpoint" resource. I created locals to retrieve service name for multiple endpoints that share the first few characters. Afterwards, the endpoints have unique characters to identify them individually.

I am wanting the data resource to loop through the data and retrieve each endpoint that shares those few characters. Then grab each endpoint id for "aws_route". FYI: The endpoints are being created from resource "aws_networkfirewall_firewall" The main thing to look at in this code snippet is locals, data, and the last line for resource "aws_route" How can I express in locals that the service_name does not end there and the rest of the string is unique to the endpoint without hard coding each service_name?

locals {
  endpoints = {
    service_name = "com.amazonaws.vpce.us-east-1.vpce-svc-"
  }
}

data "aws_vpc_endpoint" "firewall-endpoints" {
  for_each = local.endpoints
  vpc_id   = aws_vpc.vpc.id

  service_name = each.value

  #filter {
  #  name = "tag:AWSNetworkFirewallManaged"
  #  values = [true]
  #}
}

resource "aws_route" "tgw_route" {
  count                  = var.number_azs
  route_table_id         = aws_route_table.tgw_rt[count.index].id
  destination_cidr_block = var.tgw_aws_route[0]
  vpc_endpoint_id        = data.aws_vpc_endpoint.firewall-endpoints["service_name"].id
}

分享到QQ

分享到微博

如果你对这篇内容有疑问，欢迎到本站社区发帖提问参与讨论，获取更多帮助，或者扫码二维码加入 Web 技术交流群。

发布评论

需要登录才能够评论，你可以免费注册一个本站的账号。

爱的十字路口 2025-02-10 06:14:06

我无法测试这一点，但是我认为您想做的是这样的事情：

resource "aws_route" "tgw_route" {
  for_each = aws_networkfirewall_firewall.firewall_status.sync_states

  route_table_id         = aws_route_table.tgw_rt[???].id
  destination_cidr_block = var.tgw_aws_route[0]
  vpc_endpoint_id        = each.value.attachment.endpoint_id
}

我不清楚firewall_status输出的结构，因此可能需要稍微更改。主要问题是如何获得每个子网的适当路由表ID。您可以以索引以某种方式访问tgw_rt模块的输出吗？不幸的是，我没有建立AWS防火墙（与Terraform）建立AWS防火墙的经验，所以我不知道如何解决这一难题。

I can't test this, but I think what you want to do is something like this:

resource "aws_route" "tgw_route" {
  for_each = aws_networkfirewall_firewall.firewall_status.sync_states

  route_table_id         = aws_route_table.tgw_rt[???].id
  destination_cidr_block = var.tgw_aws_route[0]
  vpc_endpoint_id        = each.value.attachment.endpoint_id
}

I'm not clear on the structure of the firewall_status output, so that may need to change slightly. The main question is how to get the appropriate route table ID per subnet. Can you access the outputs of the tgw_rt module in some way other than by index? Unfortunately, I have no experience with setting up an AWS firewall, just with Terraform, so I don't know how to solve this part of the puzzle.

回复收藏 0 原文

~没有更多了~