hi all,
I have a few questions on the aws_security_group_rule
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule
Objective: my objective is to add the public ip addresses of the instances that are created to the cidr_block. I need to have the source=public ip addresses (/32) as allow all rules in the security group
I am wondering if this would work because the public ip addresses are not known until after the apply is complete and the security group is created before the EC2 instances are created.
I am running ansible and jenkins as well, could this be done as a new stage in jenkins after the main apply terraform stage? At the end of the terraform apply stage I have an output of the public ip addresses of the instances called instance_ips that I can terraform output.
I am thinking in a new stage in jenkins of running this command in shell
https://docs.aws.amazon.com/cli/latest/reference/ec2/authorize-security-group-ingress.html
This is an example from the link above
aws ec2 authorize-security-group-ingress
–group-id sg-1234567890abcdef0
–protocol tcp
–port 22
–cidr 203.0.113.0/24
==========
The syntax below is incorrect, but it is what I am trying to achieve. the var.access_ip and var.cloud9_ip are working fine and I just need to add the public ip addresses to the cidr_blocks list.
I inserted what I want to achieve (even though the syntax is wrong).
aws_instance.mtc_main is shown below the aws_secuiry_group_rule
warm regards
Dave
resource "aws_security_group_rule" "ingress_all" {
type = "ingress"
from_port = 0
to_port = 65535
protocol = "-1"
# this means all protocols: icmp, tcp, udp, etc.....
#cidr_blocks = [var.access_ip, var.cloud9_ip]
cidr_blocks = [var.access_ip, var.cloud9_ip, [for i in aws_instance.mtc_main[*]: i.public_ip]]
security_group_id = aws_security_group.mtc_sg.id
}
======
resource "aws_instance" "mtc_main" {
count = var.main_instance_count
instance_type = var.main_instance_type
ami = data.aws_ami.server_ami.id
key_name = aws_key_pair.mtc_auth.id
vpc_security_group_ids = [aws_security_group.mtc_sg.id]
subnet_id = aws_subnet.mtc_public_subnet[count.index].id
root_block_device {
volume_size = var.main_vol_size
}
tags = {
Name = "mtc_main-${random_id.mtc_compute_node_id[count.index].dec}"
}