Terraform azurerm_firewall_policy_rule_collection_group不创建nat_rule集合
Terraform azurerm_firewall_policy_rule_collection_group不创建nat_rule集合
提问于 2022-03-04 05:57:20
我在这个资源的底部定义了nat_rule_collection。除了nat_rule_collection之外,一切都是创建的。这里有可能导致这一切的错误吗?我修改了真实的目的地地址,但真正的地址与公共负载均衡器IP匹配。
我知道这个组织表明了出口,但我只是在尝试,我相信这只是一个标签。
resource "azurerm_firewall_policy_rule_collection_group" "policy" {
name = "AksEgressPolicyRuleCollectionGroup"
firewall_policy_id = azurerm_firewall_policy.policy.id
priority = 500
application_rule_collection {
name = "ApplicationRules"
priority = 500
action = "Allow"
rule {
name = "AllowMicrosoftFqdns"
source_addresses = ["*"]
destination_fqdns = [
"*.cdn.mscr.io",
"mcr.microsoft.com",
"*.data.mcr.microsoft.com",
"management.azure.com",
"login.microsoftonline.com",
"acs-mirror.azureedge.net",
"dc.services.visualstudio.com",
"*.opinsights.azure.com",
"*.oms.opinsights.azure.com",
"*.microsoftonline.com",
"*.monitoring.azure.com",
]
protocols {
port = "80"
type = "Http"
}
protocols {
port = "443"
type = "Https"
}
}
rule {
name = "AllowFqdnsForOsUpdates"
source_addresses = ["*"]
destination_fqdns = [
"download.opensuse.org",
"security.ubuntu.com",
"ntp.ubuntu.com",
"packages.microsoft.com",
"snapcraft.io"
]
protocols {
port = "80"
type = "Http"
}
protocols {
port = "443"
type = "Https"
}
}
rule {
name = "AllowImagesFqdns"
source_addresses = ["*"]
destination_fqdns = [
"auth.docker.io",
"registry-1.docker.io",
"production.cloudflare.docker.com"
]
protocols {
port = "80"
type = "Http"
}
protocols {
port = "443"
type = "Https"
}
}
rule {
name = "AllowBing"
source_addresses = ["*"]
destination_fqdns = [
"*.bing.com"
]
protocols {
port = "80"
type = "Http"
}
protocols {
port = "443"
type = "Https"
}
}
rule {
name = "AllowGoogle"
source_addresses = ["*"]
destination_fqdns = [
"*.google.com"
]
protocols {
port = "80"
type = "Http"
}
protocols {
port = "443"
type = "Https"
}
}
rule {
name = "AllowPublicPOrt80"
source_addresses = ["*"]
# destination_fqdns = [
# "*.google.com"
# ]
protocols {
port = "80"
type = "Http"
}
protocols {
port = "443"
type = "Https"
}
}
}
network_rule_collection {
name = "NetworkRules"
priority = 400
action = "Allow"
rule {
name = "Time"
source_addresses = ["*"]
destination_ports = ["123"]
destination_addresses = ["*"]
protocols = ["UDP"]
}
rule {
name = "DNS"
source_addresses = ["*"]
destination_ports = ["53"]
destination_addresses = ["*"]
protocols = ["UDP"]
}
rule {
name = "ServiceTags"
source_addresses = ["*"]
destination_ports = ["*"]
destination_addresses = [
"AzureContainerRegistry",
"MicrosoftContainerRegistry",
"AzureActiveDirectory"
]
protocols = ["Any"]
}
rule {
name = "Internet"
source_addresses = ["*"]
destination_ports = ["*"]
destination_addresses = ["*"]
protocols = ["TCP"]
}
}
nat_rule_collection {
name = "nat_rule_collection1"
priority = 100
action = "Dnat"
rule {
name = "fw-public-web-port-80"
protocols = ["TCP"]
source_addresses = ["*"]
destination_address = "123.123.123.123"
destination_ports = ["80"]
translated_address = "10.9.0.1"
translated_port = "80"
}
}
lifecycle {
ignore_changes = [
application_rule_collection,
network_rule_collection,
nat_rule_collection
]
}
}回答 1
Stack Overflow用户
回答已采纳
发布于 2022-03-08 11:48:14
ignore_changes (列表属性名称)-默认情况下,Terraform检测真实基础结构对象的当前设置中的任何差异,并计划更新远程对象以匹配配置。
data ignore_changes特性用于在创建资源时使用对的引用,该引用可能在未来的、中发生更改,但在创建资源后不应影响所述资源。因此,在创建其他两条规则之后应用natrule代码。Ingnore_changes元参数指定Terraform在规划相关远程对象的更新时应该忽略的资源属性,因此这可能会阻止您创建natrule。
lifecycle {
ignore_changes = [ ]
}有关更多信息,请参阅此
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/71347169
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号