amazon-web-services - terraform db 实例和 ec2 安全组位于不同的 vpc 中

Question

我正在尝试在具有 RDS 的自定义安全组的同一 vpc 中创建具有公共(public)和私有(private)子网的 vpc 以及 Aurora mysql 集群和实例。

我在一个模块中创建了 vpc(公共(public)/私有(private)子网，自定义安全组)。在不同的模块中也有 aurora-mysql。

我在模块文件中的 vpc 配置

resource "aws_vpc" "main" {
    cidr_block       = "${var.vpc_cidr}"
    instance_tenancy = "${var.tenancy}"
    enable_dns_support = "true"
    enable_dns_hostnames = "true"
   tags {
      Name = "${var.tag_name}"
   }
}

resource "aws_subnet" "main-public-1" {
   vpc_id     = "${var.vpc_id}"
   cidr_block = "${var.subnet_cidr_1}"
   availability_zone = "${var.region}a"
   map_public_ip_on_launch = true
   tags {
       Name = "${var.tag_name}-subnet1"
    }
}

resource "aws_subnet" "main-private-1" {
    count      = "${var.create_private_subnet}"
    vpc_id     = "${var.vpc_id}"
    cidr_block = "${var.private_subnet_cidr_1}"
    map_public_ip_on_launch = false
    availability_zone = "${var.region}a"

   tags {
        Name = "${var.tag_name}-private-subnet1"
    }
}
resource "aws_subnet" "main-private-2" {
    count      = "${var.create_private_subnet}"
    vpc_id     = "${var.vpc_id}"
    cidr_block = "${var.private_subnet_cidr_2}"
    map_public_ip_on_launch = false
    availability_zone = "${var.region}b"

    tags {
        Name = "${var.tag_name}-private-subnet2"
    }
}

resource "aws_security_group" "aurora-sg" {
  name   = "aurora-security-group"
  vpc_id = "${var.vpc_id}"
  ingress {
    protocol    = "tcp"
    from_port   = 0
    to_port     = 65535
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    protocol    = -1
    from_port   = 0 
    to_port     = 0 
    cidr_blocks = ["0.0.0.0/0"]
  }
}

我在模块文件中的 RDS 配置

resource "aws_rds_cluster" "cluster" {
  cluster_identifier     = "${var.cluster_name}"
  engine                 = "aurora-mysql"
  database_name          = "sample_rds"
  master_username        = "${var.username}"
  master_password        = "${var.password}"
  vpc_security_group_ids = ["${aws_security_group.aurora-sg.id}"]
  skip_final_snapshot    = true
}

resource "aws_rds_cluster_instance" "cluster_instances" {
  identifier         = "${var.cluster_name}-instance"
  cluster_identifier = "${aws_rds_cluster.cluster.id}"
  instance_class     = "${var.instance_class}"
  publicly_accessible = "${var.publicly_accessible}"
  db_subnet_group_name    = 
        "${aws_db_subnet_group.aurora_subnet_group.id}"
}

resource "aws_db_subnet_group" "aurora_subnet_group" {
  name       = "tf-rds-${var.cluster_name}"
  subnet_ids = ["${var.subnets}"]

  tags {
    Name = "tf-rds-${var.cluster_name}"
  }
}

我的主要地形脚本。我已将变量传递给 RDS 模块，例如 vpc_id、db 用户名和密码、私有(private)子网 id 和安全组 id

module "aurora_mysql" {
  source      = "../modules/rds-aurora"

  vpc_id              = "${module.my_vpc.vpc_id}"
  publicly_accessible = true
  instance_class      = "db.t2.medium"
  username            = "${var.db_username}"
  password            = "${var.db_password}"
  subnets             = 
 ["${module.my_vpc.subnet_id_1[1]}","${module.my_vpc.subnet_id_1[2]}"]
  security_group_ids = "${module.my_vpc.vpc_rds_sg_id}"
}

当我尝试 apply使用子网和安全组成功创建配置 vpc 但收到错误Error creating DB Instance: InvalidParameterCombination: DB instance and EC2 security group are in different VPC
即使我正在传递新的 vpc 私有(private)子网 ID 和自定义安全组 ID，我的 RDS 实例也会在默认 VPC 中创建。

Answer 1

也许有点老，但我有同样的问题。对于有这个问题的其他人来说可能很有趣。
关键是“aws_rds_cluster”或“aws_rds_cluster_instance”中的“db_subnet_group_name”。
从文档:

db_subnet_group_name - (Optional) Name of DB subnet group. DB instance will be created in the VPC associated with the DB subnet group. If unspecified, will be created in the default VPC...

我看到您使用“id”而不是“name”

db_subnet_group_name    = "${aws_db_subnet_group.aurora_subnet_group.id}"

有名字:

db_subnet_group_name    = "${aws_db_subnet_group.aurora_subnet_group.name}"

也许这就是问题所在。