Terraform应用服务- ip_restrictions
我正在尝试在Azure应用程序中设置IP限制块
在执行Terraform计划或应用时,我收到以下错误:错误:azurerm_app_service.app-1::无效或未知键: ip_restriction
我为Apps (Web )资源使用了每个Terraform文档的ip_restriction
这里是我使用的AppService部署代码:
resource "azurerm_app_service" "app-service-1" {
name = "${var.app_service_1}"
location = "${data.azurerm_resource_group.core-rg.location}"
resource_group_name = "${data.azurerm_resource_group.core-rg.name}"
app_service_plan_id = "${data.azurerm_app_service_plan.app-service-plan-1.id}"
https_only = "True"
enabled = "True"
client_affinity_enabled = "True"
site_config {
always_on = "True"
#default_documents = ""
dotnet_framework_version = "v4.0"
#http2_enabled = ""
#ip_restriction = ""
#java_version = ""
#java_container = ""
#java_container_version = ""
managed_pipeline_mode = "Integrated"
min_tls_version = "1.2"
#php_version = ""
#python_version = ""
remote_debugging_enabled = "False"
#remote_debugging_version = ""
scm_type = "None"
use_32_bit_worker_process = "False"
websockets_enabled = "True"
#ftps_state = ""
}
app_settings {
"KeyVaultURI" = ""
"WEBSITE_NODE_DEFAULT_VERSION" = "6.9.1"
}
ip_restriction {
"ip_address" = ""
}谢谢
回答 3
Stack Overflow用户
发布于 2018-10-31 19:48:24
对于感兴趣的人,下面是在Terraform中使用ipRestrictions的方法
ip限制是Site_Config {}的一部分。
请参阅如何在下面使用:
AppService.tf:
resource "azurerm_app_service" "app-service-1" {
name = "${var.app_service_1}"
location = "${data.azurerm_resource_group.core-rg.location}"
resource_group_name = "${data.azurerm_resource_group.core-rg.name}"
app_service_plan_id = "${data.azurerm_app_service_plan.app-service-plan-1.id}"
https_only = "True"
enabled = "True"
client_affinity_enabled = "True"
site_config {
always_on = "True"
#default_documents = ""
dotnet_framework_version = "v4.0"
#http2_enabled = ""
#ip_restriction = ""
#java_version = ""
#java_container = ""
#java_container_version = ""
managed_pipeline_mode = "Integrated"
min_tls_version = "1.2"
#php_version = ""
#python_version = ""
remote_debugging_enabled = "False"
#remote_debugging_version = ""
scm_type = "None"
use_32_bit_worker_process = "False"
websockets_enabled = "True"
#ftps_state = ""
ip_restriction {
ip_address = "${var.ip_address_1}"
}
ip_restriction {
ip_address = "${var.ip_address_2}"
}
ip_restriction {
ip_address = "${var.ip_address_3}"
}
}
app_settings {
"KeyVaultURI" = ""
"WEBSITE_NODE_DEFAULT_VERSION" = "6.9.1"
}
}Stack Overflow用户
发布于 2019-11-20 09:38:36
@jamies的答案不幸是不正确的,IP_restriction不是一个列表,而是一个可重复的块。
@gvazzana是正确的格式。然而,有一个陷阱..。这将导致您所看到的错误。
在Tf中,我们习惯于输入完整的CIDR格式的IP地址,例如10.23.97.201/23或192.68.50.0/24,本节的蔚蓝门户甚至显示它们。
但对于这个特殊的街区,在地形上,你必须做他们的老派。例:
site_config {
# For a single IP address
ip_restriction {
ip_address = "81.145.174.78"
}
ip_restriction {
# For an address range
ip_address = "10.240.101.0"
subnet_mask = "255.255.255.0"
}
}如果你有一个很长的地址和范围列表的话,这当然是一种痛苦。
现在已经有了0.12.0版的terraform版本,我们应该能够利用新的dynamic块样式以及cidrhost和cidrmask函数来简化事情。
例:
dynamic "ip_restriction" {
for_each = var.ip_address_list
content {
ip_address = cidrhost(ip_restriction.value,0)
subnet_mask = cidrmask(ip_restriction.value)
}
}用Terraform v0.12.13测试
https://stackoverflow.com/questions/52974824
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号