Azure Terraform 为灵活的 MySql 数据库创建防火墙规则

问题描述 投票:0回答:1

我使用 Terraform 在 Azure 上创建了 2 个资源:

1- 灵活的 MySql 数据库

resource "azurerm_mysql_flexible_server" "mysql" {
  name                   = var.db-name
  resource_group_name    = azurerm_resource_group.rg.name
  location               = azurerm_resource_group.rg.location
  administrator_login    = var.db-root-username
  administrator_password = var.db-root-password
  sku_name               = var.db-sku
  version                = "8.0.21"
  
  storage {
    size_gb = var.db-storage
  }
}

2-后端 .Net Core Web 应用程序服务器

# Define BE Server Plan
resource "azurerm_service_plan" "apiplan" {
  name                = var.be-plan-name
  resource_group_name = azurerm_resource_group.rg.name
  location            = azurerm_resource_group.rg.location
  os_type             = var.be-plan-os-type
  sku_name            = var.be-plan-sku
}

# Create BE Server
resource "azurerm_linux_web_app" "be" {
  name                = var.be-server-name
  resource_group_name = azurerm_resource_group.rg.name
  location            = azurerm_service_plan.apiplan.location
  service_plan_id     = azurerm_service_plan.apiplan.id
  
  connection_string {
    name  = "Default"
    type  = "MySql"
    value = "Data Source=${azurerm_mysql_flexible_server.mysql.fqdn};Port=3306;Database=${var.db-schema-name};User Id=${var.db-root-username};Password=${var.db-root-password};Connect Timeout=300;"
  }

  site_config {   
    application_stack {
     dotnet_version  = "8.0"
    } 
  }
}

现在,我需要创建一个“azurerm_mysql_flexible_server_firewall_rule”,以便仅允许从后端服务器访问数据库。

如何?

terraform terraform-provider-azure
1个回答
0
投票

使用 terraform 为灵活的 MySql 数据库创建防火墙规则。

由于您只需要允许从后端 .NET Core Web 应用服务器进行访问,因此您可以在 Terraform 配置中使用 

azurerm_mysql_flexible_server_firewall_rule
资源。

我尝试了一个演示配置,它按照要求工作

配置:

resource "azurerm_mysql_flexible_server" "mysql" {
  name                   = "vk-flexible-db"
  resource_group_name    = azurerm_resource_group.rg.name
  location               = azurerm_resource_group.rg.location
  administrator_login    = "myadmin"
  administrator_password = "INtel@199049"
  sku_name               = "GP_Standard_D2ds_v4"
  version                = "8.0.21"

  storage {
    size_gb = 20
  }
}


resource "azurerm_service_plan" "apiplan" {
  name                = "vk-e-plan"
  resource_group_name = azurerm_resource_group.rg.name
  location            = azurerm_resource_group.rg.location
  os_type             = "Linux"
  sku_name            = "B1"
}

resource "azurerm_linux_web_app" "be" {
  name                = "vk-e-server"
  resource_group_name = azurerm_resource_group.rg.name
  location            = azurerm_service_plan.apiplan.location
  service_plan_id     = azurerm_service_plan.apiplan.id

  connection_string {
    name  = "Default"
    type  = "MySql"
    value = "Data Source=${azurerm_mysql_flexible_server.mysql.fqdn};Port=3306;Database=mydb;User Id=myadmin;Password=YourStrongPassword!;Connect Timeout=300;"
  }

  site_config {
    application_stack {
      dotnet_version = "8.0"
    }
  }
}

locals {
  outbound_ips = length(azurerm_linux_web_app.be.outbound_ip_addresses) > 0 ? split(",", azurerm_linux_web_app.be.outbound_ip_addresses) : ["0.0.0.0"]
}

output "outbound_ip_addresses" {
  value = azurerm_linux_web_app.be.outbound_ip_addresses
}

resource "azurerm_mysql_flexible_server_firewall_rule" "allow_be_server" {
  name                = "allow-be-server"
  resource_group_name = azurerm_resource_group.rg.name
  server_name         = azurerm_mysql_flexible_server.mysql.name
  start_ip_address    = local.outbound_ips[0]
  end_ip_address      = local.outbound_ips[0]

  depends_on = [azurerm_linux_web_app.be]  
}

部署:

enter image description here

enter image description here

enter image description here

参考:

azurerm_mysql_flexible_server |资源 | Hashicorp/azurerm |地形 | Terraform 注册表

azurerm_mysql_flexible_server_firewall_rule |资源 | Hashicorp/azurerm |地形 | Terraform 注册表

https://developer.hashicorp.com/terraform/language/values/locals

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.