我使用 Terraform 在 Azure 上创建了 2 个资源:
1- 灵活的 MySql 数据库
resource "azurerm_mysql_flexible_server" "mysql" {
name = var.db-name
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
administrator_login = var.db-root-username
administrator_password = var.db-root-password
sku_name = var.db-sku
version = "8.0.21"
storage {
size_gb = var.db-storage
}
}
2-后端 .Net Core Web 应用程序服务器
# Define BE Server Plan
resource "azurerm_service_plan" "apiplan" {
name = var.be-plan-name
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
os_type = var.be-plan-os-type
sku_name = var.be-plan-sku
}
# Create BE Server
resource "azurerm_linux_web_app" "be" {
name = var.be-server-name
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_service_plan.apiplan.location
service_plan_id = azurerm_service_plan.apiplan.id
connection_string {
name = "Default"
type = "MySql"
value = "Data Source=${azurerm_mysql_flexible_server.mysql.fqdn};Port=3306;Database=${var.db-schema-name};User Id=${var.db-root-username};Password=${var.db-root-password};Connect Timeout=300;"
}
site_config {
application_stack {
dotnet_version = "8.0"
}
}
}
现在,我需要创建一个“azurerm_mysql_flexible_server_firewall_rule”,以便仅允许从后端服务器访问数据库。
如何?
使用 terraform 为灵活的 MySql 数据库创建防火墙规则。
由于您只需要允许从后端 .NET Core Web 应用服务器进行访问,因此您可以在 Terraform 配置中使用
azurerm_mysql_flexible_server_firewall_rule
资源。
我尝试了一个演示配置,它按照要求工作
配置:
resource "azurerm_mysql_flexible_server" "mysql" {
name = "vk-flexible-db"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
administrator_login = "myadmin"
administrator_password = "INtel@199049"
sku_name = "GP_Standard_D2ds_v4"
version = "8.0.21"
storage {
size_gb = 20
}
}
resource "azurerm_service_plan" "apiplan" {
name = "vk-e-plan"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
os_type = "Linux"
sku_name = "B1"
}
resource "azurerm_linux_web_app" "be" {
name = "vk-e-server"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_service_plan.apiplan.location
service_plan_id = azurerm_service_plan.apiplan.id
connection_string {
name = "Default"
type = "MySql"
value = "Data Source=${azurerm_mysql_flexible_server.mysql.fqdn};Port=3306;Database=mydb;User Id=myadmin;Password=YourStrongPassword!;Connect Timeout=300;"
}
site_config {
application_stack {
dotnet_version = "8.0"
}
}
}
locals {
outbound_ips = length(azurerm_linux_web_app.be.outbound_ip_addresses) > 0 ? split(",", azurerm_linux_web_app.be.outbound_ip_addresses) : ["0.0.0.0"]
}
output "outbound_ip_addresses" {
value = azurerm_linux_web_app.be.outbound_ip_addresses
}
resource "azurerm_mysql_flexible_server_firewall_rule" "allow_be_server" {
name = "allow-be-server"
resource_group_name = azurerm_resource_group.rg.name
server_name = azurerm_mysql_flexible_server.mysql.name
start_ip_address = local.outbound_ips[0]
end_ip_address = local.outbound_ips[0]
depends_on = [azurerm_linux_web_app.be]
}
部署:
参考:
azurerm_mysql_flexible_server |资源 | Hashicorp/azurerm |地形 | Terraform 注册表
azurerm_mysql_flexible_server_firewall_rule |资源 | Hashicorp/azurerm |地形 | Terraform 注册表
https://developer.hashicorp.com/terraform/language/values/locals