ふと同じ名前のSecuriyGroupが作成できるのか気になったので検証してみた。
やること
・同じVPCに同じ名前のSecurityGroupが作成できるか
・VPC2つと違うVPCに関連付けされた2つのSecurityGroupを作成できるか
実践!
1.同じVPCに同じ名前のSecurityGroupを作成
1-1.tfファイル作成
provider "aws" { region = "ap-northeast-1" profile = "testvault" } variable "env" { default = { env_name = "test" vpc_cidr = "10.0.0.0/16" } } resource "aws_vpc" "vpc" { cidr_block = "${var.env.vpc_cidr}" tags = { Name = "${var.env.env_name}vpc" } } resource "aws_security_group" "securitygroup-1" { vpc_id = aws_vpc.vpc.id name = "securitygroup-1" } resource "aws_security_group" "securitygroup-2" { vpc_id = aws_vpc.vpc.id name = "securitygroup-1" }
1-2.適用
# terraform plan Plan: 3 to add, 0 to change, 0 to destroy. ※できそう! # terraform apply │ Error: creating Security Group (securitygroup-1): InvalidGroup.Duplicate: The security group 'securitygroup-1' already exists for VPC 'vpc-02d15afc3ffb172af' │ status code: 400, request id: 5155866c-7679-4dfe-86eb-1d9165d07c5a │ │ with aws_security_group.securitygroup-2, │ on main.tf line 23, in resource "aws_security_group" "securitygroup-2": │ 23: resource "aws_security_group" "securitygroup-2" { │ ※できなかった
1-3.確認
>aws ec2 describe-security-groups --profile testvault | jq ".SecurityGroups[] | .GroupName,.VpcId" "securitygroup-1" "vpc-02d15afc3ffb172af" ※やっぱし1個しかない
2.VPC2つと違うVPCに関連付けされた2つのSecurityGroupを作成
2-1.tfファイル作成
provider "aws" { region = "ap-northeast-1" profile = "testvault" } variable "env" { default = { env_name = "test" vpc_cidr = "10.0.0.0/16" vpc_cidr2 = "10.1.0.0/16" } } resource "aws_vpc" "vpc" { cidr_block = "${var.env.vpc_cidr}" tags = { Name = "${var.env.env_name}vpc" } } resource "aws_vpc" "vpc2" { cidr_block = "${var.env.vpc_cidr2}" tags = { Name = "${var.env.env_name}vpc2" } } resource "aws_security_group" "securitygroup-1" { vpc_id = aws_vpc.vpc.id name = "securitygroup-1" } resource "aws_security_group" "securitygroup-2" { vpc_id = aws_vpc.vpc2.id name = "securitygroup-1" }
2-2.適用
# terraform plan Plan: 4 to add, 0 to change, 0 to destroy. ※できそう! # terraform apply Apply complete! Resources: 4 added, 0 changed, 0 destroyed. ※できた!
2-3.確認
>aws ec2 describe-security-groups --profile testvault | jq ".SecurityGroups[] | .GroupName,.VpcId" "securitygroup-1" "vpc-04d48a6494bc4f5a4" "securitygroup-1" "vpc-058fe4b1f406f42db" ※できてる!
感想
VPCが違えば作れる!まぁ混乱するからやめたほういいとは思うけど。。。( ゚Д゚)
