Def*_*ozo 7 amazon-web-services terraform devops-services hcl terraform-provider-aws
Terraform找不到在引用所在的文件中声明的资源。
看来这行正在引起麻烦:role_arn = "${aws_iam_role.newsapi_lambda_codepipeline.arn}"。它找不到newsapi_lambda_codepipeline哪个声明为resource "aws_iam_role" "newsapi_lambda_codepipeline" { ... }。
这是我的main.tf:
resource "aws_s3_bucket" "newsapi_lambda_builds" {
bucket = "newsapi-lambda-builds"
acl = "private"
}
resource "aws_iam_role" "newsapi_lambda_codebuild" {
name = "newsapi-lambda-codebuild"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"s3:GetObject",
"s3:GetObjectVersion",
"s3:GetBucketVersioning"
],
"Resource": "arn:aws:s3:::newsapi_lambda_builds",
"Effect": "Allow"
},
{
"Action": [
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::newsapi_lambda_builds"
],
"Effect": "Allow"
},
{
"Action": [
"lambda:invokefunction",
"lambda:listfunctions"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Effect": "Allow",
"Resource": [
"*"
],
"Action": [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
]
}
]
}
EOF
}
resource "aws_iam_role" "newsapi_lambda_codepipeline" {
name = "newsapi-lambda-codepipeline"
assume_role_policy = <<EOF
{
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "codepipeline.amazonaws.com"
},
"Action": "sts:AssumeRole"
},
{
"Action": [
"s3:GetObject",
"s3:GetObjectVersion",
"s3:GetBucketVersioning"
],
"Resource": "${aws_s3_bucket.newsapi_lambda_builds.arn}",
"Resource": "${aws_s3_bucket.newsapi_lambda_builds.arn}/*"
"Effect": "Allow"
},
{
"Action": [
"s3:PutObject"
],
"Resource": [
"arn:aws:s3:::newsapi_lambda_builds"
],
"Effect": "Allow"
},
{
"Effect": "Allow",
"Action": [
"codebuild:BatchGetBuilds",
"codebuild:StartBuild"
],
"Resource": "*"
}
],
"Version": "2012-10-17"
}
EOF
}
resource "aws_codepipeline" "newsapi_lambda" {
name = "newsapi-lambda"
role_arn = "${aws_iam_role.newsapi_lambda_codepipeline.arn}"
artifact_store {
location = "${aws_s3_bucket.newsapi_lambda_builds.bucket}"
type = "S3"
}
stage {
name = "Source"
action {
name = "Source"
category = "Source"
owner = "ThirdParty"
provider = "GitHub"
version = "1"
output_artifacts = ["newsapi_lambda"]
configuration {
Owner = "Defozo"
Repo = "traceitfor.me_newsapi_lambda"
Branch = "master"
}
}
}
stage {
name = "Build"
action {
name = "Build"
category = "Build"
owner = "AWS"
provider = "CodeBuild"
input_artifacts = ["newsapi_lambda"]
version = "1"
role_arn = "${aws_iam_role.newsapi_lambda_codebuild.arn}"
configuration {
ProjectName = "newsapi-lambda"
}
}
}
}
执行后,terraform apply我得到:
Error: Error running plan: 1 error(s) occurred:
* aws_codepipeline.newsapi_lambda: 1 error(s) occurred:
* aws_codepipeline.newsapi_lambda: Resource 'aws_iam_role.newsapi_lambda_codepipeline' not found for variable 'aws_iam_role.newsapi_lambda_codepipeline.arn'
我不明白为什么会这样。我已经aws_iam_role.newsapi_lambda_codepipeline声明了,不是吗?
我相信您的角色声明可能会略有错误。terraform无法为此生成一个arn,因此未找到。
看来您也需要创建resource "aws_iam_role_policy"。参见https://www.terraform.io/docs/providers/aws/r/codepipeline.html
尚不清楚为什么需要拆分。
如果不是这种情况,请告诉我,我将尝试自行运行代码进行测试。
对于那些在aws_ecs_task_definition找不到变量的情况下遇到问题的人aws_ecs_task_definition.XXX.arn,很有可能您的JSON格式错误。这是我为纠正我的问题所做的
task_definition = "[]"terraform plan此时,您应该会得到一个错误。例如,我得到了
module.tf.aws_ecs_task_definition.sandbox:ECS任务定义container_definitions无效:解码JSON时出错:json:无法将字符串解组到Go结构字段ContainerDefinition.MemoryReservation int64类型
在这种情况下,我用引号引起memSize来template_file,但它没有隐式转换为int64,因此出现错误。
我换"memoryReservation": "${mem_size}"到"memoryReservation": ${mem_size},去掉了task_definition占位符,一切顺利。
| 归档时间: |
|
| 查看次数: |
5240 次 |
| 最近记录: |