Rav*_*ran 8 syntax interpolation amazon-web-services terraform
我正在配置单个Windows服务器,以便在AWS中使用terraform进行测试.每次我需要用我的PEM文件解密我的Windows密码才能连接.相反,我选择了terraform参数get_password_data并将其存储password_data在tfstate文件中.现在我如何使用插值语法解密相同的内容rsadecrypt
请找到我的以下terraform代码
### Resource for EC2 instance creation ###
resource "aws_instance" "ec2" {
ami = "${var.ami}"
instance_type = "${var.instance_type}"
key_name = "${var.key_name}"
subnet_id = "${var.subnet_id}"
security_groups = ["${var.security_groups}"]
availability_zone = "${var.availability_zone}"
private_ip = "x.x.x.x"
get_password_data = "true"
connection {
password = "${rsadecrypt(self.password_data)}"
}
root_block_device {
volume_type = "${var.volume_type}"
volume_size = "${var.volume_size}"
delete_on_termination = "true"
}
tags {
"Cost Center" = "R1"
"Name" = "AD-test"
"Purpose" = "Task"
"Server Name" = "Active Directory"
"SME Name" = "Ravi"
}
}
output "instance_id" {
value = "${aws_instance.ec2.id}"
}
### Resource for EBS volume creation ###
resource "aws_ebs_volume" "additional_vol" {
availability_zone = "${var.availability_zone}"
size = "${var.size}"
type = "${var.type}"
}
### Output of Volume ID ###
output "vol_id" {
value = "${aws_ebs_volume.additional_vol.id}"
}
### Resource for Volume attachment ###
resource "aws_volume_attachment" "attach_vol" {
device_name = "${var.device_name}"
volume_id = "${aws_ebs_volume.additional_vol.id}"
instance_id = "${aws_instance.ec2.id}"
skip_destroy = "true"
}
使用启动实例时指定的key_pair对密码进行加密,您仍然需要使用它来解密,因为password_data仍然只有base64编码的加密密码数据。
你应该用 ${rsadecrypt(self.password_data,file("/path/to/private_key.pem"))}
这是有充分理由的。您真的不希望只是base64编码的密码在状态中浮动。
简短版本:您缺少插值函数中的第二个参数。