Jos*_*epB 4 amazon-web-services terraform terraform-provider-aws
我在 Terraform v0.12 模块中动态创建以下资源:
变量.tf:
variable "stages" {
type = list(string)
default = ["v1", "v2"]
}
variable "rest_api_id" {
description = "The ID of the associated REST API"
}
variable "api_root_resource_id" {
description = "The API resource ID"
}
variable "region" {
description = "The AWS region"
}
variable "method" {
description = "The HTTP method"
default = "GET"
variable "lambda" {
description = "The lambda name to invoke"
}
variable "account_id" {
description = "The AWS account ID"
}
主文件
resource "aws_lambda_permission" "lambda_permision" {
count = length(var.stages)
statement_id = "${var.lambda}${element(var.stages, count.index)}Invoke"
action = "lambda:InvokeFunction"
function_name = "${var.lambda}:${element(var.stages, count.index)}"
principal = "apigateway.amazonaws.com"
source_arn = "arn:aws:execute-api:${var.region}:${var.account_id}:${var.rest_api_id}/*/${var.method}${aws_api_gateway_resource.api_resource.path}"
}
输入不会改变。但是每次申请我都会收到以下通知:
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement
Terraform will perform the following actions:
# module.signurl_get.aws_lambda_permission.lambda_permision[0] must be replaced
-/+ resource "aws_lambda_permission" "lambda_permision" {
action = "lambda:InvokeFunction"
~ function_name = "peng_lambda_test_version_eu_dev" -> "peng_lambda_test_version_eu_dev:v1" # forces replacement
~ id = "peng_lambda_test_version_eu_devv1Invoke" -> (known after apply)
principal = "apigateway.amazonaws.com"
- qualifier = "v1" -> null # forces replacement
source_arn = "arn:aws:execute-api:eu-west-1:887428995966:t4m0c9z1uk/*/GET/signurl"
statement_id = "peng_lambda_test_version_eu_devv1Invoke"
}
# module.signurl_get.aws_lambda_permission.lambda_permision[1] must be replaced
-/+ resource "aws_lambda_permission" "lambda_permision" {
action = "lambda:InvokeFunction"
~ function_name = "peng_lambda_test_version_eu_dev" -> "peng_lambda_test_version_eu_dev:v2" # forces replacement
~ id = "peng_lambda_test_version_eu_devv2Invoke" -> (known after apply)
principal = "apigateway.amazonaws.com"
- qualifier = "v2" -> null # forces replacement
source_arn = "arn:aws:execute-api:eu-west-1:887428995966:t4m0c9z1uk/*/GET/signurl"
statement_id = "peng_lambda_test_version_eu_devv2Invoke"
}
使用aws_lambda_permission资源时,您的函数名称应该是非限定的 Lambda 函数名称。如果您需要指定别名来对 Lambda 进行版本控制,则应改用qualifier参数来完成此操作。
现在 Terraform 正在尝试将函数名称设置为包含限定符并将限定符设置为 nil。AWS API 很高兴地接受了这一点并执行您想要它做的事情,但是当 Terraform 刷新并更新其状态时,它会看到函数名称已去除限定符并且已设置限定符参数,因此它试图将事情强制返回到代码告诉它应该的方式。不幸的是,这也是一个不支持对 Lambda 权限资源进行就地升级的操作,因此它还需要删除现有的 Lambda 权限并重新创建。
从函数名称中去除限定符并将其添加到正确的qualifier参数中应该可以解决这个问题:
resource "aws_lambda_permission" "lambda_permision" {
count = length(var.stages)
statement_id = "${var.lambda}${var.stages[count.index]}Invoke"
action = "lambda:InvokeFunction"
function_name = "${var.lambda}"
qualifier = ${var.stages[count.index]}"
principal = "apigateway.amazonaws.com"
source_arn = "arn:aws:execute-api:${var.region}:${var.account_id}:${var.rest_api_id}/*/${var.method}${aws_api_gateway_resource.api_resource.path}"
}
在上面的示例中,我还element用方括号表示法的直接列表索引替换了您的函数。element如果您需要多次循环返回列表而不在索引中进行模运算,则很有用,但否则方括号表示法往往更具可读性并且具有相同的行为。
正如您所提到的,您使用的是 Terraform 0.12,当您不连接字符串和变量时,您也可以使用较新的语法:
resource "aws_lambda_permission" "lambda_permision" {
count = length(var.stages)
statement_id = "${var.lambda}${var.stages[count.index]}Invoke"
action = "lambda:InvokeFunction"
function_name = var.lambda
qualifier = var.stages[count.index]
principal = "apigateway.amazonaws.com"
source_arn = "arn:aws:execute-api:${var.region}:${var.account_id}:${var.rest_api_id}/*/${var.method}${aws_api_gateway_resource.api_resource.path}"
}
| 归档时间: |
|
| 查看次数: |
1463 次 |
| 最近记录: |