这是我成功的摘录terraform plan
~ primary_network_interface_id = "eni-XXXXXXXXXXXXX -> (known after apply)
~ private_dns = "shshshshshshshshhs" -> (known after apply)
~ private_ip = "XXXXXXXXXXXXXXXXXX" -> (known after apply)
+ public_dns = (known after apply)
+ public_ip = (known after apply)
~ secondary_private_ips = [] -> (known after apply)
~ security_groups = [] -> (known after apply)
以上是aws_instance作为内部模块导入的资源的一部分。我打算通过变量传递安全组 ID 列表,security_groups以便在资源创建期间,它将映射到vpc_security_group_ids. 然而,通过上述计划,我看不出它是如何成功映射的。
我的问题是 - 我怎么知道这apply会起作用?Known after apply在这种情况下是 50-50 吗?另外,我没有在 TF 文档中找到任何内容,所以如果有什么内容,如果有人能指出我的方向,我将不胜感激。
谢谢,
我使用terraform-aws-eks 模块创建了一个 AWS EKS 集群。Terraform 版本是 1.0.6,aws 提供程序版本是 3.60.0。通过这些版本,我应该能够使用aws_autoscaling_group_tag资源来标记 EKS 创建的 ASG。
我的问题是模块中的节点组是地图的映射(此处描述),我不知道如何迭代我的节点组以标记其中的所有 ASG。这是来自 terraform 的示例:
resource "aws_eks_node_group" "example" {
cluster_name = "example"
node_group_name = "example"
# ... other configuration ...
}
resource "aws_autoscaling_group_tag" "example" {
for_each = toset(
[for asg in flatten(
[for resources in aws_eks_node_group.example.resources : resources.autoscaling_groups]
) : asg.name]
)
autoscaling_group_name = each.value
tag {
key = "k8s.io/cluster-autoscaler/node-template/label/eks.amazonaws.com/capacityType"
value = "SPOT"
propagate_at_launch = false
}
}
在这种情况下,有一个特定的节点组。但就我而言,有 3 个节点组,我希望所有 ASG 都被标记。到目前为止,我还没有对 …
我正在尝试使用 terraform 创建一个状态函数。首先,我创建一个策略并将其分配给现有角色processing_lambda_role。
resource "aws_iam_role_policy" "sfn_policy" {\n policy = jsonencode(\n{\n "Version": "2012-10-17",\n "Statement": [\n {\n "Effect": "Allow",\n "Principal": {\n "Service": "states.amazonaws.com"\n },\n "Action": "sts:AssumeRole"\n },\n {\n "Sid": "VisualEditor0",\n "Effect": "Allow",\n "Action": [\n "lambda:InvokeFunction",\n "lambda:InvokeAsync"\n ],\n "Resource": "*"\n }\n ]\n}\n )\n role = aws_iam_role.processing_lambda_role.id\n}\n\n\nresource "aws_sfn_state_machine" "sfn_state_machine" {\n name = local.step_function_name\n role_arn = aws_iam_role.processing_lambda_role.arn\n\n definition = <<EOF\n{\n "Comment": "Get Incoming Files",\n "StartAt": "GetIncomingFiles",\n "States": {\n "GetIncomingFiles": {\n "Type": "Task",\n "Resource": "${aws_lambda_function.get_incoming_lambda.arn}",\n "ResultPath": "$.Output",\n "End": true\n }\n }\n}\nEOF\n}\n我收到此错误: …
amazon-web-services terraform terraform-provider-aws aws-policies terraform-aws-modules
我正在尝试使用 terraform 创建一个 AWS S3 存储桶,这是我的代码:
provider "aws" {
profile = "default"
region = "ap-south-1"
}
resource "aws_s3_bucket" "first_tf" {
bucket = "svk-pl-2909202022"
acl = "private"
}
我使用记事本手动创建了“凭据”文件,并使用 Powershell 删除了“.txt”扩展名并将该文件存储在C:\Users\terraform\.aws.
[default]
aws_access_key_id=**************
aws_secret_access_key=************
但是当我尝试运行时terraform plan,我收到一个错误消息
错误:配置 Terraform AWS Provider 时出错:找不到 Terraform AWS Provider 的有效凭证源
然后,我还尝试通过安装 AWS CLI 创建“凭据”文件,我运行了命令
aws configure --profile terraform
terraform我的用户名在哪里。所以,它要求我输入aws_access_key_id和aws_secret_access_key。输入所有凭据后,我运行了命令terraform init,该命令运行成功,但是当我运行时terraform plan,它再次显示错误,内容为:
错误:配置 Terraform AWS Provider 时出错:找不到 Terraform AWS Provider 的有效凭证源
amazon-s3 amazon-web-services terraform-provider-aws terraform-aws-modules aws-credentials
我使用terraform-aws-eks设置了一个(我认为)是沼泽标准 EKS 集群如下所示:
\nmodule "eks" {\n source = "terraform-aws-modules/eks/aws"\n version = "~> 18.0"\n\n cluster_name = "my-test-cluster"\n cluster_version = "1.21"\n\n cluster_endpoint_private_access = true\n cluster_endpoint_public_access = true\n\n cluster_addons = {\n coredns = {\n resolve_conflicts = "OVERWRITE"\n }\n kube-proxy = {}\n vpc-cni = {\n resolve_conflicts = "OVERWRITE"\n }\n }\n\n vpc_id = var.vpc_id\n subnet_ids = var.subnet_ids\n\n eks_managed_node_group_defaults = {\n disk_size = 50\n instance_types = ["m5.large"]\n }\n\n eks_managed_node_groups = {\n green_test = {\n min_size = 1\n max_size = 2\n desired_size = 2\n\n …terraform istio kubernetes-ingress amazon-eks terraform-aws-modules
我曾经https://github.com/cloudposse/terraform-aws-acm-request-certificate使用 terraform 和 aws 生成证书。
如何在 terraform 中的同一文件中运行多个域?(不是子域)
我尝试这个但我有错误Error: Duplicate module call:
module "acm_request_certificate" {
source = "git::https://github.com/cloudposse/terraform-aws-acm-request-certificate.git?ref=master"
domain_name = "example.com"
process_domain_validation_options = true
ttl = "300"
}
module "acm_request_certificate" {
source = "git::https://github.com/cloudposse/terraform-aws-acm-request-certificate.git?ref=master"
domain_name = "otherexample.com"
process_domain_validation_options = true
ttl = "300"
}
我正在寻找类似的解决方案:
const domains = ["example.com", "otherexample.com"]
foreach(domain of domains) {
module "acm_request_certificate" {
source = "git::https://github.com/cloudposse/terraform-aws-acm-request-certificate.git?ref=master"
domain_name = domain
process_domain_validation_options = true
ttl = "300"
}
}
我正在尝试此模块中的示例 https://registry.terraform.io/modules/terraform-aws-modules/security-group/aws/3.10.0
主要.tf:
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
name = "${var.environment}-project-vpc"
cidr = "10.0.0.0/16"
#
# Important!
# https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/403
# Only append or delete from the end of the list
#
azs = ["us-east-2a", "us-east-2b", "us-east-2c"]
private_subnets = ["10.0.1.0/24", "10.0.2.0/24", "10.0.3.0/24"]
public_subnets = ["10.0.101.0/24", "10.0.102.0/24", "10.0.103.0/24"]
enable_nat_gateway = true
single_nat_gateway = true
one_nat_gateway_per_az = false
enable_dns_hostnames = true
enable_dns_support = true
tags = module.project_config.tags
}
module "bastion_sg" {
source = "terraform-aws-modules/security-group/aws"
name = "bastion-service"
description = "Security group for …terraform terraform-provider-aws terraform0.12+ terraform-aws-modules