我是 Terraform 新手,正在开发一个在 AWS 上使用 Docker/AWS ECR/ECS 基础设施的项目。我在这篇文章中看到作者指定了类似的内容
data "aws_ecs_task_definition" "test" {
task_definition = "${aws_ecs_task_definition.test.family}"
depends_on = ["aws_ecs_task_definition.test"]
}
resource "aws_ecs_task_definition" "test" {
family = "test-family"
# ...
}
为什么他同时使用数据源和资源aws_ecs_task_definition?经过几个小时的深入研究官方文档以及谷歌搜索文章后,我找不到解释或类似的示例。
我稍后看到当他设置服务时,他使用以下代码来引用它们:(同样,我不确定这里发生了什么)
task_definition = "${aws_ecs_task_definition.test.family}:${max("${aws_ecs_task_definition.test.revision}", "${data.aws_ecs_task_definition.test.revision}")}"
我现在很困惑在同一类型上同时使用数据和资源与仅使用资源之间有什么区别。生命周期方面有什么区别吗?
我现在正在尝试为我的 docker 映像创建一个 AWS ECR,并且我希望 terraform 来管理它(创建/更新/销毁),我是否应该同时使用该类型的数据源和资源aws_ecr_repository?
我正在尝试在 terraform 中运行跨区域的 s3 复制。我的大部分代码都很好,但我只收到两个我似乎无法解决的错误。
我的主要 s3.tf 的一部分是
resource "aws_kms_key" "s3_replica-us-west-2" {
description = "S3 master key replica us-west-2"
deletion_window_in_days = 30
enable_key_rotation = "true"
}
module "s3_replica" {
source = "git@github.com:xxx"
providers = {
aws = "aws.us-west-2"
}
name = "s3_replica"
logging_bucket_prefix = "s3_replica"
versioning = var.versioning
bucket_logging = var.bucket_logging
logging_bucket_name = var.logging_bucket_name
kms_key_id = aws_kms_key.s3_replica-us-west-2.key_id
sse_algorithm = var.sse_algorithm
}
module "s3" {
source = "git@github.com:xxxx"
name = "s3"
logging_bucket_prefix = "s3"
versioning = var.versioning
bucket_logging = var.bucket_logging
logging_bucket_name …syntax amazon-s3 amazon-web-services terraform terraform-provider-aws
尝试将我的状态文件存储在 s3 存储桶中,但在尝试“Terraform init”时出现此错误:
error configuring S3 Backend: error validating provider credentials:
error calling sts:GetCallerIdentity:
InvalidClientTokenId: The security token included in the request is invalid.
主要.tf:
provider "aws" {
region = var.region
access_key = var.acc_key
secret_key = var.sec_key
}
terraform {
backend "s3" {
bucket = "mybucket-terra-prac"
key = "terraform.tfstate"
region = "eu-central-1"
}
}
resource "aws_instance" "web" {
ami = var.ami
instance_type = "t2.large"
associate_public_ip_address=true
key_name = var.public_key
tags = {
Name = var.ec2_name …amazon-s3 amazon-web-services terraform terraform-provider-aws
我尝试按照此处 Terraform 文档中的示例使用 Terraform 创建和验证 AWS 证书: https: //registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/acm_certificate_validation#dns-validation-与路线 53
\n我的 Terraform 文件如下所示:
\nresource "aws_acm_certificate" "vpn_server" {\n domain_name = "stuff.mine.com"\n \n validation_method = "DNS"\n\n tags = {\n Name = "certificate"\n Scope = "vpn_server"\n Environment = "vpn"\n }\n}\n\nresource "aws_acm_certificate_validation" "vpn_server" {\n certificate_arn = aws_acm_certificate.vpn_server.arn\n\n validation_record_fqdns = [for record in aws_route53_record.my_dns_record_vpn_server : record.fqdn]\n\n timeouts {\n create = "2m"\n }\n}\n\nresource "aws_route53_zone" "my_dns" {\n name = "stuff.mine.com"\n\n tags = {\n name = "dns_zone"\n }\n}\n\n\nresource "aws_route53_record" "my_dns_record_vpn_server" {\n for_each = {\n for dvo …我正在尝试使用 terraform 创建一个状态函数。首先,我创建一个策略并将其分配给现有角色processing_lambda_role。
resource "aws_iam_role_policy" "sfn_policy" {\n policy = jsonencode(\n{\n "Version": "2012-10-17",\n "Statement": [\n {\n "Effect": "Allow",\n "Principal": {\n "Service": "states.amazonaws.com"\n },\n "Action": "sts:AssumeRole"\n },\n {\n "Sid": "VisualEditor0",\n "Effect": "Allow",\n "Action": [\n "lambda:InvokeFunction",\n "lambda:InvokeAsync"\n ],\n "Resource": "*"\n }\n ]\n}\n )\n role = aws_iam_role.processing_lambda_role.id\n}\n\n\nresource "aws_sfn_state_machine" "sfn_state_machine" {\n name = local.step_function_name\n role_arn = aws_iam_role.processing_lambda_role.arn\n\n definition = <<EOF\n{\n "Comment": "Get Incoming Files",\n "StartAt": "GetIncomingFiles",\n "States": {\n "GetIncomingFiles": {\n "Type": "Task",\n "Resource": "${aws_lambda_function.get_incoming_lambda.arn}",\n "ResultPath": "$.Output",\n "End": true\n }\n }\n}\nEOF\n}\n我收到此错误: …
amazon-web-services terraform terraform-provider-aws aws-policies terraform-aws-modules
我default_tags在根模块中使用 terraform aws 提供程序块my_terraform。该模块有一个名为 的子模块my_submodule,我想在该子模块中添加其他默认标签。我在以下位置尝试过my_terraform/my_submodule/main.tf:
provider "aws" {\n default_tags {\n tags = {\n "extra_tag" = "something"\n }\n }\n}\n但我收到这个错误:
\n$ terraform init\nInitializing modules...\n- my_terraform.my_submodule in my_terraform/my_submodule\nThere are some problems with the configuration, described below.\n\nThe Terraform configuration must be valid before initialization so that\nTerraform can determine which modules and providers need to be installed.\n\xe2\x95\xb7\n\xe2\x94\x82 Error: Module module.my_submodule contains provider configuration\n\xe2\x94\x82 \n\xe2\x94\x82 Providers cannot be configured within modules using count, for_each …我正在开发 aws 堆栈,并有一些 lambda 和 s3 存储桶(下面的示例代码)。如何通过 terrarform 为 lambda 生成 zip 文件。我见过不同的风格,可能也取决于 terraform 的版本。
resource "aws_lambda_function" "my_lambda" {
filename = "my_lambda_func.zip"
source_code_hash = filebase64sha256("my_lambda_func.zip")
我想从另一个存储库获取子网值。为此,我添加了数据 aws_subnet 部分。但是我的过滤部分有问题。在值行的末尾,我需要计算每个子网。我尝试使用 count.index 和不同的东西。但我收到此错误:The "count" object can only be used in "module", "resource", and "data" blocks, and only when the "count" argument is set.那么我如何使用 * 作为过滤器值部分。例如:${var.vpcname}-Public-*
我的子网:
myvpc-Private-0
myvpc-Private-1
myvpc-Private-2
myvpc-Public-0
myvpc-Public-1
myvpc-Public-2
我的数据部分:
data "aws_subnet" "public" {
filter {
name = "tag:Name"
values = ["${var.vpcname}-Public-"]
}
}
data "aws_subnet" "private" {
filter {
name = "tag:Name"
values = ["${var.vpcname}-Private-"]
}
}
想要查看具有以下输出部分的所有子网。
output "private" {
value = data.aws_subnet.private.*.id
}
output "public" {
value = data.aws_subnet.public.*.id …我想将 terraform 状态文件存储在一个 aws 账户的 s3 存储桶中,并使用 role_arn 使用在另一个 aws 账户中部署实例更改。\n这是我的配置:
\ nproviders.tf
terraform {\n backend "s3" {\n bucket = "bucket"\n key = "tf/terraform.tfstate"\n encrypt = "false"\n region = "us-east-1"\n profile = "s3"\n role_arn = "arn:aws:iam::1111111111111:role/s3-role"\n dynamodb_table = "name"\n }\n}\n\nprovider "aws" {\n profile = "ec2"\n region = "eu-north-1"\n assume_role {\n role_arn = "arn:aws:iam::2222222222222:role/ec2-role"\n }\n}\n〜/.aws/凭证
\n[s3-def]\naws_access_key_id = aaaaaaaaaa\naws_secret_access_key = sssssssss\n[ec2-def]\naws_access_key_id = aaaaaaa\naws_secret_access_key = sssss\n[s3]\nrole_arn = arn:aws:iam::1111111111:role/s3-role\nregion = us-east-1\nsource_profile = s3-def\n[ec2]\nrole_arn = arn:aws:iam::22222222222:role/ec2-role\nregion = eu-north-1\nsource_profile = ec2-def\namazon-s3 amazon-ec2 amazon-web-services terraform terraform-provider-aws
我对升级过程还有疑问,因为我收到有关“无法解码当前后端配置”的错误,如果我想回滚到版本 0.12(从 0.13 开始),是否可以运行 terraform init --reconfigure 而没有风险)因为我的电脑上目前安装了两个版本?