我试图找出每当有人执行操作时通知一个松弛通道
terraform apply
我已经浏览过https://github.com/terraform-aws-modules/terraform-aws-notify-slack,但这专门讨论了云监视警报。我正在考虑一些简单的事情,我可以在成功的 terraform 应用结束时通过调用 webhook 向 slack 发送类似通知之类的内容。
有人可以给我指出某个方向吗,我可以开发一些东西来解决这个问题。只是指针也会有帮助。
deploy我正在尝试创建一个管道来部署在 Beanstalk 上,但我经常在管道部分遇到错误:
Insufficient permissions
The provided role does not have sufficient permissions to access
Elastic Beanstalk: Access Denied
我缺少什么?
/************************************************
* Code Build
***********************************************/
resource "aws_codebuild_project" "project-name-codebuild" {
name = "${var.project}-codebuild"
build_timeout = "15"
service_role = "${aws_iam_role.project-name-codebuild-role.arn}"
artifacts {
type = "CODEPIPELINE"
}
environment {
compute_type = "BUILD_GENERAL1_SMALL"
type = "LINUX_CONTAINER"
image = "aws/codebuild/java:openjdk-8"
}
source {
type = "CODEPIPELINE"
}
tags {
Name = "${var.project}"
Environment = "${var.environment}"
}
}
resource "aws_ecr_repository" "project-name-ecr-repository" {
name = "${var.project}-ecr-repository" …amazon-web-services amazon-elastic-beanstalk terraform aws-codepipeline terraform-provider-aws
我正在尝试为开发和 QA 环境配置我的 terraform,每个环境都有自己的安全组,我用data:
data "aws_security_group" "ssh" {
name = "SG-SSH"
}
data "aws_security_group" "postgres" {
name = "SG-Postgres"
}
有没有办法根据目标环境指定拉入哪些安全组?我试过这个:
locals {
sgs = {
dev = ["${data.aws_security_group.postgres.id}", "${data.aws_security_group.ssh.id}"]
qa = ["${data.aws_security_group.postgres.id}"]
}
}
然后我用 来引用"${local.sgs[var.env]}"。但是,ssh安全组仅存在于开发环境中,因此当我针对 QA 环境时,我仍然得到:
data.aws_security_group.ssh: data.aws_security_group.ssh: no matching SecurityGroup found
amazon-web-services terraform aws-security-group terraform-provider-aws
我是Terraform样本中行人最多的地方:
# Configure AWS provider
provider "aws" {
region = "us-east-1"
access_key = "xxxxxxxxx"
secret_key = "yyyyyyyyyyy"
}
# Terraform configuration
terraform {
backend "s3" {
bucket = "terraform.example.com"
key = "85/182/terraform.tfstate"
region = "us-east-1"
}
}
当我运行terraform init时,我收到以下(跟踪的)响应:
2018/08/14 14:19:13 [INFO] Terraform version: 0.11.7 41e50bd32a8825a84535e353c3674af8ce799161
2018/08/14 14:19:13 [INFO] Go runtime version: go1.10.1
2018/08/14 14:19:13 [INFO] CLI args: []string{"C:\\cygwin64\\usr\\local\\bin\\terraform.exe", "init"}
2018/08/14 14:19:13 [DEBUG] Attempting to open CLI config file: C:\Users\judall\AppData\Roaming\terraform.rc
2018/08/14 14:19:13 [DEBUG] File doesn't exist, but doesn't need to. …terraform 是否提供此类功能来覆盖变量值?假设我声明了下面给出的两个变量。
variable "foo" {}
variable "bar" { default = "false"}
foo是强制性的,并bar分配有默认值false。terraform 中是否有resoruce可用的值可以重新分配或覆盖该bar值?我是从resource角度来问这个问题的。我知道我可以使用terraform-modules.
我尝试过这种用法null_resource,但没有得到预期的结果。它仍然返回默认值。
resource "null_resource" "this" {
provisioner "local-exec" {
command = "echo ${var.env} > ${var.newvar}"
}
}
我还想curl在命令属性中运行。我需要使用“口译员吗?” 如果是这样,那么它的价值是什么?
interpreter = ["shell","?"]我应该传递哪些值来curl在配置程序中执行命令local-exec。
bash脚本
function check_efs() {
curl -ls https://elasticfilesystem.us-east-1.amazonsaws.com
if [ $? -eq 0 ]; then
output=1
else:
output=0
}
function produce_output() {
value=$(output) …我需要增加 ECS 任务中的堆栈大小。
是否aws_ecs_task_definition支持 ulimit 堆栈大小?如果有的话,语法是什么?
amazon-web-services amazon-ecs terraform terraform-provider-aws
I have a domain registered on Route 53. This domain points towards some name servers of an old Route53 route. I'm now building my Terraform script to create a new Route53 zone. Is it possible to set the name servers when creating this? I tried the following, but that didn't work:
resource "aws_route53_record" "dev-ns" {
zone_id = "${aws_route53_zone.main.zone_id}"
name = "dev.example.com"
type = "NS"
ttl = "30"
records = [
"ns1.aws",
"ns2.aws",
"ns3.aws",
"ns4.aws",
]
}
I could imagine that …
我正在尝试对资源资源“aws_servicecatalog_provisioned_product”中的参数应用生命周期ignore_changes规则,如下所示。
\nresource "aws_servicecatalog_provisioned_product" "example" {\n name = "example"\n product_name = "Example product"\n provisioning_artifact_name = "Example version"\n\n provisioning_parameters {\n key = "foo"\n value = "bar"\n }\n\n provisioning_parameters {\n key = "key2"\n value = lookup(var.parameter_group, "key2", "test2")\n }\n\n provisioning_parameters {\n key = "key3"\n value = "test3"\n }\n\n tags = {\n foo = "bar"\n }\n\n lifecycle {\n ignore_changes = [\n tags["foo"],\n aws_servicecatalog_provisioned_product.provisioning_parameters.example["key2"]\n ]\n }\n \n}\nvariable parameter_group {\n description = "Parameters map required for modules. \n type = map(any)\n default = …我尝试创建一个 EC2 实例。当我不设置安全组时,它很好,但是当设置安全组时,它失败并显示以下消息:
\n\xe2\x94\x82 Error: creating EC2 Instance: InvalidParameterValue: Value () for parameter groupId is invalid. The value cannot be empty\n\xe2\x94\x82 status code: 400, request id: 2935799e-2364-4676-ba02-457740336cd1\n\xe2\x94\x82\n\xe2\x94\x82 with aws_instance.my_first_instance,\n\xe2\x94\x82 on main.tf line 44, in resource "aws_instance" "my_first_instance":\n\xe2\x94\x82 44: resource "aws_instance" "my_first_instance" {\n代码是
\n variable "ecs_cluster_name" {\n type = string\n default = "production"\n}\n\ndata "aws_ami" "ecs_ami" {\n most_recent = true\n owners = ["amazon"]\n\n filter {\n name = "name"\n values = ["amzn2-ami-ecs-hvm-2.0.202*-x86_64-ebs"]\n }\n}\n\noutput "ami_name" {\n value = data.aws_ami.ecs_ami.name\n description = …我们有一个新的 terraform 脚本,它将 docker 镜像推送到 AWS Lambda。该脚本运行良好,并将新图像正确连接到 Lambda。我可以通过检查 Lambda 的 AWS 控制台中显示的图像 URL 来确认这一点,它是新推送+连接的图像。然而,在测试 lambda 时,它显然正在运行之前的代码。Lambda 似乎已更新,但正在运行的内存实例未收到消息。
问题:有没有办法强制内存中的 Lambda 循环到新镜像?
这是 Lambda 的 TF 代码:
resource "aws_lambda_function" "my_lambda" {
function_name = "MyLambda_${var.environment}"
role = data.aws_iam_role.iam_for_lambda.arn
image_uri = "${data.aws_ecr_repository.my_image.repository_url}:latest"
memory_size = 512
timeout = 300
architectures = ["x86_64"]
package_type = "Image"
environment {variables = {stage = var.environment, commit_hash=var.commit_hash}}
}