我正在 Terraform 中创建计划的 ECS 任务。当我尝试覆盖 的容器定义时entryPoint,生成的任务不使用覆盖的entryPoint. 但是,如果我尝试覆盖command,它可以正常工作(除了现有入口点之外还添加一个新命令)。我在文档中找不到任何让我相信不支持entryPoint重写的内容,但情况可能是这样?
以下是 terraform 中 Cloudwatch 事件目标的代码
resource "aws_cloudwatch_event_target" "ecs_task" {
target_id = "run-${var.task_name}-scheduled"
arn = "${var.cluster_arn}"
rule = "${aws_cloudwatch_event_rule.ecs_task_event_rule.name}"
role_arn = "${aws_iam_role.ecs_event.arn}"
ecs_target = {
launch_type = "${var.launch_type}"
network_configuration = {
subnets = ["${var.subnet_ids}"]
security_groups = ["${var.security_group_ids}"]
}
task_count = 1
task_definition_arn = "${var.task_arn}"
}
input = <<DOC
{
"containerOverrides": [
{
"name": "${var.task_name}",
"entryPoint": ${jsonencode(var.command_overrides)}
}
]
}
DOC
}
这将在 AWS 控制台上创建一个新的计划任务,其中输入字段如下:
{
"containerOverrides": …我有一个$HOME/.aws/credentials这样的文件:
[config1]
aws_access_key_id=accessKeyId1
aws_secret_access_key=secretAccesskey1
[config2]
aws_access_key_id=accessKeyId2
aws_secret_access_key=secretAccesskey2
所以我期望通过此配置,terraform将选择第二个凭据:
terraform {
backend "s3" {
bucket = "myBucket"
region = "eu-central-1"
key = "path/to/terraform.tfstate"
encrypt = true
}
}
provider "aws" {
profile = "config2"
region = "eu-central-1"
}
但是当我尝试时terraform init它说它没有找到任何有效的凭据:
正在初始化后端...
错误:找不到 AWS 提供商的有效凭证源。有关为 AWS 提供商提供凭证的更多信息,请参阅https://terraform.io/docs/providers/aws/index.html
作为解决方法,我在凭据文件中进行了更改config2,default并profile从块中删除了该字段provider,因此它可以工作,但我确实需要使用类似于第一种方法的方法。我在这里缺少什么?
我正在尝试使用postgresql提供程序在 AWS 中创建的 postgres RDS 中创建数据库。我创建的 terraform 脚本如下:
resource "aws_db_instance" "test_rds" {
allocated_storage = "" # gigabytes
backup_retention_period = 7 # in days
engine = ""
engine_version = ""
identifier = ""
instance_class = ""
multi_az = ""
name = ""
username = ""
password = ""
port = ""
publicly_accessible = "false"
storage_encrypted = "false"
storage_type = ""
vpc_security_group_ids = ["${aws_security_group.test_sg.id}"]
db_subnet_group_name = "${aws_db_subnet_group.rds_subnet_group.name}"
}
postgresql 提供程序如下:
# Create databases in rds
provider "postgresql" {
alias = "alias" …postgresql amazon-web-services amazon-rds terraform-provider-aws
我正在学习 TF 并尝试应用一个基础设施来创建:
我能够成功地应用它。基础设施看起来非常好(当我通过 Visual AWS 控制台自己创建它时,它具有相同的方面)
但是云监视事件不会被触发(当从 TF 构建时),因此不会将消息发布到 SNS,并且不会调用 lambda。我不知道为什么
有人知道我怎样才能做到这一点吗?下面是我的 .tf 脚本:
provider "aws" {
region = "us-east-1"
}
//lambda function handler & code file
resource "aws_lambda_function" "lambda-function" {
function_name = "Function01"
handler = "com.rafael.lambda.Function01"
role = "arn:aws:iam::12345:role/LambdaRoleTest"
runtime = "java8"
s3_bucket = aws_s3_bucket.sns-test.id
s3_key = aws_s3_bucket_object.file_upload.id
source_code_hash = …amazon-sns amazon-cloudwatch aws-lambda terraform terraform-provider-aws
我正在创建一些资源,例如 Alb、安全组,并且我使用 github 中的模块:
module "efs_sg" {
source = "git::https://github.com/terraform-aws-modules/terraform-aws-security-group.git"
version = "3.2.0"
name = "${var.default_tags["app"]}-efs"
description = "Security group for FE "
vpc_id = data.terraform_remote_state.network.outputs.vpc_id
computed_ingress_with_source_security_group_id = [
{
from_port = 2049
to_port = 2049
protocol = "tcp"
description = "NFS"
source_security_group_id = "${module.asg_sg.this_security_group_id}"
}
]
number_of_computed_ingress_with_source_security_group_id = 1
tags = "${var.default_tags}"
}
当我执行 terraform apply/plan 时,出现此错误:
错误:版本约束无效
Cannot apply a version constraint to module "efs_sg" (at
terraform/dev/eu-west-1/sg.tf:107) because it has a non Registry
URL.
我在用着Terraform v0.12.12
如何解决这个问题?
这是我的设置,
Terraform 版本 - Terraform v0.12.17 操作系统 - OSX 10.15.1
用例 - 定义提供程序文件并访问 vars 文件中定义的变量
文件 main.tf - 代码所在的位置
provider "aws" {
}
variable "AWS_REGION" {
type = string
}
variable "AMIS" {
type = map(string)
default = {
us-west-1 = "my ami"
}
}
resource "aws_instance" "awsInstall" {
ami = var.AMIS[var.AWS_REGION]
instance_type = "t2.micro"
}
awsVars.tfvars - 定义区域的位置
AWS_REGION="eu-region-1"
执行
$ 地形控制台
变量AWS_REGION
错误:结果取决于“terraform apply”之后才能确定的值。
我犯了什么错误,我没有看到任何语法,但在访问变量时遇到问题,任何指针都会有帮助
谢谢
我正在尝试配置 Terraform,以便它使用 AWS Secrets 的环境变量。
terraform.tfvars:
access_key = "${var.TF_VAR_AWS_AK}"
secret_key = "${var.TF_VAR_AWS_SK}"
aws_region = "eu-north-1"
主要.tf:
provider "aws" {
region = "${var.aws_region}"
access_key = "${var.access_key}"
secret_key = "${var.secret_key}"
}
在控制台中(在 Windows 10 上):
set TF_VAR_AWS_AK = asd12345asd12345
set TF_VAR_AWS_SK = asd12345asd12345
terraform plan
错误信息:
Error: Variables not allowed
on terraform.tfvars line 1:
1: access_key = "${var.TF_VAR_AWS_AK}"
Variables may not be used here.
Error: Variables not allowed
on terraform.tfvars line 2:
2: secret_key = "${var.TF_VAR_AWS_SK}"
Variables may not be used here. …我想创建一些 EC2 实例并将其 private_ip 放入 ec2.ini 样式文件中,以便进一步与 Ansible 一起使用。
resource "local_file" "ec2_id" {
count = var.instance_count
content = "${aws_instance.instance[count.index].private_ip} ansible_ssh_user=ec2-user\n"
filename = "ec2.ini"
}
这始终打印创建的最新 EC2 实例的 private_ip。
任何想法如何解决这个问题。
更新:-
data "template_file" "hehe" {
count = var.instance_count
template = "${element(aws_instance.instance.*.private_ip, count.index)} ansible_ssh_user=ec2-user subnetmask=${element(split("/", data.aws_subnet.selected-subnet-id.cidr_block),1)}\n"
}
resource "local_file" "ec2_id" {
count = var.instance_count
content = "${element(data.template_file.hehe.*.rendered, count.index)}"
filename = "ec2.ini"
}
不起作用。给我最后创建的实例 private_ip。
这里是 Terraform 新手。我这里有一个 ECS 计划任务的代码。每当我更改此设置并应用更改时,任务定义的第一个版本就会在 ECS 任务中设置。所以我尝试向其中添加生命周期方法。
resource "aws_cloudwatch_event_target" "sqs" {
rule = aws_cloudwatch_event_rule.sqs.name
target_id = local.namespace
arn = aws_ecs_cluster.app.arn
role_arn = aws_iam_role.ecsRole.arn
input = "{}"
ecs_target {
task_count = 1
task_definition_arn = aws_ecs_task_definition.sqs.arn
launch_type = "FARGATE"
platform_version = "LATEST"
network_configuration {
security_groups = [aws_security_group.nsg_task.id]
subnets = split(",", var.private_subnets)
}
}
}
尝试过:
resource "aws_cloudwatch_event_target" "sqs" {
rule = aws_cloudwatch_event_rule.sqs.name
target_id = local.namespace
arn = aws_ecs_cluster.app.arn
role_arn = aws_iam_role.ecsRole.arn
input = "{}"
ecs_target {
task_count = 1
task_definition_arn = aws_ecs_task_definition.sqs.arn …amazon-web-services amazon-ecs terraform terraform-provider-aws infrastructure-as-code
我的作业在提交到 Batch 服务后从 RUNNABLE 变为 FAILED 状态,并显示以下作业状态错误消息(来自 AWS 控制台):
ECS was unable to assume the role 'arn:aws:iam::347134692569:role/my-custom-role' that was provided for this task. Please verify that the role being passed has the proper trust relationship and permissions and that your IAM user has permissions to pass this role.
上面引用的角色由 Terraform 管理,具有两个策略附件 (AWSBatchServiceRole和AmazonEC2ContainerServiceforEC2Role),如下所示:
resource "aws_iam_role" "batch" {
name = "my-custom-role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement":
[
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "batch.amazonaws.com" …amazon-web-services terraform aws-batch terraform-provider-aws
terraform ×8
amazon-ecs ×2
amazon-ec2 ×1
amazon-rds ×1
amazon-sns ×1
aws-batch ×1
aws-lambda ×1
postgresql ×1