我正在尝试使用 terraform 模板配置 RDS 实例,我的模板如下所示
模板.tf
resource "aws_security_group" "web-server-security"{
name = "webserver-sg"
description = "webserver security group"
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
tags{
Name = "web-server-sg"
}
resource "aws_security_group" "db-server-sg" {
name = "db-server"
description = "dbserver security group"
ingress {
from_port = 3306
to_port = 3306
protocol = "tcp"
security_groups = ["${aws_security_group.web-server-security.id}"]
}
tags{
Name = "db-server-sg"
}
}
resource "aws_db_instance" "echomany_db" {
name = "echomanydb"
engine = "mysql" …我正在尝试使用 aws_network_interface 创建一个 aws 实例,如下所示:
resource "aws_network_interface" "lustre-mds01" {
subnet_id = "${var.subnet_id}"
private_ips = ["10.1.0.10"]
}
resource "aws_instance" "lustre-mds01" {
ami = "${var.ec2_ami}"
instance_type = "t2.nano"
key_name = "${var.key_name}"
vpc_security_group_ids = [ "${var.vpc_security_group_id}" ]
root_block_device {
volume_type = "gp2"
volume_size = 128
}
network_interface {
network_interface_id = "${aws_network_interface.lustre-mds01.id}"
device_index = 0
}
}
但是,这会导致:
错误:“network_interface”:与 vpc_security_group_ids 冲突
这似乎存在问题,但由于不活动,该票证已关闭。我是一个 terraform noob,所以我不确定这看起来像一个错误还是只是用户错误。
我的环境:
$ terraform -v
Terraform v0.12.2
+ provider.aws v2.15.0
+ provider.external v1.1.2
+ provider.local v1.2.2
+ provider.null v2.1.2
在尝试创建 AWS Route53 资源和 AWS Certificate Manager 资源时,我一整天都被 Terraform 错误所困扰。这 2 位是更广泛项目(通过其静态服务功能托管在 s3 中的网站)的一部分。
特别是在证书的 DNS 验证期间,当 CNAME 记录作为 DNS 记录插入 Route53 时,会弹出错误。
我会列出错误,然后我会描述设置。
错误
terraform plan -var-file=production.vars
Creating...
module.infrastructure.aws_route53_record.idarth-validation-record: Still creating... [10s elapsed]
module.infrastructure.aws_route53_record.idarth-validation-record: Still creating... [20s elapsed]
module.infrastructure.aws_route53_record.idarth-validation-record: Still creating... [30s elapsed]
module.infrastructure.aws_route53_record.idarth-validation-record: Still creating... [40s elapsed]
module.infrastructure.aws_route53_record.idarth-validation-record: Still creating... [50s elapsed]
module.infrastructure.aws_route53_record.idarth-validation-record: Still creating... [1m0s elapsed]
module.infrastructure.aws_route53_record.idarth-validation-record: Still creating... [1m10s elapsed]
module.infrastructure.aws_route53_record.idarth-validation-record: Creation complete after 1m12s [id=ZB4TSGZTTZ3CQ__7bc5230529c8192e8e697aeab0ec0eb9.idarth.com._CNAME]
module.infrastructure.aws_acm_certificate_validation.idarth-ssl-certificate: Creating...
2019/08/24 18:32:40 [ERROR] module.infrastructure: eval: *terraform.EvalSequence, err: 1 …dns amazon-web-services amazon-route53 terraform terraform-provider-aws
我正在尝试创建一个 lambda 角色并将策略附加到它,以便它可以启动和停止 ec2 实例。我将使用 cloudwatch 触发 lambda。
我收到此错误:“错误:错误创建 IAM 角色 lambdaRole:MalformedPolicyDocument:JSON 字符串不能有前导空格状态代码:400,请求 ID:d6a86c41-6601-43af-9040-81f6e6a76ec8
在 iam.tf 第 11 行,在资源 "aws_iam_role" "lambdaRole": 11: 资源 "aws_iam_role" "lambdaRole" {"
terraform {
backend "s3" {
region = "us-west-2"
bucket = "gitlegionbucket"
key = "ec2/terraform.tfstate"
dynamodb_table = "tf-state-lock"
}
}
resource "aws_iam_role" "lambdaRole" {
name = "lambdaRole"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}
resource "aws_iam_policy" "policy" …我遇到了这个错误:
Inappropriate value for attribute "vpc_zone_identifier": element 0: string required.
变量应该是字符串列表,所以元素 0 应该是字符串。
这是代码:
专有网络模块:
resource "aws_subnet" "terraform-pub-sn" {
count = "${length(data.aws_availability_zones.all.names)}"
vpc_id = "${aws_vpc.terraform-vpc.id}"
cidr_block = "${element(var.vpc_subnet_cidr, count.index)}"
availability_zone = "${data.aws_availability_zones.all.names[count.index]}"
}
输出:
output "terraform_subnet_ids" {
value = ["${aws_subnet.terraform-pub-sn.*.id}"]
}
主文件:
module "auto_scaling_group" {
source = "./modules/AutoScalingGroup"
terraform_subnet_ids = ["${module.vpc.terraform_subnet_ids}"]
}
ASG 模块:
variable "terraform_subnet_ids"{}
resource "aws_autoscaling_group" "terraform-asg" {
vpc_zone_identifier = ["${var.terraform_subnet_ids}"]
...
}
我花了半天时间试图解决这个问题,不知道还能尝试什么以及应该如何定义它。AFAIK 添加 [] 将使变量成为一个字符串列表,当它选择元素 0 并返回错误时,元素在技术上应该是一个字符串,所以不知道问题是什么。也许有一种方法可以即时检查它是什么?
完整的错误在这里:
Error: Incorrect attribute value type
on modules\AutoScalingGroup\asg.tf line …通过 Terraform 在 RDS 中创建角色后,我试图将其添加到 Postgresql 数据库。
我有两个单独的模块,一个创建 RDS 实例,一个向其中添加新角色。数据库地址是persistence模块的输出和模块的输入persistenceApplicationRole。问题好像是在创建RDS实例之前运行了Postgresql provider,所以地址为空。
我得到的错误是:
Error: Error initializing PostgreSQL client: error detecting capabilities: error PostgreSQL version: dial tcp :5432: connect: connection refused
on ../modules/persistenceApplicationRole/main.tf line 9, in provider "postgresql":
9: provider postgresql {
通过-target=module.persistence标志单独运行模块是有效的,因为persistenceApplicationRole一旦创建数据库地址就会获取它。我在此处的文档中为 MySQL Provider 找到了一个包含这种确切场景的示例。
# module.persistenceApplicationRole
provider postgresql {
host = var.databaseAddress
username = data.external.root_credentials.result["username"]
password = data.external.root_credentials.result["password"]
superuser = false
}
resource "postgresql_role" "application_role" {
name = data.external.application_credentials.result["username"]
password …postgresql amazon-web-services amazon-rds terraform terraform-provider-aws
我是 Terraform 的新手,我正在使用此功能重新使用相同的子网列表来启动比我拥有的子网更多的实例。(它只会循环)如果我提供我自己的子网映射,这很好用,但远程状态中的数据是一个元组,我收到此错误:
Invalid value for "inputMap" parameter: lookup() requires a map as the first
argument. data.terraform_remote_state.vpc.outputs.private_subnets is tuple with 4 elements
我也试过tomap(函数,但失败了:
Invalid value for "v" parameter: cannot convert tuple to map of any single
type.
这是我的代码:
count = var.instance_count
ami = var.ami
instance_type = "t2.medium"
subnet_id = lookup(data.terraform_remote_state.vpc.outputs.private_subnets, count.index%length(data.terraform_remote_state.vpc.outputs.private_subnets))
vpc_security_group_ids = ["${data.terraform_remote_state.foo_sg.outputs.foo_sg_id}"]
key_name = var.key_name
iam_instance_profile = var.iam_instance_profile
user_data = <<-EOF
#!/bin/bash
hostnamectl set-hostname --static "${var.app_name}-${count.index + 1}.${data.terraform_remote_state.vpc.outputs.private_zone_domain_name}"
echo "127.0.0.1 localhost.localdomain localhost4 localhost4.localdomain4 ${var.app_name}-${count.index + 1}.${data.terraform_remote_state.vpc.outputs.private_zone_domain_name} ….tf我的根模块中有两个文件:
第一个被称为api-gateway.tf在 AWS 中提供 API 网关:
resource "aws_apigatewayv2_api" "apiGateway" {
name = "some_Name"
protocol_type = "HTTP"
}
output "api_gateway_endpoint" {
value = "${aws_apigatewayv2_api.apiGateway.api_endpoint}"
}
output "api_gateway_endpoint_id" {
value = "${aws_apigatewayv2_api.apiGateway.id}"
}
我有另一个.tf名为route53.tf创建Route53记录的文件:
resource "aws_route53_record" "www" {
zone_id = "xxxxx"
name = "someurl.com"
type = "A"
alias {
name = "${output.api_gateway_endpoint}"
zone_id = "${output.api_gateway_endpoint_id}"
evaluate_target_health = false
}
}
我需要将 apigateway的api_endpoint和id传递到 route53,但我不知道如何?
我尝试使用output和引用 route53 资源中的返回这两个值,但是它不起作用。它给了我一个undeclared …
我将 S3 用于 Terraform 的远程状态。
当我使用Terraform工作区则对环境的状态文件的路径最终被s3://<bucket>/env:/<workspace>/<key>其中<bucket>和key在一个指定terraform的块。例如,使用以下 Terraform HCL:
terraform {
backend "s3" {
bucket = "devops"
key = "tf-state/abc/xyz.tfstate"
region = "us-east-1"
}
}
如果我们使用 Terraform 工作区,如下所示:
$ terraform workspace new myapp-dev
$ terraform workspace select myapp-dev
$ terraform init
$ terraform apply
然后我们将在以下路径中得到 Terraform 状态文件: s3://devops/env:/myapp-dev/tf-state/abc/xyz.tfstate
似乎 Terraform 默认使用一个名为的子目录,env:在该子目录下管理与工作区关联的状态文件。我的问题是我们可以在 Terraform 配置中添加任何内容,让我们能够控制这env:部分内容吗?
I need to pass the below templatefile function to user_data in EC2 resource. Thank you
userdata.tf
templatefile("${path.module}/init.ps1", {
environment = var.env
hostnames = {"dev":"devhost","test":"testhost","prod":"prodhost"}
})
ec2.tf
resource "aws_instance" "web" {
ami = "ami-xxxxxxxxxxxxxxxxx"
instance_type = "t2.micro"
# how do I pass the templatefile Funtion here
user_data = ...
tags = {
Name = "HelloWorld"
}
}