我的 terraform 脚本中有以下代码
variable "sg_ingress_rules" {
type = map(map(any))
default = {
port_22 = { from = 22, to = 22, proto = "tcp", cidr = "0.0.0.0/0", desc = "Allow port 22 from all" }
port_3306 = { from = 3306, to = 3306, proto = "tcp", cidr = "10.0.0.0/8", desc = "Allow port 3306 from all" }
port_3307 = { from = 3307, to = 3307, proto = "tcp", cidr = "10.0.0.0/8", desc = "Allow port 3307 from all" …amazon-web-services terraform terraform-provider-aws terraform0.12+
我正在使用 aws 提供程序并尝试使用加密卷创建 aws_workspaces_workspace 。
我创建了一个带有关联别名 (aws_kms_alias) 的 aws_kms_key。
我为volume_encryption_key指定了密钥别名(作为字符串)。资源已按预期创建,我可以在控制台中验证卷是否已使用指定密钥加密。
我的问题是,每次重新运行 terraform apply 时,terraform 都会报告由于键值更新(从键 id 到别名)而需要替换 aws_workspaces_workspace
我怎样才能防止这种形式的发生?这是一个错误吗?我做错了什么吗?一些相关代码如下。
resource "aws_workspaces_workspace" "workspace" {
directory_id = aws_workspaces_directory.ws-ad.id
bundle_id = var.bundle_id
user_name = var.username
root_volume_encryption_enabled = true
user_volume_encryption_enabled = true
volume_encryption_key = "alias/workspace-volume"
workspace_properties {
compute_type_name = "POWER"
user_volume_size_gib = 80
root_volume_size_gib = 50
running_mode = "AUTO_STOP"
running_mode_auto_stop_timeout_in_minutes = 60
}
}
resource "aws_kms_key" "kms-ws-volume" {
description = "Workspace Volume Encryption Key"
key_usage = "ENCRYPT_DECRYPT"
deletion_window_in_days = 30
is_enabled = true
} …我有一张像这样的地图
variable "mysubnets" {
type = map(string)
default = {
"subnet1" = "10.1.0.0/24"
"subnet2" = "10.1.1.0/24"
}
}
在我的模块中,我尝试将子网放置在同一 vpc 的不同可用区中
data "aws_availability_zones" "azs" {
state = "available"
}
resource "aws_subnet" "test-subnets" {
for_each = var.mysubnets
cidr_block = "${each.value}"
vpc_id = aws_vpc.myvpc.id
availability_zone = data.aws_availability_zones.azs.names[index("${each.value}")]
tags = {
Name = "${each.key}"
}
}
我可以从地图中获取键和值,没有问题,但是当尝试选择可用区域时,我找不到如何更改值。有没有办法获取地图的索引,或者为递增的数字创建一个计数器?
我正在使用 Terraform 创建 IAM 和 EC2,如下所示。
我想将一个名为ec2_roleEC2 实例配置文件的角色附加到该 EC2 实例配置文件中。但它似乎只能附加由 . 创建的一个aws_iam_instance_profile。
resource "aws_instance" "this" {
# ..
iam_instance_profile = aws_iam_instance_profile.this.name
}
resource "aws_iam_instance_profile" "this" {
name = "ec2-profile"
role = aws_iam_role.ec2_role.name
}
关于ec2_role,它使用ec2_role_policy. 但如果我设置source_json = data.aws_iam_policy.amazon_ssm_managed_instance_core.policy为data "aws_iam_policy_document" "ec2_role_policy" {,它会引发错误。
resource "aws_iam_role" "ec2_role" {
name = "ec2-role"
assume_role_policy = data.aws_iam_policy_document.ec2_role_policy.json
}
resource "aws_iam_policy" "ec2_policy" {
name = "ec2-policy"
policy = data.aws_iam_policy_document.ec2_use_role_policy.json
}
resource "aws_iam_role_policy_attachment" "attach" {
role = …我正在尝试 terraform 移动块,但在使用它时出现以下错误。
main.tf 文件如下所示:-
module "docdb" {
`source = "./modules/docdb"`
docdb_subnet_group_name = "${var.project_name}-${var.environment}-group"
docdb_subnet_ids = module.vpc.private_subnets
docdb_cluster_identifier = "${var.project_name}-${var.environment}-docdb"
docdb_username = random_password.uname_create[0].result
docdb_password = random_password.password_create[0].result
skip_final_snapshot = var.skip_final_snapshot
docdb_vpc_security_group_ids = [module.sg_docdb.security_group_id]
docdb_cluster_instance_count = var.docdb_cluster_instance_count
docdb_cluster_instance_identifier = "docdb-cluster-${var.environment}-${count.index}"
instance_class = var.instance_class
docdb_parameter_group_name = "${var.project_name}-${var.environment}-docdb"
}
moved {
from = aws_docdb_cluster.docdb
to = module.docdb.aws_docdb_subnet_group.docdbgroup
}
moved {
from = aws_docdb_cluster_instance.docdb_cluster_instances[0]
to = module.docdb.aws_docdb_cluster.docdb
}
moved {
from = aws_docdb_cluster_parameter_group.cluster_para_group
to = module.docdb.aws_docdb_cluster_instance.docdb_cluster_instances
}
moved {
from = aws_docdb_subnet_group.docdbgroup
to = module.docdb.aws_docdb_cluster_parameter_group.cluster_para_group …rds.tf:-
module "db" {
**count = var.environment == "dev" || var.environment == "qa" ? 1 : 0**
source = "../rds"
identifier = var.db_name
engine = var.rds_engine
engine_version = var.rds_engine_version
output.tf:
output "rds_instance_endpoint" {
description = "The connection endpoint"
value = module.db.db_instance_endpoint
}
ERROR:-
Error: Unsupported attribute
on outputs.tf line 28, in output "rds_instance_endpoint":
28: value = module.db.db_instance_endpoint
module.db is a list of object, known only after apply
Can't access attributes on a list of objects. Did you mean to access …我正在尝试使用 Terraform 创建 IAM 角色和 IAM 策略。
\n我收到此错误:
\n\xe2\x94\x82 Error: error creating IAM Role (asg-domain-join-policy): MalformedPolicyDocument: Has prohibited field Resource\n \n status code: 400, request id: 53fa1ae0-f22f-4f2e-8aa6-1947421eae9b\n\n with aws_iam_role.ad_join_role,\n on iam.tf line 30, in resource "aws_iam_role" "ad_join_role":\n 30: resource "aws_iam_role" "ad_join_role" {\n我当前的 IAM 角色代码如下:
\nresource "aws_iam_role" "ad_join_role" {\n name = "asg-domain-join-policy"\n assume_role_policy = data.aws_iam_policy_document.asg_domain_join_policy.json\n permissions_boundary = "arn:aws:iam::${var.account_id}:policy/****"\n}\nIAM 策略的代码如下:
\ndata "aws_iam_policy_document" "asg_domain_join_policy" {\n statement {\n actions = [\n "ssm:DescribeAssociation",\n "ssm:GetDocument",\n "ssm:ListAssociations",\n "ssm:UpdateAssociationStatus",\n "ssm:UpdateInstanceInformation",\n …对于以下 Terraform 代码 - 我希望最终得到 2 个测试沙箱开发实例和 1 个测试沙箱测试实例。我希望能够从地图值中得出计数instance_count。
我尝试过使用,count但 Terraform 不允许for_each.
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.27"
}
}
required_version = ">= 0.14.9"
}
variable "instance_name" {
description = "Value of the Name tag for the EC2 instance"
type = string
default = "ChangedName"
}
variable "aws_region" {
description = "AWS Region"
type = string
default = "eu-west-2"
}
variable "instance_size_small" {
description = "Instance …我的provider.tf 文件中已经有最新版本:
required_providers {
archive = {
source = "hashicorp/archive"
version = "2.2.0"
}
aws = {
source = "hashicorp/aws"
version = "3.72.0"
}
}
然而,当我检查terraform version我的终端时,我得到了这个:
Terraform v1.0.7
on darwin_amd64
+ provider registry.terraform.io/hashicorp/archive v2.2.0
+ provider registry.terraform.io/hashicorp/aws v3.72.0
Your version of Terraform is out of date! The latest version
is 1.1.4. You can update by downloading from https://www.terraform.io/downloads.html
我已经尝试过terraform init -upgrade,但这也没有什么区别。我还从网站手动下载了 terraform 的新版本,但我的终端仍然显示 1.0.7。
由于旧的 Terraform 版本,我面临其他错误。如何使用终端更新到最新版本?
我已经尝试部署自我管理节点 EKS 集群有一段时间了,但没有成功。我现在遇到的错误是 EKS 插件:
错误:创建 EKS 插件时出错 (DevOpsLabs2b-dev-test--eks:kube-proxy):InvalidParameterException:不支持指定的插件版本,AddonName:“kube-proxy”,ClusterName:“DevOpsLabs2b-dev-test-- eks", Message_: "不支持指定的插件版本" } 在 .terraform/modules/eks-ssp-kubernetes-addons/modules 上使用 module.eks-ssp-kubernetes-addons.module.aws_kube_proxy[0].aws_eks_addon.kube_proxy /kubernetes-addons/aws-kube-proxy/main.tf 第 19 行,在资源“aws_eks_addon”“kube_proxy”中:
coredns 也会重复此错误,但 ebs_csi_driver 会抛出:
错误:创建期间返回意外的 EKS 附加组件 (DevOpsLabs2b-dev-test--eks:aws-ebs-csi-driver) 状态:等待状态变为“ACTIVE”时超时(最后状态:“DEGRADED”,超时: 20m0s) [警告] 再次运行 terraform apply 将删除 kubernetes 插件并尝试再次创建它,有效清除以前的插件配置
我的 main.tf 看起来像这样:
terraform {
backend "remote" {}
required_providers {
aws = {
source = "hashicorp/aws"
version = ">= 3.66.0"
}
kubernetes = {
source = "hashicorp/kubernetes"
version = ">= 2.7.1"
}
helm = {
source = "hashicorp/helm"
version = ">= 2.4.1" …amazon-web-services kubernetes terraform terraform-provider-aws amazon-eks
terraform ×9
amazon-ec2 ×1
amazon-eks ×1
amazon-iam ×1
amazon-kms ×1
hashicorp ×1
kubernetes ×1
version ×1