那些遇到过的问题

标签: terraform

terraform 如何找到在模块上创建的存储桶的 ARN

我正在使用模块创建存储桶,如何找到该存储桶的 ARN?

创建模块

module "testbucket" {
 source         = "github.com/tomfa/terraform-sandbox/s3-webfiles-bucket"
 aws_region     = "${var.aws_region}"
 aws_access_key = "${var.aws_access_key}"
 aws_secret_key = "${var.aws_secret_key}"
 bucket_name    = "${var.bucket_name}-test"
}
Run Code Online (Sandbox Code Playgroud)

然后,当我调用该策略时,我需要访问 ARN

 {
    "Sid": "accessToS3",
    "Effect": "Allow",
    "Action": [
        "s3:*"
    ],
    "Resource": [
        "${aws_s3_bucket.${var.bucket_name}.arn}",
    ]
}
Run Code Online (Sandbox Code Playgroud)

我没有引用 ARN,因此出现错误:

错误:资源“aws_iam_role_policy.policy_Demo_lambda”配置:变量 aws_s3_bucket.mybukk.arn 中引用了未知资源“aws_s3_bucket.mybukk”

如何访问我的 ARN?谢谢

amazon-web-services terraform

man*_*urt
lucky-day
9
推荐指数
2
解决办法
2万
查看次数

terraform 不检测 lambda 源文件的更改

在我的main.tf我有以下内容:

data "template_file" "lambda_script_temp_file" {
  template = "${file("../../../fn/lambda_script.py")}"
}

data "template_file" "library_temp_file" {
  template = "${file("../../../library.py")}"
}

data "template_file" "init_temp_file" {
  template = "${file("../../../__init__.py")}"
}

data "archive_file" "lambda_resources_zip" {
  type        = "zip"
  output_path = "${path.module}/lambda_resources.zip"

  source {
    content   = "${data.template_file.lambda_script_temp_file.rendered}"
    filename  = "lambda_script.py"
  }

  source {
    content   = "${data.template_file.library_temp_file.rendered}"
    filename  = "library.py"
  }

  source {
    content   = "${data.template_file.init_temp_file.rendered}"
    filename  = "__init__.py"
  }
}

resource "aws_lambda_function" "MyLambdaFunction" {
  filename          = "${data.archive_file.lambda_resources_zip.output_path}"
  function_name     = "awesome_lambda"
  role              = "${var.my_role_arn}"
  handler           = …
Run Code Online (Sandbox Code Playgroud)

amazon-web-services aws-lambda terraform aws-glue

Moe*_* MH
2019 01-21
9
推荐指数
1
解决办法
4632
查看次数

Terraform 0.12 - 从嵌套的 for 循环生成地图/对象

作为Terraform 0.12 嵌套 for 循环的后续。我试图从嵌套循环中生成一个对象,但失败得很惨:(

您将如何进行生产:

  Outputs:

  association-list = {
    "policy1" = "user1"
    "policy2" = "user1"
    "policy2" = "user2"
  }
Run Code Online (Sandbox Code Playgroud)

从:

iam-policy-users-map = {
  "policy1" = [ "user1" ]
  "policy2" = [ "user1", "user2" ]
}
Run Code Online (Sandbox Code Playgroud)

我尝试了许多变体:

variable iam-policy-users-map {
  default = {
    "policy1" = [ "user1" ]
    "policy2" = [ "user1", "user2" ]
  }
}

locals {
  association-map = merge({
    for policy, users in var.iam-policy-users-map : {
      for user in users : {
        policy => user
      } …
Run Code Online (Sandbox Code Playgroud)

terraform

let*_*ers
2019 08-01
9
推荐指数
1
解决办法
1万
查看次数

在使用 for_each 创建的资源内包含 for_each 的动态块

我正在尝试使用 Terraform 0.12+ 及其新的 for_each 在 Azure 中构建多个 vnet,但遇到了一些麻烦。我希望新功能能够让我创建一个接受复杂变量的通用网络模块,但我可能已经达到了它的极限,或者只是没有正确地思考它。本质上我的变量是这样构建的

variable "networks" {
  type = list(object({ name = string, newbits = number, netnum = number, subnets = list(object({ name = string, newbits = number, netnum = number}))}))
}
Run Code Online (Sandbox Code Playgroud)

您可以看到它是一个网络数组,其中包含该网络的子网子数组。这样做可以轻松记录网络,而无需额外的 terraform 资源需求,因此我们的网络团队可以轻松调整/扩展,而无需担心了解 HCL。

我可以使用计数及其索引执行构建多个 vnet 资源的必要功能,但我想使用 for_each,因为它允许对键进行索引,而不是可能随时间变化的计数(需要重新部署,而我们不能做)。

网络对象

networks = [
    {
        # x.x.1.0/24
        name        = "DMZ",
        newbits     = "8",
        netnum      = "1",
        subnets      = [
            {
                # x.x.1.0/25
                name        = "DMZ"
                newbits     = "9",
                netnum      = "2"
            }
        ]
    },
    { …
Run Code Online (Sandbox Code Playgroud)

terraform terraform0.12+

Cor*_*eyZ
2019 09-11
9
推荐指数
1
解决办法
1万
查看次数

Terraform:如何导入AWS跨账户资源?

如何将现有 AWS 资源导入 Terraform 状态(该资源存在于不同账户中)?

terraform import module.mymodule.aws_iam_policy.policy arn:aws:iam::123456789012:policy/mypolicy
Run Code Online (Sandbox Code Playgroud)

给出以下错误:

Error: Cannot import non-existent remote object

While attempting to import an existing object to aws_iam_policy.policy, the
provider detected that no object exists with the given id. Only pre-existing
objects can be imported; check that the id is correct and that it is
associated with the provider's configured region or endpoint, or use
"terraform apply" to create a new remote object for this resource.
Run Code Online (Sandbox Code Playgroud)

该资源是使用在名为 的模块中定义的不同配置程序在一个帐户中创建的mymodule

module "mymodule" { …
Run Code Online (Sandbox Code Playgroud)

amazon-web-services terraform terraform-provider-aws

Joh*_*ohn
2019 11-03
9
推荐指数
1
解决办法
3927
查看次数

Terraform 错误 EntityAlreadyExists:名称为 iam_for_lambda 的角色已存在

当我运行命令时,terraform apply发生以下错误,因为角色已存在:

Error: Error creating IAM Role iam_for_lambda: EntityAlreadyExists: Role with name iam_for_lambda already exists.
    status code: 409, request id: 204c6c00-0b1d-4fb9-bf9c-fca48c67d669

  on main.tf line 1, in resource "aws_iam_role" "iam_for_lambda":
   1: resource "aws_iam_role" "iam_for_lambda" {
Run Code Online (Sandbox Code Playgroud)

我可以使用技巧来检查该角色是否已经存在而不会出现错误吗?

amazon-web-services terraform

Lor*_*oro
2022 09-16
9
推荐指数
1
解决办法
7439
查看次数

启用计数时创建 Terraform 输出

我正在尝试为 Terraform 中已设置计数的资源创建outputs.tf。当 count 为 1 时,一切正常,但是当 count 为 0 时,则不然:

如果我创建这样的输出

output "ec2_instance_id" {
  value = aws_instance.ec2_instance.id
}
Run Code Online (Sandbox Code Playgroud)

它错误

由于 aws_instance.ec2_instance 设置了“count”,因此必须在特定实例上访问其属性。

但是,将其更改为

output "ec2_instance_id" {
  value = aws_instance.ec2_instance[0].id
}
Run Code Online (Sandbox Code Playgroud)

适用于计数为 1,但当计数为 0 时给出

aws_instance.ec2_instance 是空元组

给定的键不标识此集合值中的元素。

因此我看到了这篇文章并尝试了

output "ec2_instance_id" {
  value = aws_instance.ec2_instance[count.index].id
}
Run Code Online (Sandbox Code Playgroud)

但这给了

“count”对象只能在“resource”和“data”块中使用,并且只能在设置了“count”参数时使用。

正确的语法是什么?

amazon-ec2 amazon-web-services terraform

Way*_*eio
lucky-day
9
推荐指数
1
解决办法
1万
查看次数

awsvpc:网络配置对此任务定义的给定网络模式无效

我的任务定义:

resource "aws_ecs_task_definition" "datadog" {
  family        = "${var.environment}-datadog-agent-task"
  task_role_arn = "arn:aws:iam::xxxxxxxx:role/datadog-role"

  container_definitions = <<EOF
[
  {
    "name": "${var.environment}-${var.datadog-identifier}",
    "network_mode" : "awsvpc",
    "image": "datadog/agent:latest",
    "portMappings": [
      {
...
Run Code Online (Sandbox Code Playgroud)

我的服务定义:

resource "aws_ecs_service" "datadog" {
  name            = "${var.environment}-${var.datadog-identifier}-datadog-ecs-service"
  cluster         = "${var.cluster}"
  task_definition = "${aws_ecs_task_definition.datadog.arn}"

  network_configuration {
    subnets = flatten(["${var.private_subnet_ids}"])
  }

  # This allows running one for every instance
  scheduling_strategy = "DAEMON"
}
Run Code Online (Sandbox Code Playgroud)

我收到以下错误 -

InvalidParameterException: Network Configuration is not valid for the given networkMode of this task definition
Run Code Online (Sandbox Code Playgroud)

我在这里缺少什么吗?查看 Terraform 文档和 GitHub 问题,这应该可行。它与将 …

amazon-web-services amazon-ecs terraform terraform-provider-aws

gam*_*mer
2020 01-10
9
推荐指数
1
解决办法
1万
查看次数

AWS API Gateway 和静态 HTML:“由于配置错误而执行失败:statusCode 应该是请求模板中定义的整数”

我正在尝试使用 AWS API Gateway 提供静态内容。当我尝试从测试页面和 调用 URL 时curl,出现错误:

“由于配置错误,执行失败:statusCode 应该是请求模板中定义的整数”。

这是我在 Terraform 上的配置:

resource "aws_api_gateway_rest_api" "raspberry_api" {
  name        = "raspberry_api"
}

resource "aws_acm_certificate" "raspberry_alexa_mirko_io" {
  domain_name       = "raspberry.alexa.mirko.io"
  validation_method = "DNS"

  lifecycle {
    create_before_destroy = true
  }
}

resource "aws_route53_record" "raspberry_alexa_mirko_io_cert_validation" {
  name    = aws_acm_certificate.raspberry_alexa_mirko_io.domain_validation_options.0.resource_record_name
  type    = aws_acm_certificate.raspberry_alexa_mirko_io.domain_validation_options.0.resource_record_type
  zone_id = var.route53_zone_id
  records = [aws_acm_certificate.raspberry_alexa_mirko_io.domain_validation_options.0.resource_record_value]
  ttl     = 60
}

resource "aws_route53_record" "raspberry_alexa_mirko_io" {
  zone_id = var.route53_zone_id
  name = aws_acm_certificate.raspberry_alexa_mirko_io.domain_name
  type = "A"
  alias {
    name = aws_api_gateway_domain_name.raspberry_alexa_mirko_io.cloudfront_domain_name
    zone_id = …
Run Code Online (Sandbox Code Playgroud)

amazon-web-services terraform aws-api-gateway terraform-provider-aws

fcr*_*r79
2020 01-27
9
推荐指数
3
解决办法
1万
查看次数

Terraform:aws_iam_policy_document 中的条件语句块?

有没有办法有条件地添加statementaws_iam_policy_document?我正在寻找类似的东西:

data "aws_iam_policy_document" "policy" {
  statement {
    sid = "PolicyAlways"

    ...
  }

  if (var.enable_optional_policy) {
    statement {
      sid = "PolicySometimes"

      ...
    }
  }
}
Run Code Online (Sandbox Code Playgroud)

amazon-iam terraform

jbr*_*eed
lucky-day
9
推荐指数
1
解决办法
1589
查看次数

标签 统计

terraform ×10

amazon-web-services ×7

terraform-provider-aws ×3

amazon-ec2 ×1

amazon-ecs ×1

amazon-iam ×1

aws-api-gateway ×1

aws-glue ×1

aws-lambda ×1

terraform0.12+ ×1