我正在尝试在 AWS Lambda 层上运行 python 函数,但我没有找到有关 terraform 的任何文档来使用 AWS 提供的 lambda 层。如何使用 AWS 提供的 lambda 层 AWSLambda-Python27-SciPy1x和运行时Python 2.7?
#----compute/lambda.tf----
data "archive_file" "lambda_zip" {
type = "zip"
source_file = "index.py"
output_path = "check_foo.zip"
}
resource "aws_lambda_function" "check_foo" {
filename = "check_foo.zip"
function_name = "checkFoo"
role = "${aws_iam_role.iam_for_lambda_tf.arn}"
handler = "index.handler"
source_code_hash = "${data.archive_file.lambda_zip.output_base64sha256}"
# i want to use lambda layer - AWSLambda-Python27-SciPy1x and run this function on it
runtime = "python2.7"
}
amazon-web-services aws-lambda terraform terraform-provider-aws
我想将托管 IAM 策略 ARN(如AmazomS3FullAccess)和内联/自定义 IAM 策略(在 terraform 文件中以 JSON 编写)附加到单个 IAM 角色。
通过使用,aws_iam_role_policy_attachment我只能附加一项保单,如何附加两项保单?
variables.tf
------------
variable "iam_policy_arn" {
description = "IAM Policy to be attached to role"
type = list(string)
default = ["arn:aws:iam::aws:policy/AWSLambdaFullAccess", "arn:aws:iam::aws:policy/AmazonSSMFullAccess", "arn:aws:iam::aws:policy/AmazonSageMakerFullAccess"]
}
main.tf
-------
resource "aws_iam_role" "test_role" {
name = "test_role"
assume_role_policy = <<-EOF
{
"Version":"2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Principal":{
"Service":"ec2.amazonaws.com"
},
"Action":"sts:AssumeRole"
},
{
"Effect":"Allow",
"Principal":{
"Service":"sagemaker.amazonaws.com",
"AWS":"*"
},
"Action":"sts:AssumeRole"
}
]
}
EOF
}
resource "aws_iam_role_policy_attachment" "role_policy_attachment" {
role = …New-Item -Path "C:\aws" -Name "script.ps1" -ItemType "file" -Value "text in file"
我正在尝试使用上面的命令创建一个文件,如果该文件已经存在,我必须用新文件替换它,它将具有相同的文件名。请帮忙
我有一个 AWS lambda 函数,它创建一个数据帧,我需要将此文件写入 S3 存储桶。
import pandas as pd
import boto3
import io
# code to get the df
destination = "output_" + str(datetime.datetime.now().strftime('%Y_%m_%d_%H_%M_%S')) + '.json'
df.to_json(destination) # this file should be written to S3 bucket
I need to pass the below templatefile function to user_data in EC2 resource. Thank you
userdata.tf
templatefile("${path.module}/init.ps1", {
environment = var.env
hostnames = {"dev":"devhost","test":"testhost","prod":"prodhost"}
})
ec2.tf
resource "aws_instance" "web" {
ami = "ami-xxxxxxxxxxxxxxxxx"
instance_type = "t2.micro"
# how do I pass the templatefile Funtion here
user_data = ...
tags = {
Name = "HelloWorld"
}
}
我已经使用 powershell 脚本安装了 aws cli
$command = "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12"
Invoke-Expression $command
Invoke-WebRequest -Uri "https://awscli.amazonaws.com/AWSCLIV2.msi" -Outfile C:\AWSCLIV2.msi
$arguments = "/i `"C:\AWSCLIV2.msi`" /quiet"
Start-Process msiexec.exe -ArgumentList $arguments -Wait
aws --version
当我尝试打印aws --version它时会出现以下错误。
aws : The term 'aws' is not recognized as the name of a cmdlet, function,
script file, or operable program. Check the spelling of the name, or if a path
was included, verify that the path is correct and try again.
At line:1 char:1
+ aws
+ …我试图通过云初始化将文件复制到 Windows EC2 实例,方法是传递用户数据,云初始化模板运行,它创建一个文件夹但不复制文件,您能帮助我理解我在代码中做错了什么吗?
此代码通过自动缩放组的启动配置传递
data template_cloudinit_config ebs_snapshot_scripts {
gzip = false
base64_encode = false
part {
content_type = "text/cloud-config"
content = <<EOF
<powershell>
$path = "C:\aws"
If(!(test-path $path))
{
New-Item -ItemType Directory -Force -Path $path
}
</powershell>
write_files:
- content: |
${file("${path.module}/../../../../scripts/aws-ebs-snapshot-ps/1-start-ebs-snapshot.ps1")}
path: C:\aws\1-start-ebs-snapshot.ps1
permissions: '0744'
- content: |
${file("${path.module}/../../../../scripts/aws-ebs-snapshot-ps/2-run-backup.cmd")}
path: C:\aws\2-run-backup.cmd
permissions: '0744'
- content: |
${file("${path.module}/../../../../scripts/aws-ebs-snapshot-ps/3-ebs-snapshot.ps1")}
path: C:\aws\3-ebs-snapshot.ps1
permissions: '0744'
EOF
}
}
amazon-web-services cloud-init terraform terraform-provider-aws
使用 AWS CLI,如何输出仅包含账户名称和帐号的所有账户的列表?
以下命令输出帐户名称和号码以及其他值,如何过滤它?
aws organizations list-accounts
我想使用资源将资源private_key_pem生成的内容保存tls_private_key到本地磁盘上的文件中local_file。
resource "tls_private_key" "example" {
algorithm = "RSA"
rsa_bits = 4096
}
resource "aws_key_pair" "generated_key" {
key_name = "cloudtls"
public_key = tls_private_key.example.public_key_openssh
}
resource "aws_instance" "automation" {
instance_type = var.instance_type
ami = var.image_id
iam_instance_profile = aws_iam_instance_profile.ec2_profile.name
key_name = aws_key_pair.generated_key.key_name
}
resource "local_file" "pem_file" {
filename = "pemfile.pem"
#
}
有人可以通过一个易于理解的示例来解释 CloudFormation 中 CreationPolicy 和 DependsOn 属性之间的区别吗?
terraform ×5
aws-lambda ×2
powershell ×2
amazon-s3 ×1
aws-cli ×1
cloud-init ×1
json ×1
pandas ×1
python ×1