infrastructure-as-code

问题 There is a repeatable configuration that I see in many Terraform projects where the provider is AWS: The configuration of an outbound (egress) rule to allow ALL outbound traffic. As far as I understand, this is the default behavior in AWS as mentioned in the AWS user guide: By default, a security group includes an outbound rule that allows all outbound traffic. You can remove the rule and add outbound rules that allow specific outbound traffic only. If your security group has no outbound

问题 There is a repeatable configuration that I see in many Terraform projects where the provider is AWS: The configuration of an outbound (egress) rule to allow ALL outbound traffic. As far as I understand, this is the default behavior in AWS as mentioned in the AWS user guide: By default, a security group includes an outbound rule that allows all outbound traffic. You can remove the rule and add outbound rules that allow specific outbound traffic only. If your security group has no outbound

问题 CDK Pipelines is great, specially for cross-account deployments. It enables the developers to define and customize the CI/CD pipeline for their app to their heart's content. But to remain SoC compliant, we need to make sure that necessary controls like below are validated/enforced A manual approval stage should be present before the stage that does the cross-account deployment to production Direct deployment to production bypassing dev/staging environment is not allowed Test cases (Unit tests

问题 Recently, while trying to build a terraform IaC, I found that I couldn’t get the API Gateway to route to the Lambda properly. It turned out that when using the console AWS automatically assigns the permissions the gateway needs for the Lambda, but with IaC in terraform this must be assigned explicitly. The above is understandable but for a newbie, to both AWS and terraform, confusing. Is there documentation which explains the required components within an infrastructure connection, such as

问题 Recently, while trying to build a terraform IaC, I found that I couldn’t get the API Gateway to route to the Lambda properly. It turned out that when using the console AWS automatically assigns the permissions the gateway needs for the Lambda, but with IaC in terraform this must be assigned explicitly. The above is understandable but for a newbie, to both AWS and terraform, confusing. Is there documentation which explains the required components within an infrastructure connection, such as

问题 Recently, while trying to build a terraform IaC, I found that I couldn’t get the API Gateway to route to the Lambda properly. It turned out that when using the console AWS automatically assigns the permissions the gateway needs for the Lambda, but with IaC in terraform this must be assigned explicitly. The above is understandable but for a newbie, to both AWS and terraform, confusing. Is there documentation which explains the required components within an infrastructure connection, such as

来源： https://stackoverflow.com/questions/55400579/how-to-attach-custom-gcp-role-to-a-gcp-service-account-using-terraform

问题 In terraform/aws/global/vpc/security_groups.tf I have the below code to create my bastion security group, and the output.tf file as well which is below. But in terraform/aws/layers/bastion/main.tf (code also below) I reference that security group as I need its security group ID to create my EC2 instance, the issue I have is that rather than getting the ID from the already existing security group created by the /vpc/security_groups.tf config it tries to create the whole security group and the

问题 In terraform/aws/global/vpc/security_groups.tf I have the below code to create my bastion security group, and the output.tf file as well which is below. But in terraform/aws/layers/bastion/main.tf (code also below) I reference that security group as I need its security group ID to create my EC2 instance, the issue I have is that rather than getting the ID from the already existing security group created by the /vpc/security_groups.tf config it tries to create the whole security group and the

问题 I have used this module to create a security group in AWS VPC. How do I reference the resource created from this in a separate file? I am creating our bastion instance in a separate directory in the same repo. My bastion config looks like the following, uses the Terraform EC2 module and works if I hard code the vpc security group ID, but I want it to be able to take it directly from when the security group is created as this could change in the future.. terraform/aws/layers/bastion/main.tf