terraform

问题 I'm learning TF and trying to apply an infrastructure that creates: a simple lambda function an SNS topic get that lambda to subscribe the SNS topic a Cloud Watch Event that publishes a message to the topic at some interval a Cloud Watch Log Group to check if the lambda gets notified by the SNS The lambda permission to allow calls from SNS I'm able to apply that successfully. The infrastructure seems perfectly fine (it has the same aspect when I create that myself through the visual aws

问题 We are using conftest to validate if our terraform changeset applies to certain rules & compliances. One thing we want to validate is wether our AWS resources are tagged according to the AWS tagging convention, which specifies certain tags to use (e.g. Owner, ApplicationRole, Project) and specifies that all tags and values are in CamelCase. in terraform the changeset is portrayed in the following (simplified) json output: { "resource_changes":{ "provider_name":"aws", "change":{ "before":{ },

问题 We are using conftest to validate if our terraform changeset applies to certain rules & compliances. One thing we want to validate is wether our AWS resources are tagged according to the AWS tagging convention, which specifies certain tags to use (e.g. Owner, ApplicationRole, Project) and specifies that all tags and values are in CamelCase. in terraform the changeset is portrayed in the following (simplified) json output: { "resource_changes":{ "provider_name":"aws", "change":{ "before":{ },

问题 I can't find the documentation or an example Terraform module online. How do I create a custom Event Bus in AWS Event Bridge? 回答1: As of this writing, creating an EventBridge Event Bus isn't supported by the Terraform Provider for AWS yet. We had to use the default Event Bus or create it with the AWS CLI or Console. Caveats: EventBridge has a couple of serious IAM gaps right now: you can't restrict what buses an IAM principal can publish events too and it uses a Service principal instead of a

问题 I have an issue with Terraform provisioning. When I run terraform first time I am using SSH key generated in AWS console. This key is being added to ubuntu user (it's Ubuntu 16.04 AMI). Then I run remote-exec provisioning: provisioner "remote-exec" { inline = [ "sudo apt -y update && sudo apt install -y python" ] connection { user = "ubuntu" private_key = "${file("${var.aws_default_key_name}.pem")}" } } I need python being installed so I can use Ansible later. That's the only place where I

问题 I have an issue with Terraform provisioning. When I run terraform first time I am using SSH key generated in AWS console. This key is being added to ubuntu user (it's Ubuntu 16.04 AMI). Then I run remote-exec provisioning: provisioner "remote-exec" { inline = [ "sudo apt -y update && sudo apt install -y python" ] connection { user = "ubuntu" private_key = "${file("${var.aws_default_key_name}.pem")}" } } I need python being installed so I can use Ansible later. That's the only place where I

问题 We store our latest approved AMIs in AWS parameter store. When creating new instances with Terraform I would like to programatically get this AMI ID. I have a command to pull the AMI ID but I'm not sure how to use it with Terraform. Here is the command I use to pull the AMI ID: $(aws ssm get-parameter --name /path/to/ami --query 'Parameter.Value' --output text) And here is my Terraform script: resource "aws_instance" "nginx" { ami = "ami-c58c1dd3" # pull value from parameter store instance

问题 We store our latest approved AMIs in AWS parameter store. When creating new instances with Terraform I would like to programatically get this AMI ID. I have a command to pull the AMI ID but I'm not sure how to use it with Terraform. Here is the command I use to pull the AMI ID: $(aws ssm get-parameter --name /path/to/ami --query 'Parameter.Value' --output text) And here is my Terraform script: resource "aws_instance" "nginx" { ami = "ami-c58c1dd3" # pull value from parameter store instance

问题 I'm using the AWS VPC Terraform module to create a VPC. Additionally, I want to create and attach an Internet Gateway to this VPC using the aws_internet_gateway resource. Here is my code: module "vpc" "vpc_default" { source = "terraform-aws-modules/vpc/aws" name = "${var.env_name}-vpc-default" cidr = "10.0.0.0/16" enable_dns_hostnames = true } resource "aws_internet_gateway" "vpc_default_igw" { vpc_id = "${vpc.vpc_default.id}" tags { Name = "${var.env_name}-vpc-igw-vpcDefault" } } When I run

问题 I am trying to build multiple vnets in Azure using Terraform 0.12+ and its new for_each and running into some trouble. I was hoping that the new capabilities would allow me to create a generic network module that takes in a complex variable but I perhaps have reached its limit or am just not thinking it through correctly.. Essentially I my variable is built like variable "networks" { type = list(object({ name = string, newbits = number, netnum = number, subnets = list(object({ name = string,