使用 Terraform 管理多个 AWS 区域

【问题标题】:Using Terraform to manage multiple AWS regions使用 Terraform 管理多个 AWS 区域
【发布时间】:2018-07-15 21:54:33
【问题描述】:

谁能给我一个示例,说明如何基于变量映射以编程方式创建 Terraform 提供程序别名?这是我尝试过的,但我收到以下错误:

variable "aws_regions" {
  default = [
    {
      region = "us-east-1"
      alias  = "default"
    },
    {
      region = "us-east-2"
      alias  = "useast2"
    },
    {
      region = "us-west-1"
      alias  = "uswest1"
    },
    {
      region = "us-west-2"
      alias  = "uswest2"
    },
    {
      region = "eu-central-1"
      alias  = "eucent1"
    }
  ]
}

provider "aws" {
  count  = "${length(var.aws_regions)}"
  region = "${lookup(var.aws_regions[count.index], "region")}"
  alias  = "${lookup(var.aws_regions[count.index], "alias")}"
}

# CloudWatch Log Groups
resource "aws_cloudwatch_log_group" "linux" {
  count    = "${length(var.aws_regions)}"
  provider = "aws.${lookup(var.aws_regions[count.index], "alias")}"

  name = "Linux"
}

错误:

$ terraform plan
* provider.aws.${lookup(var.aws_regions[count.index], "alias")}: count.index: count.index is only valid within resources

【问题讨论】:

    标签: amazon-web-services terraform


    【解决方案1】:

    使用工作区 - 它可用于可复制的用例,例如开发环境和多区域。 https://www.terraform.io/docs/state/workspaces.html

    【讨论】:

    • 我相信这个答案可能与问题无关。可以使用工作空间来管理不同的区域,但在此示例/请求中,他们希望遍历多个区域以获得区域性的单个功能(例如:cloudtrail / guardduty)。不同用例的工作区可能是一个有效的答案,对于这个用例,我认为不是。我之前对此投了反对票,但我删除了反对票,只支持一个大评论供其他人阅读。
    • 我认为这不是答案的原因是我假设作者实际上并未管理 16 个 AWS 区域。如果是的话,工作空间可能是一种有效的方法。因为我认为他们可能不是(在过去 10 年中与我合作的 99% 的客户都是单区域的),所以创建 16 个工作区并让它们 terraform 应用 16 次并不理想。我不希望任何人这样做。
    【解决方案2】:

    事实证明,Terraform 提供程序处理发生得很早,当前版本 (v.0.11.3) 目前不支持提供程序的变量插值。我确实发现了一个不太糟糕的解决方法,但它需要大量的代码重复。

    ma​​in.tf

    # Default Region
provider "aws" {
  region  = "us-east-1"
  version = "~> 1.8"
}

provider "aws" {
  alias  = "us-east-1"
  region = "us-east-1"
}

provider "aws" {
  alias  = "us-east-2"
  region = "us-east-2"
}

provider "aws" {
  alias  = "us-west-1"
  region = "us-west-1"
}

provider "aws" {
  alias  = "us-west-2"
  region = "us-west-2"
}

provider "aws" {
  alias  = "eu-central-1"
  region = "eu-central-1"
}

# CloudTrail Setup in Default Region
module "cloudtrail" {
  source = "./cloudtrail"
}

# CloudWatch Setup per Region
module "us-east-1_cloudwatch" {
  source = "./cloudwatch"
  providers = {
    "aws.region" = "aws.us-east-1"
  }
}

module "us-east-2_cloudwatch" {
  source = "./cloudwatch"
  providers = {
    "aws.region" = "aws.us-east-2"
  }
}

module "us-west-1_cloudwatch" {
  source = "./cloudwatch"
  providers = {
    "aws.region" = "aws.us-west-1"
  }
}

module "us-west-2_cloudwatch" {
  source = "./cloudwatch"
  providers = {
    "aws.region" = "aws.us-west-2"
  }
}

module "eu-central-1_cloudwatch" {
  source = "./cloudwatch"
  providers = {
    "aws.region" = "aws.eu-central-1"
  }
}

    cloudwatch/main.tf

    provider "aws" {
  alias = "region"
}

# CloudWatch Log Groups
resource "aws_cloudwatch_log_group" "linux" {
  name     = "Linux"
  provider = "aws.region"

  tags {
    OS = "Linux"
  }
}

    【讨论】:

    • provider.tf 确实支持插值。 terraform.tf 是没有的文件。
    猜你喜欢
    • 2017-04-16
    • 2019-01-08
    • 1970-01-01
    • 2017-07-25
    • 2020-08-07
    • 2021-09-05
    • 1970-01-01
    • 2019-02-07
    • 2022-10-14
    相关资源
    最近更新 更多
    热门标签
    Java Python linux javascript Mysql C# Docker 算法 前端 SpringBoot Redis Vue spring 设计模式 .net core .net kubernetes c++ 数据库 数据结构 大数据 js 机器学习 微服务 Android Go 程序员 面试 JVM ASP.net core 云原生 人工智能 后端 PHP git CSS golang k8s Nginx Django mybatis 深度学习 多线程 React 架构 devops 爬虫 云计算 Spring Boot LeetCode