【问题标题】:using terraform template_file and s3 to bootstrap with s3使用 terraform template_file 和 s3 来引导 s3
【发布时间】:2020-03-23 10:40:00
【问题描述】:

我们正在尝试在 S3 中继续引导 user_data 配置文件。但是我们还需要变量和管理部分用户数据脚本的秘密。所以我的想法是创建一个存储桶,存储我们的脚本,然后使用来自 s3 的template_file。然后将该渲染模板推入我的aws_launch_configuration 的user_data。然而,人们不只是这样做。

当我检查我的 aws 控制台时,我看到 user_data 只是作为存储桶文件的 url 出现。有没有办法我仍然可以做到这一点,或者有没有更好的方法从 s3 中提取 user_data 同时仍然能够传递变量?

以下是我目前失败的尝试;为简洁起见减少。

# Create folder and upload bootstrap files
resource "aws_s3_bucket_object" "bootstrap_config" {
  for_each      = "${fileset(var.bootstrapConfigPath, "*")}"

    bucket        = "${aws_s3_bucket.bootstrap_bucket.id}"
    acl           = "private"
    key           = "${each.value}"
    source        = "${var.bootstrapConfigPath}/${each.value}"
    etag          = filemd5("${var.bootstrapConfigPath}/${each.value}")
}
.
.in another module...
.
data "template_file" "user_data" {
  template = "${join("", list(var.bootstrap_bucket, "/config/user_data.sh"))}"
  vars = {
    _port         = "${var.port}"
    _allowed_cidr = "${var.allowed_cidr}"
  }
}
.
.
.
resource "aws_launch_configuration" "sample_thing" {
  name_prefix                 = "sample-${var.environment}"
  image_id                    = "${var.ami_id[var.aws_region]}"
  instance_type               = "${var.instance_type}"
  associate_public_ip_address = "${var.ispublic}"
  key_name                    = "${var.key_name}"
  security_groups             = ["${aws_security_group.instance.id}"]
  iam_instance_profile        = "${aws_iam_instance_profile.the_profile.arn}"
  user_data                   = "${data.template_file.user_data.rendered}"

  root_block_device {
    encrypted             = true

  }
  lifecycle {
    create_before_destroy = true
  }
}

【问题讨论】:

    标签: amazon-web-services amazon-s3 cloud terraform hcl


    【解决方案1】:

    好的,想通了。基于此博客post

    我所做的是将 user_data 脚本作为来自包含引导存储桶和对象的模块的数据输出。然后在启动配置中导入它并在我的template_file 中使用它

    # Create folder and upload bootstrap files
    resource "aws_s3_bucket_object" "bootstrap_config" {
      for_each      = "${fileset(var.bootstrapConfigPath, "*")}"
    
        bucket        = "${aws_s3_bucket.bootstrap_bucket.id}"
        acl           = "private"
        key           = "${each.value}"
        source        = "${var.bootstrapConfigPath}/${each.value}"
        etag          = filemd5("${var.bootstrapConfigPath}/${each.value}")
    }
    
    data "aws_s3_bucket_object" "boot_config" {
        bucket      = "${aws_s3_bucket.bootstrap_bucket.id}"
        key         = "user_data.sh"
        depends_on = [aws_s3_bucket_object.bootstrap_config]
    }
    
    output "boot_config" {
      value = "${data.aws_s3_bucket_object.boot_config.body}"
    }
    .
    .in another module...
    .
    data "template_file" "user_data" {
      template = "${var.boot_config}" #<-Imported output variable
      vars = {
        _port         = "${var._port}"
        _allowed_cidr = "${var._allowed_cidr}"
      }
    }
    .
    .
    .
    resource "aws_launch_configuration" "sample_thing" {
      name_prefix                 = "sample-${var.environment}"
      image_id                    = "${var.ami_id[var.aws_region]}"
      instance_type               = "${var.instance_type}"
      associate_public_ip_address = "${var.ispublic}"
      key_name                    = "${var.key_name}"
      security_groups             = ["${aws_security_group.instance.id}"]
      iam_instance_profile        = "${aws_iam_instance_profile.the_profile.arn}"
      user_data                   = "${data.template_file.user_data.rendered}"
    
      root_block_device {
        encrypted             = true
    
      }
      lifecycle {
        create_before_destroy = true
      }
    }
    

    【讨论】:

      猜你喜欢
      • 2016-11-25
      • 2020-08-20
      • 1970-01-01
      • 2018-12-20
      • 2021-05-28
      • 2021-12-06
      • 2021-09-30
      • 2017-12-02
      • 2022-11-03
      相关资源
      最近更新 更多