1

我们正在尝试在 S3 中继续引导 user_data 配置文件。但是我们还需要变量和管理部分用户数据脚本的秘密。所以我的想法是创建一个存储桶,存储我们的脚本,然后template_file从 s3 使用。然后将渲染的模板推入我的 user_data 中aws_launch_configuration。然而,人们不只是这样做。

当我检查我的 aws 控制台时,我看到 user_data 只是作为存储桶文件的 url 出现。有没有办法我仍然可以做到这一点,或者有没有更好的方法从 s3 中提取 user_data 同时仍然能够传递变量?

以下是我目前失败的尝试;为简洁起见减少。

# Create folder and upload bootstrap files
resource "aws_s3_bucket_object" "bootstrap_config" {
  for_each      = "${fileset(var.bootstrapConfigPath, "*")}"

    bucket        = "${aws_s3_bucket.bootstrap_bucket.id}"
    acl           = "private"
    key           = "${each.value}"
    source        = "${var.bootstrapConfigPath}/${each.value}"
    etag          = filemd5("${var.bootstrapConfigPath}/${each.value}")
}
.
.in another module...
.
data "template_file" "user_data" {
  template = "${join("", list(var.bootstrap_bucket, "/config/user_data.sh"))}"
  vars = {
    _port         = "${var.port}"
    _allowed_cidr = "${var.allowed_cidr}"
  }
}
.
.
.
resource "aws_launch_configuration" "sample_thing" {
  name_prefix                 = "sample-${var.environment}"
  image_id                    = "${var.ami_id[var.aws_region]}"
  instance_type               = "${var.instance_type}"
  associate_public_ip_address = "${var.ispublic}"
  key_name                    = "${var.key_name}"
  security_groups             = ["${aws_security_group.instance.id}"]
  iam_instance_profile        = "${aws_iam_instance_profile.the_profile.arn}"
  user_data                   = "${data.template_file.user_data.rendered}"

  root_block_device {
    encrypted             = true

  }
  lifecycle {
    create_before_destroy = true
  }
}
4

1 回答 1

1

好的,想通了。基于这篇博

我所做的是将 user_data 脚本作为来自包含引导存储桶和对象的模块的数据输出。然后在启动配置中导入它并在我的template_file 

# Create folder and upload bootstrap files
resource "aws_s3_bucket_object" "bootstrap_config" {
  for_each      = "${fileset(var.bootstrapConfigPath, "*")}"

    bucket        = "${aws_s3_bucket.bootstrap_bucket.id}"
    acl           = "private"
    key           = "${each.value}"
    source        = "${var.bootstrapConfigPath}/${each.value}"
    etag          = filemd5("${var.bootstrapConfigPath}/${each.value}")
}

data "aws_s3_bucket_object" "boot_config" {
    bucket      = "${aws_s3_bucket.bootstrap_bucket.id}"
    key         = "user_data.sh"
    depends_on = [aws_s3_bucket_object.bootstrap_config]
}

output "boot_config" {
  value = "${data.aws_s3_bucket_object.boot_config.body}"
}
.
.in another module...
.
data "template_file" "user_data" {
  template = "${var.boot_config}" #<-Imported output variable
  vars = {
    _port         = "${var._port}"
    _allowed_cidr = "${var._allowed_cidr}"
  }
}
.
.
.
resource "aws_launch_configuration" "sample_thing" {
  name_prefix                 = "sample-${var.environment}"
  image_id                    = "${var.ami_id[var.aws_region]}"
  instance_type               = "${var.instance_type}"
  associate_public_ip_address = "${var.ispublic}"
  key_name                    = "${var.key_name}"
  security_groups             = ["${aws_security_group.instance.id}"]
  iam_instance_profile        = "${aws_iam_instance_profile.the_profile.arn}"
  user_data                   = "${data.template_file.user_data.rendered}"

  root_block_device {
    encrypted             = true

  }
  lifecycle {
    create_before_destroy = true
  }
}
于 2019-11-30T02:02:32.207 回答