0

我觉得我已经尝试了很多不同的方法,但在我如何调用这些变量方面我可能有点偏离。我有以下代码:

  config_rule_params = {
      "access_keys_rotated" = {
          "input_parameters" = "{\"maxAccessKeyAge\": \"90\"}",
          "maximum_execution_frequency" = "TwentyFour_Hours",
          "source" = {
              "owner" = "AWS",
              "source_identifier" = "ACCESS_KEYS_ROTATED"
          }
      },
      "acm_certificate_expiration_check" = {
          "input_parameters" = "{\"daysToExpiration\": \"30\"}",
          "maximum_execution_frequency" = "TwentyFour_Hours",
          "source" = {
              "owner" = "AWS",
              "source_identifier" = "ACM_CERTIFICATE_EXPIRATION_CHECK"
          },
          "scope" = {
              "compliance_resource_types" = "AWS::ACM::Certificate"
          }
      }
  }
}

resource "aws_config_config_rule" "parameterised_config_rules" {
    for_each                    = local.config_rule_params
    name                        = each.key
    input_parameters            = each.value.input_parameters
    maximum_execution_frequency = each.value.maximum_execution_frequency
    
    dynamic "source" {
        for_each = local.config_rule_params[*].source[*]
        content {
            owner = each.value.owner
            source_identifier = each.source_identifier
        }
    }

    dynamic "scope" {
        for_each = local.config_rule_params[*].scope[*]
        content {
            compliance_resource_types = each.value.compliance_resource_types
        }
    }
}

最终,我将在下面添加大量规则config_rule_params,但并非所有规则都具有sourcescope甚至是其他参数。创建资源时如何正确调用这些变量?当前收到以下错误:

Error: Unsupported attribute
  on .terraform/modules/baselines_config_rules_module/modules/baseline-config-rules/main.tf line 53, in resource "aws_config_config_rule" "parameterised_config_rules":
  53:         for_each = local.config_rule_params[*].source[*]
This object does not have an attribute named "source".
Error: Unsupported attribute
  on .terraform/modules/baselines_config_rules_module/modules/baseline-config-rules/main.tf line 61, in resource "aws_config_config_rule" "parameterised_config_rules":
  61:         for_each = local.config_rule_params[*].scope[*]
This object does not have an attribute named "scope".
ERROR: Job failed: exit code 1
4

2 回答 2

1

当您for_each动态块中使用时,默认情况下迭代器被引用为使用块的标签(sourcescope),而不是each

迭代器参数(可选)设置表示复数值的当前元素的临时变量的名称。如果省略,变量的名称默认为动态块的标签(上例中的“设置”)。

在您的示例中,它将是sourceand scope

    dynamic "source" {
        for_each = local.config_rule_params[*].source[*]
        content {
            owner = source.value.owner
            source_identifier = source.source_identifier
        }
    }

    dynamic "scope" {
        for_each = local.config_rule_params[*].scope[*]
        content {
            compliance_resource_types = scope.value.compliance_resource_types
        }
    }
于 2020-12-15T21:25:32.957 回答
1

您正确地使用[*]运算符作为一种简洁的方式将可能为 null 或不为 null 的值调整为包含零个或一个元素的列表,但这里有两件事需要更改:

  • 默认情况下,块的迭代器符号dynamic是您正在生成的块的名称。each是顶级资源本身的迭代器符号,即使在dynamic块内也是如此。
  • 作为上一项的结果,您可以将其用作块中表达式的each.value一部分,以引用 的当前元素。for_eachdynamiclocal.config_rule_params

把它们放在一起,我们得到这样的东西:

resource "aws_config_config_rule" "parameterised_config_rules" {
  for_each                    = local.config_rule_params

  name                        = each.key
  input_parameters            = each.value.input_parameters
  maximum_execution_frequency = each.value.maximum_execution_frequency
    
  dynamic "source" {
    for_each = each.value.source[*]
    content {
      owner             = source.value.owner
      source_identifier = source.value.source_identifier
    }
  }

  dynamic "scope" {
    for_each = each.value.scope[*]
    content {
      compliance_resource_types = scope.value.compliance_resource_types
    }
  }
}

请注意,dynamic "source"块中的当前元素是source.value,而dynamic "scope"块中的当前元素是scope.value。因此,在这些块中也可以使用,因此您可以在构建这些嵌套块时同时参考这两个重复级别。each.valuedynamic

于 2020-12-16T00:55:49.920 回答