Active directory 通过terraform将EC2实例加入AD域
我希望你能帮我解决我的问题。我正在尝试自动让我的ec2实例与我的terraform脚本加入一个ad域。由于Terraform不支持任何“域加入目录”选项,我想尝试创建一个SSM文档,让Systems Manager为我创建。实际上,我得到了以下代码:Active directory 通过terraform将EC2实例加入AD域,active-directory,terraform,terraform-provider-aws,ssm,Active Directory,Terraform,Terraform Provider Aws,Ssm,我希望你能帮我解决我的问题。我正在尝试自动让我的ec2实例与我的terraform脚本加入一个ad域。由于Terraform不支持任何“域加入目录”选项,我想尝试创建一个SSM文档,让Systems Manager为我创建。实际上,我得到了以下代码: resource "aws_directory_service_directory" "ad" { name = "active-directory-service.com" password = "${var.ad-passwor
resource "aws_directory_service_directory" "ad" {
name = "active-directory-service.com"
password = "${var.ad-password}"
edition = "Standard"
size = "Small"
type = "MicrosoftAD"
vpc_settings {
vpc_id = "${aws_vpc.vpc.id}"
subnet_ids = ["${aws_subnet.ds-subnet.0.id}",
"${aws_subnet.ds-subnet.1.id}"
]
}
}
resource "aws_vpc_dhcp_options" "vpc-dhcp-options" {
domain_name = "${var.dir_domain_name}"
domain_name_servers = aws_directory_service_directory.ad.dns_ip_addresses
}
resource "aws_vpc_dhcp_options_association" "dns_resolver" {
vpc_id = aws_vpc.vpc.id
dhcp_options_id = aws_vpc_dhcp_options.vpc-dhcp-options.id
}
resource "aws_ssm_document" "ad-server-domain-join-document" {
name = "myapp_dir_default_doc"
document_type = "Command"
content = <<DOC
{
"schemaVersion": "1.0",
"description": "Join an instance to a domain",
"runtimeConfig": {
"aws:domainJoin": {
"properties": {
"directoryId": "${aws_directory_service_directory.ad.id}",
"directoryName": "${var.dir_domain_name}",
"directoryOU": "${var.dir_computer_ou}",
"dnsIpAddresses": [
"${aws_directory_service_directory.ad.dns_ip_addresses[0]}",
"${aws_directory_service_directory.ad.dns_ip_addresses[1]}"
}
}
}
}
DOC
}
resource "aws_ssm_association" "ad-server-association" {
name = "dir_default_doc"
instance_id = aws_instance.ec2-ad-instance.id
}
资源“aws\u目录\u服务\u目录”“ad”{
name=“activedirectory service.com”
password=“${var.ad-password}”
edition=“标准”
size=“小”
type=“MicrosoftAD”
专有网络设置{
vpc_id=“${aws_vpc.vpc.id}”
subnet_id=[“${aws_subnet.ds subnet.0.id}”,
“${aws_subnet.ds subnet.1.id}”
]
}
}
资源“aws\U vpc\U dhcp\U选项”“vpc dhcp选项”{
domain_name=“${var.dir_domain_name}”
域名\服务器=aws\目录\服务\目录.ad.dns\ ip\地址
}
资源“aws\U vpc\U dhcp\U选项\U关联”“dns\U解析程序”{
vpc_id=aws_vpc.vpc.id
dhcp\u options\u id=aws\u vpc\u dhcp\u options.vpc-dhcp-options.id
}
资源“aws\U ssm\U文档”“ad服务器域加入文档”{
name=“myapp\u dir\u default\u doc”
文档类型=“命令”
内容=如评论中所述,可复制的示例将加速任何人的帮助能力:)
我假设terraform 0.12正在使用
aws\u目录\u服务\u目录.ad.dns\u ip\u地址不是一个列表,而是一个集合。从概念上讲,这意味着它是无序的。因此,可以像以下方式访问它:
sort(aws_directory_service_directory.ad.dns_ip_addresses)[0]
排序将对它进行排序,并允许您使用索引访问它。下面的问题解释了这一点,尽管涉及到试图详细使用元素
来访问它
此资源的文档称之为列表,这在实践中似乎是不正确的:如果您使用的AMI没有SSM,那么您就是这样做的:
user_data = <<EOF
<powershell>
Add-Computer -DomainName 'NAME_OF_THE_DOMAIN' -NewName 'NEW_NAME_OF_THE_MACHINE' -Credential (New-Object -TypeName PSCredential -ArgumentList "DOMAIN_USERNAME",(ConvertTo-SecureString -String 'DOMAIN_PASSWORD' -AsPlainText -Force)[0]) -Restart
</powershell>
EOF
依照
dnsIpAddresses需要json格式的列表
"dnsIpAddresses": [
"198.51.100.1",
"198.51.100.2"
]
"dnsIpAddresses": [ "${join("\", \"",aws_directory_service_directory.ad.dns_ip_addresses)}" ]
将aws\u目录\u服务\u目录.ad.dns\u ip\u地址转换为json格式
"dnsIpAddresses": [
"198.51.100.1",
"198.51.100.2"
]
"dnsIpAddresses": [ "${join("\", \"",aws_directory_service_directory.ad.dns_ip_addresses)}" ]
您能否编辑您的问题,使其包含完整的错误和周围的语法位?如果不运行示例,很难从您的问题中看出什么。此外,理想情况下,您的问题应该包含一个允许人们完全复制您所看到的内容的语法位。目前,这是一个非常小的错误位,缺失的语法位将允许有人重新编程导出它(如vpc和子网位)。