Amazon web services 将terraform模块用于多个区域api网关
我正在使用terraform创建aws基础设施,其中包含4个区域api网关以及该区域内相应的dynamodb 我想创建一个模块,由(API+dynamo)和可配置的区域特定值组成。地形有可能吗?或者我必须创建4个单独的API+4个单独的dynamodb资源 任何链接或文档也会有所帮助 目前正在为区域API网关和相应的dynamodb工作Amazon web services 将terraform模块用于多个区域api网关,amazon-web-services,terraform,terraform-provider-aws,Amazon Web Services,Terraform,Terraform Provider Aws,我正在使用terraform创建aws基础设施,其中包含4个区域api网关以及该区域内相应的dynamodb 我想创建一个模块,由(API+dynamo)和可配置的区域特定值组成。地形有可能吗?或者我必须创建4个单独的API+4个单独的dynamodb资源 任何链接或文档也会有所帮助 目前正在为区域API网关和相应的dynamodb工作 variable "access_key" {} variable "secret_key" {} provider "aws" { access
variable "access_key" {}
variable "secret_key" {}
provider "aws" {
access_key = "${var.access_key}"
secret_key = "${var.secret_key}"
alias = "us-east-1"
region = "us-east-1"
}
provider "aws" {
access_key = "${var.access_key}"
secret_key = "${var.secret_key}"
alias = "us-west-2"
region = "us-west-2"
}
resource "aws_dynamodb_table" "us-east-1" {
provider = "aws.us-east-1"
hash_key = "test_tf"
name = "test_tf"
stream_enabled = true
stream_view_type = "NEW_AND_OLD_IMAGES"
read_capacity = 1
write_capacity = 1
attribute {
name = "test_tf"
type = "S"
}
}
resource "aws_dynamodb_table" "us-west-2" {
provider = "aws.us-west-2"
hash_key = "test_tf"
name = "test_tf"
stream_enabled = true
stream_view_type = "NEW_AND_OLD_IMAGES"
read_capacity = 1
write_capacity = 1
attribute {
name = "test_tf"
type = "S"
}
}
resource "aws_dynamodb_global_table" "test_tf" {
depends_on = ["aws_dynamodb_table.us-east-1", "aws_dynamodb_table.us-west-2"]
provider = "aws.us-east-1"
name = "test_tf"
replica {
region_name = "us-east-1"
}
replica {
region_name = "us-west-2"
}
}
resource "aws_api_gateway_rest_api" "test-us-east-1" {
name = "test-us-east-1"
endpoint_configuration {
types = ["REGIONAL"]
}
}
resource "aws_api_gateway_resource" "sample_test" {
rest_api_id = "${aws_api_gateway_rest_api.test-us-east-1.id}"
parent_id = "${aws_api_gateway_rest_api.test-us-east-1.root_resource_id}"
path_part = "{testid}"
}
resource "aws_api_gateway_method" "sample_get" {
rest_api_id = "${aws_api_gateway_rest_api.test-us-east-1.id}"
resource_id = "${aws_api_gateway_resource.sample_test.id}"
http_method = "GET"
authorization = "NONE"
}
resource "aws_api_gateway_deployment" "Deployment" {
depends_on = ["aws_api_gateway_method.sample_get"]
rest_api_id = "${aws_api_gateway_rest_api.test-us-east-1.id}"
stage_name = "test"
}
resource "aws_api_gateway_integration" "test" {
rest_api_id = "${aws_api_gateway_rest_api.test-us-east-1.id}"
resource_id = "${aws_api_gateway_resource.sample_test.id}"
http_method = "${aws_api_gateway_method.sample_get.http_method}"
integration_http_method = "POST"
type = "AWS"
uri = "arn:aws:apigateway:us-east-1:dynamodb:action/GetItem"
credentials = "${aws_iam_role.apiGatewayDynamoDbAccessRole.arn}"
passthrough_behavior = "WHEN_NO_TEMPLATES"
request_templates = {
"application/json" = <<EOF
{
"TableName": "test_tf",
"Key":
{
"test_tf":
{
"S": "$input.params('testid')"
}
}
}
EOF
}
}
resource "aws_iam_policy" "api_dbaccess_policy" {
name = "api_dbaccess_policy"
policy = "${file("api-dynamodb-policy.json")}"
depends_on = [
"aws_dynamodb_table.us-east-1"
]
}
resource "aws_iam_role" "apiGatewayDynamoDbAccessRole" {
name = "apiGatewayDynamoDbAccessRole"
assume_role_policy = "${file("assume-role-policy.json")}"
depends_on = [
"aws_dynamodb_table.us-east-1"
]
}
resource "aws_iam_policy_attachment" "api-dbaccess-policy-attach" {
name = "api-dbaccess-policy-attachment"
roles = ["${aws_iam_role.apiGatewayDynamoDbAccessRole.name}"]
policy_arn = "${aws_iam_policy.api_dbaccess_policy.arn}"
}
resource "aws_api_gateway_method_response" "200" {
rest_api_id = "${aws_api_gateway_rest_api.test-us-east-1.id}"
resource_id = "${aws_api_gateway_resource.sample_test.id}"
http_method = "${aws_api_gateway_method.sample_get.http_method}"
status_code = "200"
}
resource "aws_api_gateway_integration_response" "us-east-1-response" {
rest_api_id = "${aws_api_gateway_rest_api.test-us-east-1.id}"
resource_id = "${aws_api_gateway_resource.sample_test.id}"
http_method = "${aws_api_gateway_method.sample_get.http_method}"
status_code = "${aws_api_gateway_method_response.200.status_code}"
response_templates = {
"application/json" = <<EOF
{
#set($sampletest = $input.path('Item.test_tf.S'))
"test": #if ($sampletest && $sampletest != '')
true
#else
false
#end
}
EOF
}
}
变量“访问密钥”{}
变量“secret_key”{}
提供商“aws”{
access_key=“${var.access_key}”
secret\u key=“${var.secret\u key}”
别名=“us-east-1”
region=“us-east-1”
}
提供商“aws”{
access_key=“${var.access_key}”
secret\u key=“${var.secret\u key}”
别名=“us-west-2”
region=“美国西部-2”
}
资源“aws\U发电机表”“us-east-1”{
provider=“aws.us-east-1”
hash\u key=“test\u tf”
name=“test\u tf”
流_已启用=真
stream\u view\u type=“新图像和旧图像”
读取容量=1
写入容量=1
属性{
name=“test\u tf”
type=“S”
}
}
资源“aws\U发电机”表“us-west-2”{
provider=“aws.us-west-2”
hash\u key=“test\u tf”
name=“test\u tf”
流_已启用=真
stream\u view\u type=“新图像和旧图像”
读取容量=1
写入容量=1
属性{
name=“test\u tf”
type=“S”
}
}
资源“aws\U dynamodb\U全局\u表”“测试\u tf”{
取决于=[“aws\U dynamodb\U表格。美国东部-1”,“aws\U dynamodb\U表格。美国西部-2”]
provider=“aws.us-east-1”
name=“test\u tf”
复制品{
地区名称=“us-east-1”
}
复制品{
地区名称=“美国西部-2”
}
}
资源“aws\U api\U网关\U rest\U api”“test-us-east-1”{
name=“test-us-east-1”
端点配置{
类型=[“区域”]
}
}
资源“aws\U api\U网关\U资源”“样本测试”{
rest_api_id=“${aws_api_网关_rest_api.test-us-east-1.id}”
parent_id=“${aws_api_gateway_rest_api.test-us-east-1.root_资源_id}”
path_part=“{testid}”
}
资源“aws\U api\U网关\U方法”“示例\u获取”{
rest_api_id=“${aws_api_网关_rest_api.test-us-east-1.id}”
resource_id=“${aws_api_gateway_resource.sample_test.id}”
http_method=“GET”
授权=“无”
}
资源“aws\U api\U网关\U部署”“部署”{
依赖于=[“aws\U api\U网关\u方法。示例\u获取”]
rest_api_id=“${aws_api_网关_rest_api.test-us-east-1.id}”
stage_name=“测试”
}
资源“aws\U api\U网关\U集成”“测试”{
rest_api_id=“${aws_api_网关_rest_api.test-us-east-1.id}”
resource_id=“${aws_api_gateway_resource.sample_test.id}”
http_method=“${aws_api_gateway_method.sample_get.http_method}”
集成\u http\u方法=“POST”
type=“AWS”
uri=“arn:aws:apigateway:us-east-1:dynamodb:action/GetItem”
credentials=“${aws\u iam\u role.apiGatewayDynamoDbAccessRole.arn}”
passthrough\u behavior=“当没有模板时”
请求\u模板={
“application/json”=是的,这在Terraform中是可能的
在根模块中定义4个AWS提供程序,并为每个提供程序提供别名:
provider "aws" {
alias = "oregon"
region = "us-west-2"
}
provider "aws" {
alias = "virginia"
region = "us-east-1"
}
然后,在实例化模块时,不依赖提供程序继承,而是通过别名显式传递提供程序:
module "api_gateway" {
source = "./api_gateway"
providers = {
aws = "aws.oregon"
}
}
冲洗每个区域并重复4次
您可以在这里找到文档:这听起来绝对像Terraform模块的用例。不确定您在哪里挣扎。只需启动一个定义您需要的所有内容的模块(或者先从一个小示例开始…)并通过变量访问不同的内容。你能展示一下你的尝试,并指出你在努力实现目标或遇到错误的地方吗?现在,我在us-east-1
global dynamodb上配置了一个区域API网关region@ydaetskcoR更新的代码。@StephenKing我用代码更新了。我是con融合了如何在给定多区域数据库和相应api网关的模块中组织代码。非常感谢您提供的链接。我仍然不太清楚如何使用dynamo dba和apigateway以及jsut传入提供程序创建模板模块。如果您能提供您的输入,我已经发布了我现有的基础架构代码,这将非常棒。感谢您的帮助。因此您将区域表放入了模块中。不要在模块中声明任何提供程序。然后,当您在根模块中实例化子模块(4次)时,您通过别名传递提供程序。然后,您将全局表放入根模块中。