Terraform 地形资源aws_elastic_beanstalk_环境和敏感数据
我有一个beanstalk模块,它有一个用于aws_elastic_beanstalk_环境的地形资源,该环境从地图加载环境变量Terraform 地形资源aws_elastic_beanstalk_环境和敏感数据,terraform,Terraform,我有一个beanstalk模块,它有一个用于aws_elastic_beanstalk_环境的地形资源,该环境从地图加载环境变量 resource "aws_elastic_beanstalk_environment" "default" { name = module.label.id ... ... dynamic "setting" { for_each = var.en
resource "aws_elastic_beanstalk_environment" "default" {
name = module.label.id
...
...
dynamic "setting" {
for_each = var.env_vars
content {
namespace = "aws:elasticbeanstalk:application:environment"
name = setting.key
value = setting.value
resource = ""
}
}
...
我还从数据源aws_secretsmanager_secret加载机密,并将它们传递给beanstalk模块
module "web-secrets" {
source = "../modules/web/secrets" <- just loads secrets was data source aws_secrets_manager_secret
}
module "elastic-beanstalk-environment-lenz" {
source = "../modules/beanstalk/beanstalk"
...
...
env_vars = {
"APPLICATION_NAME" = "web"
...
...
"API_KEY" = module.web-secrets.api_key
}
}
由于我正在使用Terraform cloud,在将输出返回到屏幕之前,我无法尝试使用tfmask中的另一个实用程序隐藏敏感信息。通常,您只需将机密的名称作为env变量传递给EB即可。然后在你的应用程序中,你将实际获取秘密的价值。嗨,Marcin,我没有机会让我的开发者在应用程序启动之前从SSM获取秘密。
terraform plan
...
...
+ setting {
+ name = "API_KEY"
+ namespace = "aws:elasticbeanstalk:application:environment"
+ value = "password"
}
...