Terraform 尝试传递aws_secretsmanager_secret_版本值时出错
在RDS AWS创建的密码部分,我试图传递Terraform 尝试传递aws_secretsmanager_secret_版本值时出错,terraform,aws-secrets-manager,Terraform,Aws Secrets Manager,在RDS AWS创建的密码部分,我试图传递AWS\u secretsmanager\u secret\u version值。我正在犯错误 resource "aws_db_instance" "airflow" { allocated_storage = "${var.rds_allocated_storage}" storage_type = "${var.rds_storage_type}" sto
AWS\u secretsmanager\u secret\u version
值。我正在犯错误
resource "aws_db_instance" "airflow" {
allocated_storage = "${var.rds_allocated_storage}"
storage_type = "${var.rds_storage_type}"
storage_encrypted = "true"
engine = "mysql"
engine_version = "${var.rds_engine_version}"
instance_class = "${var.rds_instance_class}"
name = "airflow"
identifier = "airflow"
username = "${var.rds_username}"
password = "${jsondecode(aws_secretsmanager_secret_version.secret.secret_string)["rds_password"]}"
parameter_group_name = "-airflow-mysql"
vpc_security_group_ids = ["${aws_security_group_airflow_sg.id}"]
db_subnet_group_name = "${aws_db_subnet_group.airflow_rds.id}"
kms_key_id = "${data.aws_kms_key.rds.arn}"
license_model = "general-public-license"
depends_on = [
aws_db_parameter_group.airflow_mysql
]
tags = merge(
var.common_tags,
map("Classification", "private"),
map("Name", "-airflow-rds")
)
}
secretmanager.tf
resource "aws_secretsmanager_secret" "secret" {
description = "airflow"
kms_key_id = "${data.aws_kms_key.sm.arn}"
name = "airflow"
}
resource "random_string" "rds_password" {
length = 16
special = true
override_special = "/@\" "
}
resource "aws_secretsmanager_secret_version" "secret" {
secret_id = "${aws_secretsmanager_secret.secret.id}"
secret_string = <<EOF
{
"rds_password": "${random_string.rds_password.result}"
}
EOF
}
资源“aws\u secretsmanager\u secret”“secret”{
description=“气流”
kms_key_id=“${data.aws_kms_key.sm.arn}”
name=“气流”
}
资源“随机字符串”“rds\U密码”{
长度=16
特殊=真实
覆盖_special=“/@”
}
资源“aws\u secretsmanager\u secret\u版本”“secret”{
secret_id=“${aws_secretsmanager_secret.secret.id}”
secret_string=正如您在key val中看到的,secret_string中的对象应该被注入jsonencode()
请看以下示例(改编自文档页面):
我认为您没有正确索引地图。问题在于secret\u string][“rds\u password”]
替换
password = "${jsondecode(aws_secretsmanager_secret_version.secret.secret_string)["rds_password"]}"
与
不能在变量块中添加动态变量。对,这不起作用。
password = "${jsondecode(aws_secretsmanager_secret_version.secret.secret_string)["rds_password"]}"
password = "${jsondecode(aws_secretsmanager_secret_version.secret.secret_string["rds_password"])}"