在terraform中构建输出地图
我有一个要创建的用户列表,一个sns主题列表,以及为用户授予主题权限的策略。这些都是针对用户的名称空间 鉴于: main.tf在terraform中构建输出地图,terraform,terraform-provider-aws,Terraform,Terraform Provider Aws,我有一个要创建的用户列表,一个sns主题列表,以及为用户授予主题权限的策略。这些都是针对用户的名称空间 鉴于: main.tf provider "aws" { region = "eu-west-1" profile = "terraform" } module "topics" { source = "./queues/topics" } module "users" { source = "./user
provider "aws" {
region = "eu-west-1"
profile = "terraform"
}
module "topics" {
source = "./queues/topics"
}
module "users" {
source = "./users"
}
module "policies" {
source = "./policies"
sns_topics = "${module.topics.sns_topics}"
}
./queues/topics.tf
resource "aws_sns_topic" "svc_topic" {
count = "${length(var.sns_topics)}"
name = "${element(var.sns_topics, count.index)}"
}
./queues/topics/vars.tf
# List of topics
variable "sns_topics" {
type = "list"
default = [
"a-topic",
"b-topic",
"c-topic",
]
}
./queues/topics/output.tf
output "sns_topics" {
value = "${var.sns_topics}"
}
output "topic_user" {
value = "${var.topic_user}"
}
./users/main.tf
resource "aws_iam_user" "usrs" {
count = "${length(var.topic_user)}"
name = "usr-msvc-${element(var.topic_user, count.index)}"
}
./users/vars.tf
variable "topic_user" {
type = "list"
default =[
"user-a",
"user-b",
"user-c",
]
}
./users/output.tf
output "sns_topics" {
value = "${var.sns_topics}"
}
output "topic_user" {
value = "${var.topic_user}"
}
/政策/main.tf
resource "aws_iam_policy" "sns_publisher" {
count = "${length(var.sns_topics)}"
name = "sns-${element(var.sns_topics, count.index)}-publisher"
policy = <<POLICY
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": "sns:Publish",
"Resource": "arn:aws:sns:*:*:${element(var.sns_topics, count.index)}"
}
]
}
POLICY
}
我可以将用户列表传递到策略模块,但我不知道如何在输出中生成此映射
我想使用它将策略附加到相应的用户
如果简化了任务,也可以改进结构。您可以使用Terraform功能实现这一点。由于您的键从
用户
模块输出为列表模块.users.topic_user
,而您的值从主题
模块输出为列表模块.topics.sns_topics
()因此,您可以将它们作为输出中函数的参数:
output "user_topic_map" {
value = "${zipmap(module.users.topic_user, module.topics.sns_topics)}"
}
请记住,
zipmap
的两个参数列表的长度必须相等,因此可能会在资源/变量/输出块中的某个位置对其进行保护。您可以这样做:
output "iam_user" {
value = map(
"key", aws_iam_access_key.user.id,
"secret", aws_iam_access_key.user.secret
)
}
您也可以使用这种方法
output "outputs" {
value = {
vpc_id = aws_vpc.vpc.id
pub_sbnt_ids = aws_subnet.public.*.id
priv_sbnt_ids = aws_subnet.private.*.id
}
description = "VPC id, List of all public, private and db subnet IDs"
}