Warning: file_get_contents(/data/phpspider/zhask/data//catemap/7/symfony/6.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
Terraform 无法将变量从.tf文件传递到.json策略模板_Terraform_Terraform Provider Aws_Terraform Template File - Fatal编程技术网
Fatal编程技术网
  • terraform/
  • Terraform 无法将变量从.tf文件传递到.json策略模板

Terraform 无法将变量从.tf文件传递到.json策略模板

terraform

Terraform 无法将变量从.tf文件传递到.json策略模板,terraform,terraform-provider-aws,terraform-template-file,Terraform,Terraform Provider Aws,Terraform Template File,我是terraform world的新手,在将变量从.tf文件传递到.json时遇到了一些困难 我的示例tf lambda函数如下 data "template_file" "task" { template = file("./iam/grange_rest_dynlambda_policy.json") vars = { resource="${var.stage}_grange_dynamodb"

我是terraform world的新手,在将变量从.tf文件传递到.json时遇到了一些困难 我的示例tf lambda函数如下

data "template_file" "task" {
  template = file("./iam/grange_rest_dynlambda_policy.json")
  vars = {
    resource="${var.stage}_grange_dynamodb"
  }
}

resource "aws_lambda_function" "grange_rest_dynlambda" {
  function_name                  = "${var.stage}_grange_rest_dynlambda"
  handler                        = "lambda/src/index.handler"
  memory_size                    = "256"
  timeout                        = 10
  reserved_concurrent_executions = "-1"
  filename                       = "${path.module}/../dist/lambda.zip"
  role    = aws_iam_role.grange_rest_dynlambda_iam_role.arn
  runtime = "nodejs14.x"
  publish = true
}

resource "aws_lambda_alias" "grange_rest_dynlambda_alias" {
  depends_on       = ["aws_lambda_function.grange_rest_dynlambda"]
  name             = var.stage
  description      = var.stage
  function_name    = aws_lambda_function.grange_rest_dynlambda.arn
  function_version = aws_lambda_function.grange_rest_dynlambda.version
}

// Enable cloudwatch for lambda
resource "aws_cloudwatch_log_group" "example" {
  name              = "/aws/lambda/${var.stage}_grange_rest_dynlambda"
  retention_in_days = 14
}

# See also the following AWS managed policy: AWSLambdaBasicExecutionRole
resource "aws_iam_policy" "lambda_logging" {
  name        = "lambda_logging"
  path        = "/"
  description = "IAM policy for logging from a lambda"
  policy = file("./iam/grange_rest_dynlambda_logging_policy.json")
}

// Lambda + DynamoDB
resource "aws_iam_role" "grange_rest_dynlambda_iam_role" {
  name               = "grange_rest_dynlambda_iam_role"
  assume_role_policy = file("./iam/grange_rest_dynlambda_assume_policy.json")
}

resource "aws_iam_role_policy" "grange_rest_dynlambda_iam_policy" {
  policy = file("./iam/grange_rest_dynlambda_policy.json")
  role   = aws_iam_role.grange_rest_dynlambda_iam_role.id
}

resource "aws_iam_role_policy_attachment" "lambda_logs" {
  role       = aws_iam_role.grange_rest_dynlambda_iam_role.name
  policy_arn = aws_iam_policy.lambda_logging.arn
}

// API Gateway + Lambda
resource "aws_api_gateway_resource" "grange_rest_dynlambda_api" {
  parent_id   = aws_api_gateway_rest_api.grange_rest_api_gateway.root_resource_id
  path_part   = "grange_rest_dynlambda_api"
  rest_api_id = aws_api_gateway_rest_api.grange_rest_api_gateway.id
}

resource "aws_api_gateway_method" "grange_rest_dynlambda_api_get" {
  authorization = "NONE"
  http_method   = "GET"
  resource_id   = aws_api_gateway_resource.grange_rest_dynlambda_api.id
  rest_api_id   = aws_api_gateway_rest_api.grange_rest_api_gateway.id
}

resource "aws_api_gateway_method" "grange_rest_dynlambda_api_post" {
  authorization = "NONE"
  http_method   = "POST"
  resource_id   = aws_api_gateway_resource.grange_rest_dynlambda_api.id
  rest_api_id   = aws_api_gateway_rest_api.grange_rest_api_gateway.id
}

resource "aws_lambda_permission" "apigw" {
  action        = "lambda:InvokeFunction"
  statement_id  = "AllowExecutionFromAPIGateway"
  function_name = aws_lambda_function.grange_rest_dynlambda.function_name
  principal     = "apigateway.amazonaws.com"
  source_arn    = "${aws_api_gateway_rest_api.grange_rest_api_gateway.execution_arn}/*/*"
}

output "base_url" {
  value = aws_api_gateway_deployment.apigwdeployment.invoke_url
}
我从一个JSON文件中注入策略,并期望将“resource”变量传递到JSON中。但事实并非如此

{
  "Version": "2012-10-17",
  "Statement":[{
    "Effect": "Allow",
    "Action": [
      "dynamodb:BatchGetItem",
      "dynamodb:GetItem",
      "dynamodb:Query",
      "dynamodb:Scan",
      "dynamodb:BatchWriteItem",
      "dynamodb:PutItem",
      "dynamodb:UpdateItem"
    ],
    "Resource": "arn:aws:dynamodb:us-east-2:741573820784:table/${resource}"
  }
  ]
}
我缺少什么?

模板文件数据源不会替换实际文件中的变量。它只是读取文件,并直接向您的地形提供“渲染”输出

因此,您需要更改要使用“渲染”输出的地形:

之前:

resource "aws_iam_role_policy" "grange_rest_dynlambda_iam_policy" {
  policy = file("./iam/grange_rest_dynlambda_policy.json")
  role   = aws_iam_role.grange_rest_dynlambda_iam_role.id
}
之后:

resource "aws_iam_role_policy" "grange_rest_dynlambda_iam_policy" {
  policy = data.template_file.task.rendered
  role   = aws_iam_role.grange_rest_dynlambda_iam_role.id
}
您需要访问
template_文件的
rendered
属性
数据源:

data.template_file.task.rendered
这将用
“${var.stage}\u grange\u dynamodb”
的值替换
${resource}

请注意,文档建议使用该函数而不是此数据源。

到底是什么问题?有错误吗?JSON中的这个部分没有从TF file.Resource中传递:“arn:aws:dynamodb:us-east-2:741573820784:table/${Resource}”“从0.12.0版开始,您应该使用
模板文件
功能。这很可能解决整个问题。谢谢@Jens。成功了。但是现在,我需要更多的东西。我借鉴了你的建议:)。如何将上面的示例转换为“templatefile”@KrishnanSriram请自己尝试,如果您有问题,请在此提出另一个问题。