在Terraform aws_instance.connection.private_key和aws_key_pair.public_key中使用S3
我正在尝试使用TerraformCloud,不想在存储库中提交SSH密钥。我当前的配置如下所示:在Terraform aws_instance.connection.private_key和aws_key_pair.public_key中使用S3,terraform,terraform-provider-aws,terraform0.12+,Terraform,Terraform Provider Aws,Terraform0.12+,我正在尝试使用TerraformCloud,不想在存储库中提交SSH密钥。我当前的配置如下所示: resource "aws_key_pair" "project" { key_name = "project" public_key = file(".ssh/id_rsa.pub") } resource "aws_instance" "example" { ami = "ami-08ee2516c7709ea48" instance_type = "
resource "aws_key_pair" "project" {
key_name = "project"
public_key = file(".ssh/id_rsa.pub")
}
resource "aws_instance" "example" {
ami = "ami-08ee2516c7709ea48"
instance_type = "t2.micro"
security_groups = [
aws_security_group.ssh_allow.name,
aws_security_group.http_allow.name
]
key_name = aws_key_pair.project.key_name
connection {
type = "ssh"
user = "centos"
private_key = file(".ssh/id_rsa")
host = self.public_ip
}
provisioner "remote-exec" {
inline = [
"sudo yum -y install nginx",
"sudo systemctl start nginx"
]
}
lifecycle {
create_before_destroy = true
}
resource "aws_key_pair" "project" {
key_name = "project"
public_key = s3_file("bucket/ssh/id_rsa.pub")
}
provider "aws" {
region = "us-east-1"
}
resource "random_string" "key" {
length = 8
special = false
}
resource "null_resource" "download_key" {
triggers = {
build_number = timestamp()
}
provisioner "local-exec" {
when = create
command = "aws s3api get-object --bucket bucket123456123654 --key dir/data ${path.module}/${random_string.key.result}"
}
}
resource "aws_key_pair" "project" {
depends_on = [null_resource.download_key]
key_name = "project"
public_key = file("${path.module}/${random_string.key.result}")
}
resource "aws_key_pair" "project" {
key_name = "project"
public_key = file(".ssh/id_rsa.pub")
}
resource "aws_instance" "example" {
ami = "ami-08ee2516c7709ea48"
instance_type = "t2.micro"
security_groups = [
aws_security_group.ssh_allow.name,
aws_security_group.http_allow.name
]
key_name = aws_key_pair.project.key_name
connection {
type = "ssh"
user = "centos"
private_key = file(".ssh/id_rsa")
host = self.public_ip
}
provisioner "remote-exec" {
inline = [
"sudo yum -y install nginx",
"sudo systemctl start nginx"
]
}
lifecycle {
create_before_destroy = true
}
resource "aws_key_pair" "project" {
key_name = "project"
public_key = s3_file("bucket/ssh/id_rsa.pub")
}
provider "aws" {
region = "us-east-1"
}
resource "random_string" "key" {
length = 8
special = false
}
resource "null_resource" "download_key" {
triggers = {
build_number = timestamp()
}
provisioner "local-exec" {
when = create
command = "aws s3api get-object --bucket bucket123456123654 --key dir/data ${path.module}/${random_string.key.result}"
}
}
resource "aws_key_pair" "project" {
depends_on = [null_resource.download_key]
key_name = "project"
public_key = file("${path.module}/${random_string.key.result}")
}
data "aws_s3_bucket_object" "public_key" {
bucket = "com.project.infrastructure"
key = ".ssh/project.pub"
}
data "aws_s3_bucket_object" "private_key" {
bucket = "com.project.infrastructure"
key = ".ssh/project"
}
resource "aws_key_pair" "project" {
key_name = "project"
public_key = data.aws_s3_bucket_object.public_key.body
}
错误:“公钥”:未设置必填字段
在example.tf第28行的资源“aws密钥对”项目中:
28:资源“aws密钥对”项目{
➜ terraform plan
Error: Error in function call
on example.tf line 42, in resource "aws_key_pair" "project":
42: public_key = file("proect.pub")
Call to function "file" failed: no file exists at project.pub.
一个选项是从空资源调用
aws s3api get对象
然后使用取决于您的aws\u密钥对
资源
大概是这样的:
resource "aws_key_pair" "project" {
key_name = "project"
public_key = file(".ssh/id_rsa.pub")
}
resource "aws_instance" "example" {
ami = "ami-08ee2516c7709ea48"
instance_type = "t2.micro"
security_groups = [
aws_security_group.ssh_allow.name,
aws_security_group.http_allow.name
]
key_name = aws_key_pair.project.key_name
connection {
type = "ssh"
user = "centos"
private_key = file(".ssh/id_rsa")
host = self.public_ip
}
provisioner "remote-exec" {
inline = [
"sudo yum -y install nginx",
"sudo systemctl start nginx"
]
}
lifecycle {
create_before_destroy = true
}
resource "aws_key_pair" "project" {
key_name = "project"
public_key = s3_file("bucket/ssh/id_rsa.pub")
}
provider "aws" {
region = "us-east-1"
}
resource "random_string" "key" {
length = 8
special = false
}
resource "null_resource" "download_key" {
triggers = {
build_number = timestamp()
}
provisioner "local-exec" {
when = create
command = "aws s3api get-object --bucket bucket123456123654 --key dir/data ${path.module}/${random_string.key.result}"
}
}
resource "aws_key_pair" "project" {
depends_on = [null_resource.download_key]
key_name = "project"
public_key = file("${path.module}/${random_string.key.result}")
}
这不起作用。我用修改过的地形代码和错误更新了我的原始问题。简而言之,我得到了调用函数“file”的错误失败:project.pub中不存在文件。
。因此,似乎在计划步骤中验证了文件的存在性,因此此处未调用null资源……并且记录在案,将公钥添加到repo中没有问题……您不应该添加的是您的私钥我已更新我的答案,以包含相对路径also使用random\u string
作为文件名…但我觉得这是一种黑客行为,您应该将您的公钥添加到repo中