如何使用Terraform模块进行跨账户工作
我在dev_帐户创建了一个codepipeline,它在dev_帐户、test_帐户和prod_帐户触发codedeploy,三个帐户的codedeploy看起来相同,只是它们在不同的帐户中 下面是我的地形文件的组织。我使用terraform模块重用代码,但我仍然认为我的代码有很多重复代码,如何优化它们如何使用Terraform模块进行跨账户工作,terraform,aws-codepipeline,Terraform,Aws Codepipeline,我在dev_帐户创建了一个codepipeline,它在dev_帐户、test_帐户和prod_帐户触发codedeploy,三个帐户的codedeploy看起来相同,只是它们在不同的帐户中 下面是我的地形文件的组织。我使用terraform模块重用代码,但我仍然认为我的代码有很多重复代码,如何优化它们 common_infr/ codepipeline.tf # dev_account has codepipeline, codedeploy codedeploy.tf
common_infr/
codepipeline.tf # dev_account has codepipeline, codedeploy
codedeploy.tf
test_account/
codedeploy.tf # test_account has a codedeploy
prod_account/
codedeploy.tf # prod_account has a codedeploy
pipeline1/
main.tf #run terraform apply here using dev account
test_account/
main.tf #run terraform apply here using test account
prod_account/
main.tf #run terraform apply here using prod account
这是pipeline1/main.tf:
module "pipeline1" {
source = "../common_infra"
variable1 = "..."
...
}
这是pipeline1/test_account/main.tf:
module "pipeline1" {
source = "../../common_infra/test_account"
variable1 = "..."
...
}
module "pipeline1" {
source = "../../common_infra/prod_account"
variable1 = "..."
...
}
provider "aws" {
alias = "test_account"
profile = "your_profile_name_for_test_account"
}
module "pipeline1" {
providers = {
aws = "aws.test_account"
}
source = "../modules/codepipeline"
variable1 = "..."
...
}
module "common_infr" {
providers = {
aws = "aws.test_account"
}
source = "../modules/common_infr"
variable1 = "..."
...
}
provider "aws" {
alias = "prod_account"
profile = "your_profile_name_for_prod_account"
}
module "common_infr" {
providers = {
aws = "aws.prod_account"
}
source = "../modules/common_infr"
variable1 = "..."
...
}
这是pipeline1/prod_account/main.tf:
module "pipeline1" {
source = "../../common_infra/test_account"
variable1 = "..."
...
}
module "pipeline1" {
source = "../../common_infra/prod_account"
variable1 = "..."
...
}
provider "aws" {
alias = "test_account"
profile = "your_profile_name_for_test_account"
}
module "pipeline1" {
providers = {
aws = "aws.test_account"
}
source = "../modules/codepipeline"
variable1 = "..."
...
}
module "common_infr" {
providers = {
aws = "aws.test_account"
}
source = "../modules/common_infr"
variable1 = "..."
...
}
provider "aws" {
alias = "prod_account"
profile = "your_profile_name_for_prod_account"
}
module "common_infr" {
providers = {
aws = "aws.prod_account"
}
source = "../modules/common_infr"
variable1 = "..."
...
}
三个帐户的codedeploy.tf看起来相同。如何对此进行优化?与其为每个帐户的
codedeploy.tf
创建3个模块,不如创建一个codedeploy
模块。在每个帐户的main.tf中,获取codedeploy
模块,然后单击。下面是test\u帐户的样子
provider "aws" {
alias = "test_account"
profile = "your_profile_name_for_test_account"
}
module "pipeline1" {
providers = {
aws = "aws.test_account"
}
source = "../../common_infra/codedeploy"
variable1 = "..."
...
}
编辑以详细说明目录布局。最终,您将从公共信息
中删除代码管道
,并将其放入自己的模块中
modules/
codepipeline/
codepipeline.tf
common_infr/
codedeploy.tf
accounts/
test_account/
main.tf
prod_account/
main.tf
测试账户/main.tf:
module "pipeline1" {
source = "../../common_infra/test_account"
variable1 = "..."
...
}
module "pipeline1" {
source = "../../common_infra/prod_account"
variable1 = "..."
...
}
provider "aws" {
alias = "test_account"
profile = "your_profile_name_for_test_account"
}
module "pipeline1" {
providers = {
aws = "aws.test_account"
}
source = "../modules/codepipeline"
variable1 = "..."
...
}
module "common_infr" {
providers = {
aws = "aws.test_account"
}
source = "../modules/common_infr"
variable1 = "..."
...
}
provider "aws" {
alias = "prod_account"
profile = "your_profile_name_for_prod_account"
}
module "common_infr" {
providers = {
aws = "aws.prod_account"
}
source = "../modules/common_infr"
variable1 = "..."
...
}
产品账户/main.tf:
module "pipeline1" {
source = "../../common_infra/test_account"
variable1 = "..."
...
}
module "pipeline1" {
source = "../../common_infra/prod_account"
variable1 = "..."
...
}
provider "aws" {
alias = "test_account"
profile = "your_profile_name_for_test_account"
}
module "pipeline1" {
providers = {
aws = "aws.test_account"
}
source = "../modules/codepipeline"
variable1 = "..."
...
}
module "common_infr" {
providers = {
aws = "aws.test_account"
}
source = "../modules/common_infr"
variable1 = "..."
...
}
provider "aws" {
alias = "prod_account"
profile = "your_profile_name_for_prod_account"
}
module "common_infr" {
providers = {
aws = "aws.prod_account"
}
source = "../modules/common_infr"
variable1 = "..."
...
}
不要为每个帐户的codedeploy.tf创建3个模块,而是创建一个codedeploy
模块。在每个帐户的main.tf中,获取codedeploy
模块,然后单击。下面是test\u帐户的样子
provider "aws" {
alias = "test_account"
profile = "your_profile_name_for_test_account"
}
module "pipeline1" {
providers = {
aws = "aws.test_account"
}
source = "../../common_infra/codedeploy"
variable1 = "..."
...
}
编辑以详细说明目录布局。最终,您将从公共信息
中删除代码管道
,并将其放入自己的模块中
modules/
codepipeline/
codepipeline.tf
common_infr/
codedeploy.tf
accounts/
test_account/
main.tf
prod_account/
main.tf
测试账户/main.tf:
module "pipeline1" {
source = "../../common_infra/test_account"
variable1 = "..."
...
}
module "pipeline1" {
source = "../../common_infra/prod_account"
variable1 = "..."
...
}
provider "aws" {
alias = "test_account"
profile = "your_profile_name_for_test_account"
}
module "pipeline1" {
providers = {
aws = "aws.test_account"
}
source = "../modules/codepipeline"
variable1 = "..."
...
}
module "common_infr" {
providers = {
aws = "aws.test_account"
}
source = "../modules/common_infr"
variable1 = "..."
...
}
provider "aws" {
alias = "prod_account"
profile = "your_profile_name_for_prod_account"
}
module "common_infr" {
providers = {
aws = "aws.prod_account"
}
source = "../modules/common_infr"
variable1 = "..."
...
}
产品账户/main.tf:
module "pipeline1" {
source = "../../common_infra/test_account"
variable1 = "..."
...
}
module "pipeline1" {
source = "../../common_infra/prod_account"
variable1 = "..."
...
}
provider "aws" {
alias = "test_account"
profile = "your_profile_name_for_test_account"
}
module "pipeline1" {
providers = {
aws = "aws.test_account"
}
source = "../modules/codepipeline"
variable1 = "..."
...
}
module "common_infr" {
providers = {
aws = "aws.test_account"
}
source = "../modules/common_infr"
variable1 = "..."
...
}
provider "aws" {
alias = "prod_account"
profile = "your_profile_name_for_prod_account"
}
module "common_infr" {
providers = {
aws = "aws.prod_account"
}
source = "../modules/common_infr"
variable1 = "..."
...
}
谢谢你回答我!你的公共基础设施的结构是什么?您的代码管道在结构中的什么位置?你的意思是说结构变成了common\u infra/codepippeline.tf和common\u infra/codedeploy/codedeploy.tf吗?注意:当我在dev_帐户中应用terraform时,我想创建codepipeline和codedeploy。但当我在test_帐户和prod_帐户中应用terraform时,应该只在那里创建codedeploy,justMiles:此外,使用您的解决方案,我是否需要在dev_帐户中运行两次?一次到来源:common_infra/codepipeline,即获取codepipeline;一次到来源:common_infra/codedeploy,以便在dev_帐户上获取codedeploy?谢谢。@user389955,您只能运行一次。我用目录布局更新了我的评论。贾斯特迈尔斯:哦,我现在明白你的意思了。很高兴知道我可以这样做。我将验证它是否有效。我感谢你的帮助!谢谢你回答我!你的公共基础设施的结构是什么?您的代码管道在结构中的什么位置?你的意思是说结构变成了common\u infra/codepippeline.tf和common\u infra/codedeploy/codedeploy.tf吗?注意:当我在dev_帐户中应用terraform时,我想创建codepipeline和codedeploy。但当我在test_帐户和prod_帐户中应用terraform时,应该只在那里创建codedeploy,justMiles:此外,使用您的解决方案,我是否需要在dev_帐户中运行两次?一次到来源:common_infra/codepipeline,即获取codepipeline;一次到来源:common_infra/codedeploy,以便在dev_帐户上获取codedeploy?谢谢。@user389955,您只能运行一次。我用目录布局更新了我的评论。贾斯特迈尔斯:哦,我现在明白你的意思了。很高兴知道我可以这样做。我将验证它是否有效。我感谢你的帮助!