我正在尝试使用 terraform 创建 AWS 备份选择资源,并动态添加条件。
我所指的代码取自https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/backup_selection
resource "aws_backup_selection" "example" {
iam_role_arn = aws_iam_role.example.arn
name = "tf_example_backup_selection"
plan_id = aws_backup_plan.example.id
resources = ["*"]
**condition** {
string_equals {
key = "aws:ResourceTag/Component"
value = "rds"
}
string_like {
key = "aws:ResourceTag/Application"
value = "app*"
}
string_not_equals {
key = "aws:ResourceTag/Backup"
value = "false"
}
string_not_like {
key = "aws:ResourceTag/Environment"
value = "test*"
}
}
}
我想参数化 condition 块并通过变量传递值,如下所示:
模块/main.tf
resource "aws_backup_selection" "backup_aws_backup_selection" {
iam_role_arn = aws_iam_role.backup_role.arn
name = var.backup_selection_name
plan_id = aws_backup_plan.backup_plan.id
resources = var.backup_resources
condition = var.conditions
}
模块/变量.tf
variable "conditions" {
type = any
}
主.tf
module "Backup-EC2" {
source = "../modules/backup"
backup_vault_name = "xxx"
backup_plan_name = "xxx"
backup_rule_name = "xxx"
backup_schedule = "xxx"
start_window = "480"
completion_window = "10080"
backup_lifecycle = "35"
common_tags = var.common_tags
**backup_selection_name = "xxx"**
backup_resources = ["arn:aws:ec2:eu-central-1:xxx:instance/*"]
**condition {
string_equals {
key = "aws:ResourceTag/bus-appid"
value = "u-xxx"
}
string_like {
key = "aws:ResourceTag/Name"
value = "xxx*"
}
string_like {
key = "aws:ResourceTag/Name"
value = "xxx*"
}
string_equals {
key = "aws:ResourceTag/bus-appid"
value = "u-xxx"
}
}**
backup_iamrole_name = "aws_iam_role_for_aws_ec2_backup"
permissions_boundary = var.permissions_boundary
kms_key_alias = var.kms_key_alias
}
当我在计划中看到以下错误后
Error: Missing required argument
│
│ on main.tf line 876, in module "Backup-EC2":
│ 876: module "Backup-EC2" {
│
│ The argument "conditions" is required, but no definition was found.
╵
╷
│ Error: Unsupported block type
│
│ on main.tf line 889, in module "Backup-EC2":
│ 889: conditions {
│
│ Blocks of type "conditions" are not expected here. Did you mean to define
│ argument "conditions"? If so, use the equals sign to assign it a value.
在模块代码中使用动态块会变得更加复杂,所以我想问你是否只使用上面的变量是正确的方法,或者我遗漏了一些东西。
我尝试参数化条件代码块,因为我不想在模块代码中硬编码条件并希望通过变量传递它们。
编辑-1 参考 terraform 文档后尝试编写一个简单的动态块,
dynamic "condition" {
for_each = var.conditions
content {
key = condition.value["key"]
value = condition.value["value"]
}
}
但我的困惑是,即使使用动态块,我也会再次将值映射分配给块类型参数,对吗?
这可能是您需要的 terraform 代码
只需将
local.conditionsvar.conditionslocals {
conditions = {
string_equals = {
"aws:ResourceTag/bus-appid" = "u-xxx"
"aws:ResourceTag/bus-appid" = "u-xxx"
}
string_like = {
"aws:ResourceTag/Name" = "xxx*"
"aws:ResourceTag/Name" = "xxx*"
}
string_not_equals = {
"aws:ResourceTag/Backup" = "false"
}
string_not_like = {
"aws:ResourceTag/Environment" = "test*"
}
}
}
resource "aws_backup_selection" "example" {
iam_role_arn = aws_iam_role.example.arn
name = "tf_example_backup_selection"
plan_id = aws_backup_plan.example.id
resources = ["*"]
condition {
dynamic "string_equals" {
for_each = local.conditions["string_equals"]
content {
key = string_equals.key
value = string_equals.value
}
}
dynamic "string_like" {
for_each = local.conditions["string_like"]
content {
key = string_like.key
value = string_like.value
}
}
dynamic "string_not_equals" {
for_each = local.conditions["string_not_equals"]
content {
key = string_not_equals.key
value = string_not_equals.value
}
}
dynamic "string_not_like" {
for_each = local.conditions["string_not_like"]
content {
key = string_not_like.key
value = string_not_like.value
}
}
}
}