我正试图从负载均衡器访问日志访问s3 bucket。s3存储桶创建过程中设置了一个计数。
resource aws_s3_bucket lb_logging {
count = var.enable_lb_logging ? 1 : 0
bucket = "${var.environment_id}-account-lb-logging"
acl = "private"
force_destroy = true
lifecycle_rule {
id = "${var.environment_id}-account-lb-logging"
enabled = true
expiration {
days = var.lb_logging_s3_expiration_period
}
}
}
当var.enable_lb_logging为true时,它会创建s3存储桶,并且需要使用该存储桶来存储负载平衡器访问日志。我的负载均衡器访问日志看起来像-
resource aws_lb alb {
internal = var.alb_is_public ? false : true
security_groups = compact(concat(aws_security_group.additional_security_groups.*.id, list(aws_security_group.main.id), list(aws_security_group.account_inbound_rules_arm.id)))
subnets = local.alb_subnets
tags = var.tags
access_logs {
count = length(aws_s3_bucket.lb_logging)
bucket = "${aws_s3_bucket.lb_logging[count.index].bucket}"
enabled = var.enable_lb_logging ? true : false
}
}
在部署过程中,我收到以下错误
2022-09-08T16:08:46.5043258Z ##[error][1m[31mError: [0m[0m[1mReference to "count" in non-counted context[0m
2022-09-08T16:08:46.5063266Z ##[error][0m on modulesload-balancers.tf line 16, in resource "aws_lb" "alb":
2022-09-08T16:08:46.5110603Z ##[error] 16: bucket = "${aws_s3_bucket.lb_logging[[4mcount.index[0m].bucket}"
2022-09-08T16:08:46.5116983Z ##[error][0m
2022-09-08T16:08:46.5119949Z ##[error]The "count" object can only be used in "module", "resource", and "data"
2022-09-08T16:08:46.5122470Z ##[error]blocks, and only when the "count" argument is set.
有人能帮我吗?如何在负载均衡器中使用count?
错误非常明显。你不能在任何地方使用count元参数,也就是说,在你的情况下,你不能在你想要的块中使用它:
access_logs {
count = length(aws_s3_bucket.lb_logging) # <----- This cannot be done
bucket = "${aws_s3_bucket.lb_logging[count.index].bucket}"
enabled = var.enable_lb_logging ? true : false
}
然而,与你为bucket所做的类似,你可以做一些类似的事情:
resource aws_lb alb {
count = var.enable_lb_logging ? 1 : 0
internal = var.alb_is_public ? false : true
security_groups = compact(concat(aws_security_group.additional_security_groups.*.id, list(aws_security_group.main.id), list(aws_security_group.account_inbound_rules_arm.id)))
subnets = local.alb_subnets
tags = var.tags
access_logs {
bucket = aws_s3_bucket.lb_logging[count.index].bucket
enabled = var.enable_lb_logging ? true : false
}
}
问题仍然存在,您是否希望ALB取决于bucket或其他变量。在这种情况下,您可以使用不同的变量,但随后您必须弄清楚如何获取bucket索引。如果你确信只有一个bucket,你甚至可以硬编码索引:
resource aws_lb alb {
internal = var.alb_is_public ? false : true
security_groups = compact(concat(aws_security_group.additional_security_groups.*.id, list(aws_security_group.main.id), list(aws_security_group.account_inbound_rules_arm.id)))
subnets = local.alb_subnets
tags = var.tags
access_logs {
bucket = aws_s3_bucket.lb_logging[0].bucket
enabled = var.enable_lb_logging ? true : false
}
}
但是,由于bucket是必需的参数,因此可以根据var.enable_lb_logging的值使用动态块,例如:
resource aws_lb alb {
internal = var.alb_is_public ? false : true
security_groups = compact(concat(aws_security_group.additional_security_groups.*.id, list(aws_security_group.main.id), list(aws_security_group.account_inbound_rules_arm.id)))
subnets = local.alb_subnets
tags = var.tags
dynamic "access_logs" {
for_each = var.enable_lb_logging ? [1] : []
content {
bucket = aws_s3_bucket.lb_logging[0].bucket
enabled = var.enable_lb_logging
}
}
}