我正在创建一个简单的地形模块,比如这个
resource "aws_s3_bucket" "terraform_state" {
bucket = var.bucket
lifecycle_rule = var.s3_lifecycle
versioning {
enabled = true
mfa_delete = false
}
server_side_encryption_configuration = var.s3_server_side_encryption_configuration
policy = var.s3_policy
tags = var.s3_tags
force_destroy = var.s3_force_destroy
logging = var.s3_logging
}
除了bucket名称之外,所有变量都定义为映射。
当我尝试调用类似的模块时
module "backend" {
source = "../"
bucket = "terraform_state_test_${random_id.random_bucket_id.hex}"
s3_lifecycle = {
prevent_destroy = false
}
s3_force_destroy = false
s3_tags = {
TerraformManaged = "true"
env = "test"
}
s3_server_side_encryption_configuration = {
rule = {
apply_server_side_encryption_by_default = {
sse_algorithm = "AES256"
}
}
}
}
我在所有的地图上都有几个错误(除了"标签"(,比如这个
Error: Unsupported argument
on ../main.tf line 11, in resource "aws_s3_bucket" "terraform_state":
11: server_side_encryption_configuration = var.s3_server_side_encryption_configuration
An argument named "server_side_encryption_configuration" is not expected here.
Did you mean to define a block of type "server_side_encryption_configuration"?
我不明白我做错了什么。。。有人能帮我吗?
谢谢,
根据文档,这是不正确的。
server_side_encryption_configuration=var.s3_server_side _encrypto_configuration
resource "aws_s3_bucket" "mybucket" {
bucket = "mybucket"
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
kms_master_key_id = aws_kms_key.mykey.arn
sse_algorithm = "aws:kms"
}
}
}
}
启用默认服务器端加密
这里有一个很好的例子。
# Max 1 block - server_side_encryption_configuration
dynamic "server_side_encryption_configuration" {
for_each = length(keys(var.server_side_encryption_configuration)) == 0 ? [] : [var.server_side_encryption_configuration]
content {
dynamic "rule" {
for_each = length(keys(lookup(server_side_encryption_configuration.value, "rule", {}))) == 0 ? [] : [lookup(server_side_encryption_configuration.value, "rule", {})]
content {
dynamic "apply_server_side_encryption_by_default" {
for_each = length(keys(lookup(rule.value, "apply_server_side_encryption_by_default", {}))) == 0 ? [] : [
lookup(rule.value, "apply_server_side_encryption_by_default", {})]
content {
sse_algorithm = apply_server_side_encryption_by_default.value.sse_algorithm
kms_master_key_id = lookup(apply_server_side_encryption_by_default.value, "kms_master_key_id", null)
}
}
}
}
}
}
根据您的需要,您可以自定义模块的示例。