我正在使用terraform开发用于用户池身份验证的lambda授权器,我需要动态设置从src>modules>application-services>modules>application-service>variables.tf
到src>modules>lambda-auth>variables.tf
的环境变量。我不知道如何引用它——我已经在application-services>modules>application-service>variables.tf
的outputs.tf中声明了它们。这是我的文件结构。
📦src
┣ 📂modules
┃ ┣ 📂application-services
┃ ┃ ┣ 📂modules
┃ ┃ ┃ ┗ 📂application-service
┃ ┃ ┃ ┃ ┣ 📜api.tf
┃ ┃ ┃ ┃ ┣ 📜outputs.tf
┃ ┃ ┃ ┃ ┣ 📜providers.tf
┃ ┃ ┃ ┃ ┣ 📜stage-variables.tf
┃ ┃ ┃ ┃ ┣ 📜stages.tf
┃ ┃ ┃ ┃ ┗ 📜variables.tf
┃ ┃ ┣ 📜application-service.tf
┃ ┃ ┣ 📜providers.tf
┃ ┃ ┗ 📜variables.tf
┃ ┣ 📂lambda-auth
┃ ┃ ┣ 📂resource
┃ ┃ ┃ ┗ 📜lambda-authorizer.zip
┃ ┃ ┣ 📂src
┃ ┃ ┃ ┗ 📜auth.go
┃ ┃ ┣ 📜lambda.tf
┃ ┃ ┣ 📜providers.tf
┃ ┃ ┗ 📜variables.tf
┣ 📜application-services.tf
┣ 📜main.tf
┣ 📜outputs.tf
┣ 📜providers.tf
┣ 📜remote.tf
┗ 📜variables.tf
┗ 📜lambda-main.tf
这是我的src>模块>应用程序>服务>模块>应用程序服务>输出.tf文件
output "user-pool-id" {
value = var.service.app_name
}
这是我的src>模块>应用程序>服务>模块>应用程序服务>variables.tf文件
variable "service" {
description = "The service which we want to deploy into the gateway"
type = object({
name = string
app_name = string
route = string
attributes = map(string)
user_pool_arns = list(string)
environments = list(object({
name = string
vpcLinkId = string
domainId = string
uri = string
}))
})
}
我想获取";app_name";,并且在src>modules>lambda-auth>lambda.tf
中使用它;应用程序名称"代替";var.dev_appid";,我已经注意到了其他方面,比如创建IAM角色和政策。
resource "aws_lambda_function" "authorizer_lambda_parser" {
filename = data.archive_file.lambda_resources_zip.output_path
function_name = "lambda-authorizer"
handler = "auth.go"
runtime = "go1.x"
role = aws_iam_role.lambda_authorizer_parser_role.arn
source_code_hash = data.archive_file.lambda_resources_zip.output_base64sha256
environment {
variables = {
Dev_Region = var.dev_region
Dev_AppID = var.dev_appid
Dev_Stage = var.dev_stage
Dev_UserPoolId = var.dev_userpoolid
Dev_CognitoClients = var.dev_cognitoclient
Prod_Region = var.prod_region
Prod_AppId = var.prod_appid
Prod_Stage = var.prod_stage
Prod_UserPoolId = var.prod_userpoolid
Prod_CognitoClients = var.prod_cognitoclient
}
}
}
这是我的src>modules>lambda-auth>variables.tf
文件
variable "dev_region" {
default = ""
type = string
description = "Region for Dev Environment"
}
variable "dev_appid" {
default = ""
type = string
description = " App ID for Dev Environment"
}
variable "dev_stage" {
default = ""
type = string
description = " Stage for Dev Environment"
}
variable "dev_userpoolid" {
default = ""
type = string
description = " User Pool ID for Dev Environment"
}
variable "dev_cognitoclient" {
default = ""
type = string
description = " Cognito Client ID for Dev Environment"
}
variable "prod_region" {
default = ""
type = string
description = "Region for Prod Environment"
}
variable "prod_appid" {
default = ""
type = string
description = " App ID for Prod Environment"
}
variable "prod_stage" {
default = ""
type = string
description = " Stage for Prod Environment"
}
variable "prod_userpoolid" {
default = ""
type = string
description = " User Pool ID for Prod Environment"
}
variable "prod_cognitoclient" {
default = ""
type = string
description = " Cognito Client ID for Prod Environment"
}
这是我的lambda-main.tf文件:
module "lambda-auth" {
source = "lambda-auth"
prod_userpoolid = module.application-services.user-pool-id
}
这是我的src>application-serivces.tf
文件:
#我们检索每个服务的必要信息,包括:user_pool_arns、vpcLinkId、domainId当地人{app_service_input={对于app_file,应用程序在本地。app_object_list:application.name=>flat([对于application.services中的服务:[merge(service,{app_name=应用程序名称user_pool_arns=[对于application.user_pools:module.iam-pools[user_pool].results.pool.arn]中的user_poolenvironments=[对于服务中的环境。environments:{name=环境名称vpcLinkId=模块网关链接[environment.link].results.vpcLinkIddomainId=模块.网关域[app_file].results.domain[application.domains.service][environment.name]uri=环境.uri}]}(]])}}
module "application-services" {
source = "./modules/application-services"
providers = {
aws.gateway = aws.networking
}
for_each = local.app_service_input
application_services = each.value
}
我不知道如何从一个模块引用到另一个模块,提前谢谢。
根本不能将值直接从一个模块引用到另一个模块。声明module
的级别是唯一可以访问模块输出的级别。要将这些值传递到其他级别,您还必须将该值声明为application-services
模块的输出,这将使其在main
中可用。然后为lambda
模块声明一个输入变量,并让main
将该值传递给lambda
模块。
application-services/outputs.tf
output "user-pool-id" {
value = module.application-service.user-pool-id
}
main.tf
module "lambda-auth" {
source = "lambda-auth"
prod_userpoolid = module.application-services.user-pool-id
}