我正在使用Terraform脚本在AWS上提供AWS资源。这就是剧本。要运行这个脚本,我需要打开我们的域和AWS之间的防火墙。我如何知道这个脚本在AWS上访问哪个url来提供资源?我希望在terraform应用命令的输出中看到那个URL。
Terraform应用程序-运行此脚本
provider "aws" {
region = "us-east-2"
access_key = "validaccesskey"
secret_key = "validsecretkey"
max_retries = 1
}
resource "aws_vpc" "AWS_VPC"{
cidr_block = "10.0.0.0/16"
tags = {
Name = "Main VPC"
}
}
resource "aws_instance" "my_web_server" {
ami = "ami-00843a337042b9b8b"
instance_type = "t2.micro"
tags = {
Name="DEV server"
}
}
指定环境变量TF_LOG=TRACE:https://www.terraform.io/docs/cli/config/environment-variables.html。这样就会生成大量的日志,URL就会在那里可见。
您可能需要将任何*.amazonaws.com或多个service.amazonaws.com列入白名单。
例如
resource "aws_sns_topic" "topic" { name = "testing" }
在运行terraform init之后,我们可以运行
AWS_ACCESS_KEY_ID="asd" AWS_SECRET_ACCESS_KEY="test" TF_LOG=TRACE terraform apply
并且看到有针对sts.amazonaws.com:的请求
2021-03-16T16:33:17.417+0100 [INFO] plugin.terraform-provider-aws_v3.32.0_x5: 2021/03/16 16:33:17 [DEBUG] [aws-sdk-go] DEBUG: Request sts/GetCallerIdentity Details:
---[ REQUEST POST-SIGN ]-----------------------------
POST / HTTP/1.1
Host: sts.amazonaws.com
User-Agent: aws-sdk-go/1.37.24 (go1.16; darwin; amd64) APN/1.0 HashiCorp/1.0 Terraform/0.14.8 (+https://www.terraform.io) terraform-provider-aws/dev (+https://registry.terraform.io/providers/hashicorp/aws)
Content-Length: 43
Authorization: AWS4-HMAC-SHA256 Credential=asd/20210316/us-east-1/sts/aws4_request, SignedHeaders=content-length;content-type;host;x-amz-date, Signature=d1215314fb3271dc87ca655071b179cad44c73c882bddb6a0e2bbef91514a00e
Content-Type: application/x-www-form-urlencoded; charset=utf-8
X-Amz-Date: 20210316T153317Z
Accept-Encoding: gzip
Action=GetCallerIdentity&Version=2011-06-15
-----------------------------------------------------: timestamp=2021-03-16T16:33:17.417+0100
您可以围绕URL定义输出变量:https://www.terraform.io/docs/language/values/outputs.html
这样,在运行terraform apply之后,输出值最终会显示出来,如果您希望在将来切换该值,则只需运行terraform output [options] [NAME]即可。