我在尝试获取aws提供程序的帐户id时遇到问题,该提供程序不是将部署资源的提供程序。这是我的场景:
main.tf(根目录(
terraform {
backend "s3" {
[Omitted]
}
}
module "ASDF" {
source = "./modules/asdf"
providers = {
aws-account1 = aws.acc1
aws-account2 = aws.acc2
}
}
提供者.tf(根目录(
provider "aws" {
alias = "acc1"
profile = "profile-acc1"
region = "eu-west-1"
}
provider "aws" {
alias = "acc2"
profile = "profile-acc2"
region = "eu-west-1"
}
main.tf(asdf模块(
terraform {
required_providers {
aws-account1 = {
source = "hashicorp/aws"
version = "~> 3.65.0"
}
aws-account2 = {
source = "hashicorp/aws"
version = "~> 3.65.0"
}
}
}
数据.tf(asdf模块(
data "aws_caller_identity" "account1" {
provider = aws-account1
}
data "aws_caller_identity" "account2" {
provider = aws-account2
}
λ.tf(asdf模块(
resource "aws_lambda_function" "asdfLambda" {
provider = aws-account1
role = aws_iam_role.asdfLambdaExecutionRole.arn
[Omitted]
}
resource "aws_iam_role" "asdfLambdaExecutionRole" {
provider = aws-account1
[Omitted]
}
resource "aws_lambda_permission" "asdfLambdaApiGatewayPermission" {
provider = aws-account1
action = "lambda:InvokeFunction"
function_name = aws_lambda_function.asdfLambda.function_name
principal = "apigateway.amazonaws.com"
source_account = data.aws_caller_identity.account2.account_id
source_arn = [APIGateway arn in account2]
}
有了这个地形文件,在asdfLambdaApiGatewayPermission中的source_account中,我得到了我想要(和需要(的account1 id,而不是account2 id。调用这个lambda的api网关在另一个帐户中,所以我需要关于这个第二个提供者的所有信息(accountid、region等(
我遇到了这个GitHub问题(https://github.com/hashicorp/terraform-provider-aws/issues/1078)这与我的问题类似,但在我的情况下,问题是模块内部,正如GitHub主题中的答案所述,我可能会遇到一些问题
你知道我怎样才能做到这一点吗??我知道我可以使用一个带有accountID的变量,但我希望以动态的方式获得accountID(在我的情况下,我在.aws/config中使用概要文件(,而不是强迫用户在变量中写入每个accountID。
根据Hashicorp文档,子模块(asdf(的main.tf文件应该是:
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.65.0"
configuration_aliases = [ aws-account1, aws-account2]
}
}
}
否则,asdf模块的main.tf将使用默认的aws配置文件配置两个提供程序,我猜您的错误是account1。