我刚刚更新了我的问题,包括我的terragrunt。HCL会调用main函数。在不同的环境中创造资源。我不知道如何替换具有${aws_sqs_queue.Trail_SQS.arn}的策略的资源部分,因为我需要根据我所工作的环境在它们中有不同的名称,我也不知道如何在我的terragrunt.hcl.please guys我需要一些帮助。由于inadvance
Main.tf
resource "aws_sqs_queue" "Trail_SQS"{
name = var.aws_sqs
visibility_timeout_seconds = var.visibility_timeout_seconds
max_message_size = var.max_message_size
message_retention_seconds = var.message_retention_seconds
delay_seconds = var.delay_seconds
receive_wait_time_seconds = var.receive_wait_time_seconds
redrive_policy = jsonencode({
deadLetterTargetArn = aws_sqs_queue.Trail_SQS_DLQ.arn
maxReceiveCount = var.max_receive_count
})
}
resource "aws_sqs_queue" "Trail_SQS_DLQ"{
name = var.dead_letter_queue
visibility_timeout_seconds = var.visibility_timeout_seconds
max_message_size = var.max_message_size
message_retention_seconds = var.message_retention_seconds
delay_seconds = var.delay_seconds
receive_wait_time_seconds = var.receive_wait_time_seconds
}
resource "aws_iam_role" "ronix_access_role" {
name = var.role_name
description = var.description
assume_role_policy = data.aws_iam_policy_document.trust_relationship.json
}
data "aws_iam_policy_document" "ronix_policy_document"{
statement{
actions = [
"sqs:DeleteMessage",
"sqs:GetQueueUrl",
"sqs:ReceiveMessage",
"sqs:SendMessage",
"sqs:SetQueueAttributes"
]
effect = "Allow"
resources =[
"${aws_sqs_queue.Trail_SQS.arn}"
] }
resource "aws_iam_policy" "ronix_policy" {
name = "ronix_access_policy"
description = "ronix policy to access SQS"
policy = data.aws_iam_policy_document.securonix_policy_document.json
resource "aws_iam_role_policy_attachment" "ronix_policy_attachment" {
policy_arn = aws_iam_policy.ronix_policy.arn
role = aws_iam_role.ronix_access_role.id
}
resource "aws_sqs_queue_policy" "trail_SQS_Policy" {
queue_url = aws_sqs_queue.Trail_SQS.id
policy = <<POLICY
{ "Version": "2012-10-17",
"Id": "sqspolicy",
"Statement": [
{
"Sid": "AllowSQSInvocation",
"Effect": "Allow",
"Principal": {"AWS":"*"},
"Action": "sqs:*",
"Resource": "${aws_sqs_queue.Trail_SQS.arn}"
Terragrunt.hcl to call main.tf
terraform {
source = "../../../../..//module"
}
include {
path = find_in_parent_folders()
}
inputs = {
event_log_bucket_name = "trailbucket-sqs-logs"
aws_sqs_queue_name = "Trail_SQS"
dead_letter_queue_name = "Trail_SQS_DLQ"
role_name = "ronix_access_role"
description = "Role for ronix access"
kms_key_arn = "ARN of the key"
}
}
我不知道你的设置,但有几种方法可以做到。
1 -使用工作区。
如果你正在使用terraform中的工作区,假设你有dev和prod作为工作区,你可以简单地这样做:
locals.tf:
locals {
env = terraform.workspace
}
sqs.tf:
resource "aws_sqs_queue" "my_sqs" {
name = "${local.env}-sqs"
...
}
它将根据您所在的每个工作区创建两个sqs:dev-sqs和prod-sqs。
2 -如果你在你的设置中使用环境变量,你需要发送它到terraform,如:
export TF_VAR_ENV=prod
那么你的设置将是这样的:
variables.tf:
variable "ENV" {
type = string
}
sqs.tf
resource "aws_sqs_queue" "my_sqs" {
name = "${var.ENV}-sqs"
...
}