I have this in my main.tf
module "service_accout_iam_role" {
for_each = { for sa in local.service_accounts : sa.name => sa }
source = "./service_account_iam_role"
environment = var.environment
eks_cluster_name = var.eks_cluster_name
account_id = var.account_id
region = var.region
service_account_name = each.value.name
namespace = each.value.namespace
policies = each.value.policies
}
And
locals {
service_accounts = [
{
name = "my-account"
namespace = "test123"
policies = [
{
name = "deleteS3"
resources = [
"arn:aws:s3:::my-dev-bucket",
"arn:aws:s3:::my-qa-bucket",
"arn:aws:s3:::my-Prod-bucket"
]
},
]
},
]
}
当我在dev中运行terform apply时,它应该在dev中提供权限,当我运行qa时,它需要访问qa,对于生产也是如此。我怎么写条件呢?
应该有三个独立的环境的设置。这通常是使用工作区完成的。否则,当你改变你的环境时,你将只是覆盖旧环境的设置。