我正在尝试运行我的地形脚本,但它抛出了上述错误。
项目简介:我正在使用AWS组织创建一个AWS多帐户基础设施,以创建一个开发和生产环境。此处显示的脚本仅适用于dev_account
我为组织单位(ou(和帐户创建了一个不同的模块,并在根模块中对它们进行了调用
根main.tf
# Root main.tf
module "dev_account" {
source = "./modules/accounts"
name = "development_account"
parent_id = aws_organizations_organizational_unit.development.id
email = "myemail@gmail.com"
}
组织单元(ou(模块
# ./modules/ous/main.tf
data "aws_organizations_organization" "root" {}
locals {
root_id = data.aws_organizations_organization.root.roots[0].id
}
resource "aws_organizations_organizational_unit" "development" {
name = "development_ou"
parent_id = local.root_id
}
账户模块
# ./modules/accounts/main.tf
# Showing only dev_account
resource "aws_organizations_account" "dev_account" {
name = var.name
email = var.email
parent_id = var.parent_id
}
resource "aws_iam_account_password_policy" "dev_account" {
max_password_age = var.max_password_age
minimum_password_length = var.minimum_password_length
allow_users_to_change_password = var.allow_users_to_change_password
hard_expiry = var.hard_expiry
password_reuse_prevention = var.password_reuse_prevention
require_lowercase_characters = var.require_lowercase_characters
require_uppercase_characters = var.require_uppercase_characters
require_numbers = var.require_numbers
require_symbols = var.require_symbols
}
账户模块变量
# ./modules/accounts/variables.tf
variable "name" {
default = "development_account"
}
variable "email" {
default = "myemail@gmail.com"
}
variable "parent_id" {
description = "parent of root organization"
}
variable "max_password_age" {
default = "90"
}
variable "minimum_password_length" {
default = "8"
}
variable "allow_users_to_change_password" {
default = "true"
}
variable "hard_expiry" {
default = "true"
}
variable "password_reuse_prevention" {
default = "true"
}
variable "require_lowercase_characters" {
default = "true"
}
variable "require_uppercase_characters" {
default = "true"
}
variable "require_numbers" {
default = "true"
}
variable "require_symbols" {
default = "false"
}
错误
Error: Reference to undeclared resource
│
│ on main.tf line 16, in module "dev_account":
│ 16: parent_id = aws_organizations_organizational_unit.development.id
│
│ A managed resource "aws_organizations_organizational_unit" "development" has not been declared in the root module.
我目前正纠结于如何解决这个
我不知道你是否只是作为一个例子提到它,而是在你的模块中"dev_account">您指的是已经作为模块定义本身的输入传递的ID。
因此,为了更通用,为了使用资源输出,您需要指定它
- 在组织单元(ou(模块中创建output.tf
- 添加以下块:
output "development_account_id" {
description = "Development account ID"
value = aws_organizations_organizational_unit.development.id
}
- 现在在main.tf文件中,在调用模块中,您可以如下使用它:
parent_id = module.development.development_account_id
现在,您的模块有一个输入,可以由根主文件中的另一个模块使用。请相应地调整命名。我希望这会有所帮助。