我有一个script.yml
与许多命令,我想传递给我的terraform- laws -imagebuilder-component-shell模块。需要这个yaml文件来加固我的ec2-image-builder管道。我可以很容易地从aws控制台图像构建器中创建管道的这个组件,但我正试图改造我从这里得到的整个项目——>https://github.com/rhythmictech/terraform-aws-imagebuilder-component-shell。我是Terraform的新手,根据我的研究,我需要在我的variables.tf
中注入我的yaml文件中的命令列表。请看下面我的代码:
script.yml
(文件比这个长,但只是给你一个想法)
schemaVersion: 1.0
phases:
- name: build
steps:
- name: CISBenchmarkHardening
action: ExecuteBash
inputs:
commands:
# §1.1
- echo "install cramfs /bin/true" > /etc/modprobe.d/cramfs.conf
- echo "install vfat /bin/true" > /etc/modprobe.d/vfat.conf
- echo "install squashfs /bin/true" > /etc/modprobe.d/squashfs.conf
- echo "install udf /bin/true" > /etc/modprobe.d/udf.conf
- echo "install usb-storage /bin/true" > /etc/modprobe.d/usb-storage.conf
# §1.2
- echo "localpkg_gpgcheck=1" >> /etc/yum.conf
variables.tf
variable "change_description" {
default = null
description = "description of changes since last version"
type = string
}
variable "cloudformation_timeout" {
default = 10
description = "How long to wait (in minutes) for CFN to apply before giving up"
type = number
}
variable "commands" {
default = ["command 1"] # need to update
description = "List of strings. Each string is a shell command"
type = list(string)
}
variable "component_version" {
default = "1.0.0"
description = "Version of the component"
type = string
}
variable "create" {
default = true
description = "A flag to disable creation of the component"
type = bool
}
variable "data_uri" {
default = null
description = "Use this to override the component document with one at a particular URL endpoint"
type = string
}
variable "description" {
default = null
description = "description of component"
type = string
}
variable "kms_key_id" {
default = null
description = "KMS key to use for encryption"
type = string
}
variable "name" {
default = "testcomponent"
description = "name to use for component"
type = string
}
variable "phase" {
default = "build"
description = "The Image Builder phase this component is in, either 'build' or 'test'."
type = string
}
# TODO: add validation
variable "platform" {
default = "Linux"
description = "platform of component (Linux or Windows)"
type = string
}
variable "tags" {
default = {}
description = "map of tags to use for CFN stack and component"
type = map(string)
}
正如你可以看到我的script.yml
文件一样多的命令,我想知道最聪明的方式来传递这些命令给我的variables.tf
,或者最好保持事情更干净,让我的script.yml
座位在我的repo的某个地方,并传递它作为command
在我的variables.tf
的输入。希望这有意义:(!!让我知道,如果我错过了什么,我会非常感激任何指示…祝福
如果您打算按原样重用该模块,您应该遵循它们的使用示例:
module "test_shell_component" {
...
commands = ["echo 'Testing Component'"]
tags = local.tags
...
}
如果你看一下他们是如何定义他们的var.命令的,你会看到需求是list(string)
,有一个非常好的描述,说每个字符串是一个命令:
variable "commands" {
description = "List of strings. Each string is a shell command"
type = list(string)
}
或者在你的情况下,它将是这样的:
module "karl_test" {
source = "rhythmictech/imagebuilder-component-shell/aws"
version = "~> 0.1.0"
component_version = "1.0.0"
description = "Testing component"
name = "testing-component"
commands = [
"echo "install cramfs /bin/true" > /etc/modprobe.d/cramfs.conf",
"echo "install vfat /bin/true" > /etc/modprobe.d/vfat.conf",
"echo "install squashfs /bin/true" > /etc/modprobe.d/squashfs.conf",
"echo "install udf /bin/true" > /etc/modprobe.d/udf.conf",
"echo "install usb-storage /bin/true" > /etc/modprobe.d/usb-storage.conf"
]
tags = local.tags
}