Terraform：使用变量创建多个指标过滤器和警报

我希望创建具有多个警报和操作的多个指标筛选器。这是我到目前为止所拥有的。尝试参数化"alarm_actions"部分时不断出现错误，而无需手动重复键入警报操作 ARN：

# variables.tf
# 2 Log groups - group1 & group2 
variable "log_groups" {
type  = list(object({})

default = [
{
name = "group1"
retention_in_days = 10
},
{
name = "group2"
retention_in_days = 7
},
]
}
# Metric filters - 2 for group1 & 1 for group2
variable "metric_filters" {
type  = list(object({}))
default = [
# Group1 - Metric filters
{
name    = "group1-filter1"
pattern = "abc"
group   = "group1"
},
{
name    = "group1-filter2"
pattern = "xyz"
group   = "group1"
},
# Group2 - Metric filters
{
name    = "group2-filter1"
pattern = "abcdef"
group   = "group2"
},
]
}
# Alarms - with variable number of actions
variable "alarms" {
type  = list(object({}))
default = [
{
name          = "group1-filter1-alarm"
period        = 120
alarm_actions = ["action1"]
},
{
name          = "group1-filter2-alarm"
period        = 300
alarm_actions = ["action1", "action2"]
},
{
name          = "group2-filter1-alarm"
period        = 60
alarm_actions = []
},
]
}

现在为日志组和指标过滤器创建资源很简单(尽管我希望避免在变量中重复日志组名称，但我可以接受(

resource "aws_cloudwatch_log_group" "log_groups" {
for_each          = { for x in var.log_groups : x.name => x }
name              = each.value.name
retention_in_days = each.value.retention_in_days
}
resource "aws_cloudwatch_log_metric_filter" "metric_filters" {
for_each       = { for x in var.metric_filters : x.name => x }
name           = each.value.name
pattern        = each.value.pattern
log_group_name = each.value.group
metric_transformation {
name          = each.value.name
namespace     = "xyz-namespace"
value         = "1"
}
}

问题在于在不重复我的代码的情况下创建alarm_actions。如何将 SNS 通知的 ARN 声明为变量，然后在变量中重用它们(我猜 terraform 不允许变量中的变量(。或者，我可以使用data功能按名称获取 SNS，但用于 alarm_actions 的嵌套 for 循环在警报资源块内失败：

data "aws_sns_topic" "action1" {
name = "action1"
}
data "aws_sns_topic" "action2" {
name = "action2"
}
resource "aws_cloudwatch_metric_alarm" "alarms" {
for_each            = { for x in var.alarms : x.name => x }
alarm_name          = each.value.name
comparison_operator = "GreaterThan"
evaluation_periods  = "1"
metric_name         = each.value.name
namespace           = "xyz-namespace"
period              = each.value.period
statistic           = "Sum"
threshold           = "1"
alarm_actions = [for a in each.value.alarm_actions : "data.aws_sns_topic.${a}.arn"]
}

我得到的错误是

Error: "alarm_actions.0" does not match EC2 automation ARN ("^arn:[\w-]+:automate:[\w-]+:ec2:(reboot|recover|stop|terminate)$"): "data.aws_sns_topic.action1.arn"

即它看起来像表达式data.aws_sns_topic.${a}.arn获取${a}的值，然后将其视为字符串

如果您愿意，可以连接 ARN：
"arn:aws:sns:us-east-2:841836440000:action1"
这应该很简单，您只需要更多项目
"arn:aws:sns:{region}:{account}:{name}"

另一种选择是对数据进行循环，如下所示：

variable "alarms" {
type = list(object({
name          = string
period        = number
alarm_actions = list(string)
}))
default = [
{
name          = "group1-filter1-alarm"
period        = 120
alarm_actions = ["action1"]
},{
name          = "group1-filter2-alarm"
period        = 300
alarm_actions = ["action1", "action2"]
},
]
}
data "aws_sns_topic" "actions" {
for_each = toset(flatten([for x in var.alarms : x.alarm_actions]))
name     = each.value
}
resource "aws_cloudwatch_metric_alarm" "alarms" {
for_each            = { for x in var.alarms : x.name => x }
alarm_name          = each.value.name
comparison_operator = "GreaterThanThreshold"
evaluation_periods  = "1"
metric_name         = each.value.name
namespace           = "xyz-namespace"
period              = each.value.period
statistic           = "Sum"
threshold           = "1"
alarm_actions       = [for a in each.value.alarm_actions : data.aws_sns_topic.actions[a].arn]
}
output "actions" {
value = data.aws_sns_topic.actions
}

经测试可与以下产品配合使用：

Terraform v0.12.24
+ provider.aws v2.54.0

相关内容

最新更新

热门标签：