我使用terraform来创建IAM用户。如何使用 terraform 为 AWS CodeCommit 生成 HTTPS Git 凭证?
我的代码 :
resource "aws_iam_user" "gitlab" {
name = "user-gitlab"
}
resource "aws_iam_policy_attachment" "gitlab" {
name = "iam-gitlab"
users = ["${aws_iam_user.gitlab.name}"]
policy_arn = "arn:aws:iam::aws:policy/AWSCodeCommitPowerUser"
}
问候
使用 data.external 执行 CLI 脚本:
credentials=$(aws --profile dev iam list-service-specific-credentials
--user-name jenkins --service-name codecommit.amazonaws.com --query 'ServiceSpecificCredentials[0]')
if [[ $credentials == "null" ]]; then
credentials=$(aws --profile dev iam create-service-specific-credential --user-name jenkins
--service-name codecommit.amazonaws.com --query ServiceSpecificCredential)
fi
echo "$credentials"
然后是地形:
data "external" "jenkins" {
program = ["${path.root}/jenkins.sh"]
}
resource "aws_ssm_parameter" "jenkins_cc_id" {
name = "${local.jenkins}/codecommit_https_user"
value = "${lookup(data.external.jenkins.result, "ServiceUserName", "")}"
}
resource "aws_ssm_parameter" "jenkins_cc_p" {
name = "${local.jenkins}/codecommit_https_pass"
value = "${lookup(data.external.jenkins.result, "ServicePassword", "")}"
}
该功能已在 4.1.0 (https://github.com/hashicorp/terraform-provider-aws/blob/v4.1.0/CHANGELOG.md).
中实现。看看 https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/iam_service_specific_credential#service_specific_credential_id
resource "aws_iam_service_specific_credential" "example" {
service_name = "codecommit.amazonaws.com"
user_name = aws_iam_user.example.name
}
不幸的是,Terraform中似乎不支持此API。 我建议您在 AWS 提供商 GitHub 存储库中发布功能请求。