Terraform -复制AWS SSM参数
长期潜伏的第一次海报
寻求你们的指导。我试图复制aws命令,从本质上获取参数(ssm获取参数-逐路径),然后循环遍历参数,然后循环获得参数,并将它们放入一个新参数(ssm - put参数)。
我知道TF中有一个for循环表达式,但是对于我的生活,我不能把我如何实现这个目标结合起来。所以,多亏了下面的精彩分解,我离得更近了!但有一个问题。代码如下:
provider "aws" {
region = "us-east-1"
}
data "aws_ssm_parameters_by_path" "parameters" {
path = "/${var.old_env}"
recursive = true
}
output "old_params_by_path" {
value = data.aws_ssm_parameters_by_path.parameters
sensitive = true
}
locals {
names = toset(data.aws_ssm_parameters_by_path.parameters.names)
}
data "aws_ssm_parameter" "old_param_name" {
for_each = local.names
name = each.key
}
output "old_params_names" {
value = data.aws_ssm_parameter.old_param_name
sensitive = true
}
resource "aws_ssm_parameter" "new_params" {
for_each = local.names
name = replace(data.aws_ssm_parameter.old_param_name[each.key].name, var.old_env, var.new_env)
type = data.aws_ssm_parameter.old_param_name[each.key].type
value = data.aws_ssm_parameter.old_param_name[each.key].value
}我还有另一个文件,比如这个有用的海报是如何提到和创建初始数据集的。但有趣的是,在创建完第二组之后的集合之后,它会覆盖第一组!我的想法是,我可以告诉terraform,我有这组SSM参数,我希望您复制这个信息(值,类型),并创建一个全新的参数集(而不是破坏任何已经存在的参数)。
任何和所有的帮助都将不胜感激!
回答 1
Stack Overflow用户
发布于 2022-07-20 13:32:51
我明白,一开始很不容易。我将试着一步一步地阐述我是如何做到这一点的。
不管怎么说,包含您以前尝试过的任何代码都是很好的,即使不起作用。
首先,我创建了一些示例参数:
# create_parameters.tf
resource "aws_ssm_parameter" "p" {
count = 3
name = "/test/${count.index}/p${count.index}"
type = "String"
value = "test-${count.index}"
}然后我试着去看它们:
# example.tf
data "aws_ssm_parameters_by_path" "parameters" {
path = "/test/"
recursive = true
}
output "params_by_path" {
value = data.aws_ssm_parameters_by_path.parameters
sensitive = true
}作为我收到的输出:terraform output params_by_path
{
"arns" = tolist([
"arn:aws:ssm:eu-central-1:999999999999:parameter/test/0/p0",
"arn:aws:ssm:eu-central-1:999999999999:parameter/test/1/p1",
"arn:aws:ssm:eu-central-1:999999999999:parameter/test/2/p2",
])
"id" = "/test/"
"names" = tolist([
"/test/0/p0",
"/test/1/p1",
"/test/2/p2",
])
"path" = "/test/"
"recursive" = true
"types" = tolist([
"String",
"String",
"String",
])
"values" = tolist([
"test-0",
"test-1",
"test-2",
])
"with_decryption" = true
}如果没有额外的处理,aws_ssm_parameters_by_path是不可用的,因此我们需要使用另一个数据源,以便为提供的参数副本获取合适的对象。在我找到aws_ssm_parameter的文档中。但是,要使用它,我需要参数的全名。
我在上一阶段中检索到的参数名称的列表,所以现在只需要迭代它们:
# example.tf
locals {
names = toset(data.aws_ssm_parameters_by_path.parameters.names)
}
data "aws_ssm_parameter" "param" {
for_each = local.names
name = each.key
}
output "params" {
value = data.aws_ssm_parameter.param
sensitive = true
}因此,我得到:terraform output params
{
"/test/0/p0" = {
"arn" = "arn:aws:ssm:eu-central-1:999999999999:parameter/test/0/p0"
"id" = "/test/0/p0"
"name" = "/test/0/p0"
"type" = "String"
"value" = "test-0"
"version" = 1
"with_decryption" = true
}
"/test/1/p1" = {
"arn" = "arn:aws:ssm:eu-central-1:999999999999:parameter/test/1/p1"
"id" = "/test/1/p1"
"name" = "/test/1/p1"
"type" = "String"
"value" = "test-1"
"version" = 1
"with_decryption" = true
}
"/test/2/p2" = {
"arn" = "arn:aws:ssm:eu-central-1:999999999999:parameter/test/2/p2"
"id" = "/test/2/p2"
"name" = "/test/2/p2"
"type" = "String"
"value" = "test-2"
"version" = 1
"with_decryption" = true
}
}每个参数对象都已被检索,因此现在可以创建新的参数--可以这样做:
# example.tf
resource "aws_ssm_parameter" "new_param" {
for_each = local.names
name = "/new_path${data.aws_ssm_parameter.param[each.key].name}"
type = data.aws_ssm_parameter.param[each.key].type
value = data.aws_ssm_parameter.param[each.key].value
}https://stackoverflow.com/questions/73044446
复制相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号