terraform eks ec2自定义ami

Question

我们的运营团队将强化的ami推送到aws账户，我想使用此ami而不是aws提供的ami

我想引用这个repo https://github.com/naumannt/tf-article/tree/master/Article%205和这个文件https://github.com/naumannt/tf-article/blob/master/Article%205/modules/eks/worker-nodes.tf，从aws提供的ami切换到自定义ami。

########################################################################################
# Setup AutoScaling Group for worker nodes

# Setup data source to get amazon-provided AMI for EKS nodes
data "aws_ami" "eks-worker" {
  filter {
    name   = "name"
    values = ["amazon-eks-node-v*"]
  }

  most_recent = true
  owners      = ["602401143452"] # Amazon EKS AMI Account ID
-----? change this with my custom ami ---
}

# Is provided in demo code, no idea what it's used for though! TODO: DELETE
# data "aws_region" "current" {}

# EKS currently documents this required userdata for EKS worker nodes to
# properly configure Kubernetes applications on the EC2 instance.
# We utilize a Terraform local here to simplify Base64 encode this
# information and write it into the AutoScaling Launch Configuration.
# More information: https://docs.aws.amazon.com/eks/latest/userguide/launch-workers.html
locals {
  tf-eks-node-userdata = <<USERDATA
#!/bin/bash
set -o xtrace
/etc/eks/bootstrap.sh --apiserver-endpoint '${aws_eks_cluster.tf_eks.endpoint}' --b64-cluster-ca '${aws_eks_cluster.tf_eks.certificate_authority.0.data}' 'example'
USERDATA
}

resource "aws_launch_configuration" "tf_eks" {
  associate_public_ip_address = true
  iam_instance_profile        = "${aws_iam_instance_profile.node.name}"
  image_id                    = "${data.aws_ami.eks-worker.id}"
  instance_type               = "m4.large"
  name_prefix                 = "terraform-eks"
  security_groups             = ["${aws_security_group.tf-eks-node.id}"]
  user_data_base64            = "${base64encode(local.tf-eks-node-userdata)}"
  key_name                    = "${var.keypair-name}"

  lifecycle {
    create_before_destroy = true
  }
}

resource "aws_lb_target_group" "tf_eks" {
  name = "terraform-eks-nodes"
  port = 31742
  protocol = "HTTP"
  vpc_id = "${var.vpc_id}"
  target_type = "instance"
}

resource "aws_autoscaling_group" "tf_eks" {
  desired_capacity     = "2"
  launch_configuration = "${aws_launch_configuration.tf_eks.id}"
  max_size             = "3"
  min_size             = 1
  name                 = "terraform-tf-eks"
  vpc_zone_identifier  = ["${var.app_subnet_ids}"]
  target_group_arns    = ["${aws_lb_target_group.tf_eks.arn}"]

  tag {
    key                 = "Name"
    value               = "terraform-tf-eks"
    propagate_at_launch = true
  }

  tag {
    key                 = "kubernetes.io/cluster/example"
    value               = "owned"
    propagate_at_launch = true
  }
}

在谷歌上搜索之后，这就是我发现的？data.tf

locals {
  worker_ami_name_filter = var.worker_ami_name_filter != "" ? var.worker_ami_name_filter : "amazon-eks-node-${var.cluster_version}-v*"
}

data "aws_region" "current" {
}

 @@ -19,13 +23,12 @@ data "aws_iam_policy_document" "workers_assume_role_policy" {
data "aws_ami" "eks_worker" {
  filter {
    name   = "name"
    values = ["${var.worker_ami_name_filter_prefix}-${var.cluster_version}-${var.worker_ami_name_filter}"]
    values = [local.worker_ami_name_filter]
  }

  most_recent = true

  # Owner ID of AWS EKS team
  owners = ["602401143452"]
  owners = [var.worker_ami_owner_id]
}

data "aws_iam_policy_document" "cluster_assume_role_policy" {

variable.tf

variable "worker_ami_name_filter" {

  type        = string
  default     = "v*"
  default     = ""
}

variable "worker_ami_name_filter_prefix" {
  description = "Name prefix filter for AWS EKS worker AMI. Default behaviour will get regular EKS-Optimized AMI but could be set to a EKS-Optimized AMI with GPU Support, e.g. \"amazon-eks-gpu-node\", or custom AMI"
variable "worker_ami_owner_id" {
  description = "The ID of the owner for the AMI to use for the AWS EKS workers. Valid values are an AWS account ID, 'self' (the current account), or an AWS owner alias (e.g. 'amazon', 'aws-marketplace', 'microsoft')."
  type        = string
  default     = "amazon-eks-node"
  default     = "602401143452" // The ID of the owner of the official AWS EKS AMIs.
}

variable "worker_additional_security_group_ids" {

我如何找出worker_ami_owner_id的价值我们的运营团队将强化的ami推送到aws帐户，我想使用此ami而不是亚马逊提供的ami

Answer 1

您不需要知道确切的所有者用户ID。如果要运行的帐户terraform plan/apply具有访问所需AMI的权限，那么您只需提供所有者值"self“而不是规范的值，它就会起作用。例如：

data "aws_ami" "test" {
  filter {
    name = "name"
    values = ["some_test"]
  }

  owners = ["self"]
}

output "aws_ami_id" {
  value = "${data.aws_ami.test.id}"
}