在Terraform中构建输出地图

时间:2019-03-05 13:15:53

标签: terraform terraform-provider-aws

我有一个要创建的用户列表,一个sns主题列表以及创建策略以向用户授予有关主题的权限。这些都针对用户命名空间...

给出:

main.tf

server {
listen 80;
servername myapp.com www.myapp.com;
servertokens off;
return 301 https://$servername$requesturi;
}

server {
listen 443 ssl; # managed by Certbot
server_name myapp.com www.myapp.com;

ssl_certificate /etc/letsencrypt/live/myapp.com/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/myapp.com/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot  

root /home/me/myapp/src/myapp;

location = /favicon.ico { access_log off; log_not_found off; }

location /static/ {
    root /home/me/myapp/src/myapp;
}

location /media/  {
    root /home/me/myapp/src/myapp;
}

location / {
    try_files $uri/ @python_django;
}

location @python_django {
    proxy_pass http://127.0.0.1:8001;
    proxy_pass_request_headers on;
    proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
    proxy_set_header Host $http_host;
    proxy_set_header X-Forwarded-Proto $scheme;
    proxy_redirect off;
}
}

./ queues / topics.tf


provider "aws" {
  region                  = "eu-west-1"
  profile                 = "terraform"
}

module "topics" {
  source = "./queues/topics"
}

module "users" {
  source = "./users"
}

module "policies" {
  source = "./policies"

  sns_topics = "${module.topics.sns_topics}"
}

./ queues / topics / vars.tf

resource "aws_sns_topic" "svc_topic" {
  count = "${length(var.sns_topics)}"
  name = "${element(var.sns_topics, count.index)}"
}

./ queues / topics / output.tf

# List of topics
variable "sns_topics" {
  type = "list"

  default = [
    "a-topic",
    "b-topic",
    "c-topic",
  ]
}

./ users / main.tf

output "sns_topics" {
  value = "${var.sns_topics}"
}

./ users / vars.tf

resource "aws_iam_user" "usrs" {
  count = "${length(var.topic_user)}"
  name = "usr-msvc-${element(var.topic_user, count.index)}"
}

./ users / output.tf

variable "topic_user" {
  type = "list"

  default =[
    "user-a",
    "user-b",
    "user-c",
  ]
}

./ policies / main.tf

output "topic_user" {
  value = "${var.topic_user}"
}

这是我要在输出中构建地图的位置 将用户映射到主题

resource "aws_iam_policy" "sns_publisher" {
  count = "${length(var.sns_topics)}"

  name = "sns-${element(var.sns_topics, count.index)}-publisher"
  policy = <<POLICY
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": "sns:Publish",
      "Resource": "arn:aws:sns:*:*:${element(var.sns_topics, count.index)}"
    }
  ]
}
POLICY
}

我可以将用户列表传递给策略模块,但是我不知道如何在输出中生成此映射。

我想用它来将策略附加到相应的用户。

如果简化任务,也可以改进结构。

3 个答案:

答案 0 :(得分:1)

您可以使用Terraform函数zipmap来执行此操作。由于您的密钥是从users模块作为列表module.users.topic_user输出的,而您的值是从topics模块作为列表module.topics.sns_topicsmodule output doc)输出的,可以使它们成为输出中函数的参数:

output "user_topic_map" {
  value = "${zipmap(module.users.topic_user, module.topics.sns_topics)}"
}

请记住,zipmap的两个参数列表的长度必须相等,因此可能在资源/变量/输出块中的某个地方也保护代码。

答案 1 :(得分:0)

您可以这样做:

output "iam_user" {
  value = map(
    "key", aws_iam_access_key.user.id,
    "secret", aws_iam_access_key.user.secret
  )
}

答案 2 :(得分:0)

您也可以使用这种方法。

output "outputs" {
  value       = {
    vpc_id        = aws_vpc.vpc.id
    pub_sbnt_ids  = aws_subnet.public.*.id
    priv_sbnt_ids = aws_subnet.private.*.id
  }
  description = "VPC id, List of all public, private and db subnet IDs"
}