我正在尝试使用Terraform创建ec2实例。通过terraform cli传递凭据失败,而在main.tf中对其进行硬编码可以正常工作
这是使用terraform动态创建ec2实例
terraform apply适用于以下main.tf
provider "aws" {
region = "us-west-2"
access_key = "hard-coded-access-key"
secret_key = "hard-coded-secret-key"
}
resource "aws_instance" "ec2-instance" {
ami = "ami-id"
instance_type = "t2.micro"
tags {
Name = "test-inst"
}
}
以下内容无效:
terraform apply -var access_key="hard-coded-access-key" -var secret_key="hard-coded-secret-key"
以上两种运行命令的方式是否有区别?根据terraform文档,以上两种方法都可以使用。
答案 0 :(得分:0)
每个terraform
模块都可以使用输入变量,包括主模块。但是在使用输入变量之前,必须先声明它们。
在您拥有variables.tf
文件的同一文件夹中创建一个main.tf
文件:
variable "credentials" {
type = object({
access_key = string
secret_key = string
})
description = "My AWS credentials"
}
然后,您可以像这样在代码中引用输入变量:
provider "aws" {
region = "us-west-2"
access_key = var.credentials.access_key
secret_key = var.credentials.secret_key
}
您可以运行:
terraform apply -var credentials.access_key="hard-coded-access-key" -var credentials.secret_key="hard-coded-secret-key"
或者您可以创建一个包含以下内容的terraform.tfvars
文件:
# ------------------
# AWS Credentials
# ------------------
credentials= {
access_key = "hard-coded-access-key"
secret_key = "hard-coded-secret-key"
}
然后只需运行terraform apply
。
但是关键是必须在使用输入变量之前声明它们。
答案 1 :(得分:0)
@Felipe答案是正确的,但是我永远不建议在variables.tf中定义访问键和秘密键,您要做的就是让它闪烁并使用Private Sub btnlogin_Click(sender As Object, e As EventArgs) Handles btnlogin.Click
cn = New SQLiteConnection
Try
With cm
.Connection = cn
.CommandType = CommandType.Text
.CommandText = "SELECT * FROM UserLogin WHERE USERNAME = @USERNAME And PASSWORD= @PASSWORD"
.Parameters.AddWithValue("@USERNAME", txtUser.Text)
.Parameters.AddWithValue("@PASSWORD", txtPass.Text)
Dim reader = cm.ExecuteReader()
While reader.Read
Home.btnstudent.Enabled = True
Home.btnlis.Enabled = True
Home.btnsubject.Enabled = True
Home.btntrans.Enabled = True
Home.btnmStudent.Enabled = True
Home.btnuser.Enabled = True
MessageBox.Show("You are welcome")
UserValid = True
End While
If UserValid = False Then
MessageBox.Show("sorry, Access denied", "Incorrect Password!")
End If
End With
Catch ex As Exception
MsgBox(ex.Message)
End Try
End Sub
或其他选项设置键,仅使用aws configure
或不使用配置文件aws configure --profile terraform
所以您的connection.tf或main.tf看起来像这样,
aws configur
您还可以将密钥和访问密钥告诉单独的文件,其背后的原因是,因为Variables.tf是配置语言或bitbucket的一部分,所以最好不要将这些敏感密钥放在variables.tf中>
您可以在系统中的某个位置创建文件,并在提供程序部分中提供密钥的路径。
provider "aws" {
#You can use an AWS credentials file to specify your credentials.
#The default location is $HOME/.aws/credentials on Linux and OS X, or "%USERPROFILE%\.aws\credentials" for Windows users
region = "us-west-2"
# profile configured during aws configure --profile
profile = "terraform"
# you can also restrict account here, to allow particular account for deployment
allowed_account_ids = ["12*****45"]
}
这是凭据文件的格式
provider "aws" {
region = "us-west-2"
shared_credentials_file = "$HOME/secret/credentials"
}