terraform cli不接受AWS凭证

时间:2019-07-02 20:35:52

标签: amazon-ec2 terraform

我正在尝试使用Terraform创建ec2实例。通过terraform cli传递凭据失败,而在main.tf中对其进行硬编码可以正常工作

这是使用terraform动态创建ec2实例

terraform apply适用于以下main.tf

provider "aws" {
  region     = "us-west-2"
  access_key = "hard-coded-access-key"
  secret_key = "hard-coded-secret-key"
}
resource "aws_instance" "ec2-instance" {
  ami = "ami-id"
  instance_type = "t2.micro"
  tags {
    Name = "test-inst"
   }
}

以下内容无效:

terraform apply -var access_key="hard-coded-access-key" -var secret_key="hard-coded-secret-key"

以上两种运行命令的方式是否有区别?根据terraform文档,以上两种方法都可以使用。

2 个答案:

答案 0 :(得分:0)

每个terraform模块都可以使用输入变量,包括主模块。但是在使用输入变量之前,必须先声明它们。

在您拥有variables.tf文件的同一文件夹中创建一个main.tf文件:

variable "credentials" {
  type = object({
    access_key = string
    secret_key = string
  })

  description = "My AWS credentials"
}

然后,您可以像这样在代码中引用输入变量:

provider "aws" {
  region     = "us-west-2"
  access_key = var.credentials.access_key
  secret_key = var.credentials.secret_key
}

您可以运行:

terraform apply -var credentials.access_key="hard-coded-access-key" -var credentials.secret_key="hard-coded-secret-key"

或者您可以创建一个包含以下内容的terraform.tfvars文件:

# ------------------
# AWS Credentials
# ------------------
credentials= {
  access_key = "hard-coded-access-key"
  secret_key = "hard-coded-secret-key"
}

然后只需运行terraform apply

但是关键是必须在使用输入变量之前声明它们。

答案 1 :(得分:0)

@Felipe答案是正确的,但是我永远不建议在variables.tf中定义访问键和秘密键,您要做的就是让它闪烁并使用Private Sub btnlogin_Click(sender As Object, e As EventArgs) Handles btnlogin.Click cn = New SQLiteConnection Try With cm .Connection = cn .CommandType = CommandType.Text .CommandText = "SELECT * FROM UserLogin WHERE USERNAME = @USERNAME And PASSWORD= @PASSWORD" .Parameters.AddWithValue("@USERNAME", txtUser.Text) .Parameters.AddWithValue("@PASSWORD", txtPass.Text) Dim reader = cm.ExecuteReader() While reader.Read Home.btnstudent.Enabled = True Home.btnlis.Enabled = True Home.btnsubject.Enabled = True Home.btntrans.Enabled = True Home.btnmStudent.Enabled = True Home.btnuser.Enabled = True MessageBox.Show("You are welcome") UserValid = True End While If UserValid = False Then MessageBox.Show("sorry, Access denied", "Incorrect Password!") End If End With Catch ex As Exception MsgBox(ex.Message) End Try End Sub 或其他选项设置键,仅使用aws configure或不使用配置文件aws configure --profile terraform

创建用于Terraform部署的密钥

所以您的connection.tf或main.tf看起来像这样,

aws configur

您还可以将密钥和访问密钥告诉单独的文件,其背后的原因是,因为Variables.tf是配置语言或bitbucket的一部分,所以最好不要将这些敏感密钥放在variables.tf中

您可以在系统中的某个位置创建文件,并在提供程序部分中提供密钥的路径。

provider "aws" {
  #You can use an AWS credentials file to specify your credentials.
  #The default location is $HOME/.aws/credentials on Linux and OS X, or "%USERPROFILE%\.aws\credentials" for Windows users
  region              = "us-west-2"
# profile configured during aws configure --profile
  profile             = "terraform"
# you can also restrict account here, to allow particular account for deployment
  allowed_account_ids = ["12*****45"]
}

这是凭据文件的格式

provider "aws" {
  region              = "us-west-2"
  shared_credentials_file = "$HOME/secret/credentials"
}