我正在尝试使用Terraform工作区在AWS中构建多个环境。
每个环境都有其自己的IAM实例角色,并且需要附加不同的策略。
如何使用Workspace在Terraform中强制执行此操作。
Terraform文件夹结构:
ami.tf
backend.tf
iam_role_policy.tf
lauch_config.tf
local.tf
main.tf
output.tf
provider.tf
user_data.sh
variables.tf
Terraform代码:
resource "aws_launch_configuration" "launch_config" {
name_prefix = "${var.application_name}-${var.application_type}-${local.environment}-launch-config-"
image_id = "${data.aws_ami.puppet_ami.id}"
instance_type = "${local.instance_type}"
security_groups = "${var.security_group}"
key_name = "${local.key}"
user_data = "${data.template_file.user_data.rendered}"
iam_instance_profile = "${aws_iam_instance_profile.iam_instance_role.name}"
associate_public_ip_address = false
}
我尝试使用environment无效的文件夹结构
iam_instance_profile = "${local.environment}/${aws_iam_instance_profile.iam_instance_role.name}"
下面是错误
terraform plan
Acquiring state lock. This may take a few moments...
Error: Reference to undeclared resource
on lauch_config.tf line 23, in resource "aws_launch_configuration" "launch_config":
23: iam_instance_profile = "${local.environment}/${aws_iam_instance_profile.iam_instance_role.name}"
A managed resource "aws_iam_instance_profile" "iam_instance_role" has not been
declared in the root module.
Error: Reference to undeclared resource
关于如何缓解此问题的任何想法?