amazon-web-services - Terraform Workspace - AWS 提供 - 如何为每个工作区维护不同的 IAM 实例角色/策略？

问题描述

我正在尝试使用 Terraform 工作区在 AWS 中构建多个环境。

每个环境都有自己的 IAM 实例角色，需要附加不同的策略。

如何使用 Workspace 在 Terraform 中强制执行此操作。

Terraform 文件夹结构：

ami.tf
backend.tf
iam_role_policy.tf
lauch_config.tf
local.tf
main.tf
output.tf
provider.tf
user_data.sh
variables.tf

地形代码：

resource "aws_launch_configuration" "launch_config" {
name_prefix                 = "${var.application_name}-${var.application_type}-${local.environment}-launch-config-"
image_id                    = "${data.aws_ami.puppet_ami.id}"
instance_type               = "${local.instance_type}"
security_groups             = "${var.security_group}"
key_name                    = "${local.key}"
user_data                   = "${data.template_file.user_data.rendered}"
iam_instance_profile        = "${aws_iam_instance_profile.iam_instance_role.name}"
associate_public_ip_address = false
}

我尝试使用environment不起作用的文件夹结构

iam_instance_profile        = "${local.environment}/${aws_iam_instance_profile.iam_instance_role.name}"

下面是错误

terraform plan
Acquiring state lock. This may take a few moments...

Error: Reference to undeclared resource

  on lauch_config.tf line 23, in resource "aws_launch_configuration" "launch_config":
  23:     iam_instance_profile        = "${local.environment}/${aws_iam_instance_profile.iam_instance_role.name}"

A managed resource "aws_iam_instance_profile" "iam_instance_role" has not been
declared in the root module.


Error: Reference to undeclared resource

关于如何缓解这个问题的任何想法？

标签： amazon-web-servicesterraformamazon-iamterraform-provider-aws