amazon-web-services - Terraform - 使用地图时“此处不需要命名的参数”
问题描述
我正在创建一个简单的 terraform 模块,就像这个
resource "aws_s3_bucket" "terraform_state" {
bucket = var.bucket
lifecycle_rule = var.s3_lifecycle
versioning {
enabled = true
mfa_delete = false
}
server_side_encryption_configuration = var.s3_server_side_encryption_configuration
policy = var.s3_policy
tags = var.s3_tags
force_destroy = var.s3_force_destroy
logging = var.s3_logging
}
除存储桶名称外,所有变量都定义为映射。
当我尝试像这样调用模块时
module "backend" {
source = "../"
bucket = "terraform_state_test_${random_id.random_bucket_id.hex}"
s3_lifecycle = {
prevent_destroy = false
}
s3_force_destroy = false
s3_tags = {
TerraformManaged = "true"
env = "test"
}
s3_server_side_encryption_configuration = {
rule = {
apply_server_side_encryption_by_default = {
sse_algorithm = "AES256"
}
}
}
}
我在所有地图中都有几个错误(除了“标签”)这样
Error: Unsupported argument
on ../main.tf line 11, in resource "aws_s3_bucket" "terraform_state":
11: server_side_encryption_configuration = var.s3_server_side_encryption_configuration
An argument named "server_side_encryption_configuration" is not expected here.
Did you mean to define a block of type "server_side_encryption_configuration"?
我无法理解我做错了什么......有人可以帮助我吗?
谢谢,
解决方案
根据文档,这是不正确的。
server_side_encryption_configuration = var.s3_server_side_encryption_configuration
resource "aws_s3_bucket" "mybucket" {
bucket = "mybucket"
server_side_encryption_configuration {
rule {
apply_server_side_encryption_by_default {
kms_master_key_id = aws_kms_key.mykey.arn
sse_algorithm = "aws:kms"
}
}
}
}
这是一个简洁的例子。
# Max 1 block - server_side_encryption_configuration
dynamic "server_side_encryption_configuration" {
for_each = length(keys(var.server_side_encryption_configuration)) == 0 ? [] : [var.server_side_encryption_configuration]
content {
dynamic "rule" {
for_each = length(keys(lookup(server_side_encryption_configuration.value, "rule", {}))) == 0 ? [] : [lookup(server_side_encryption_configuration.value, "rule", {})]
content {
dynamic "apply_server_side_encryption_by_default" {
for_each = length(keys(lookup(rule.value, "apply_server_side_encryption_by_default", {}))) == 0 ? [] : [
lookup(rule.value, "apply_server_side_encryption_by_default", {})]
content {
sse_algorithm = apply_server_side_encryption_by_default.value.sse_algorithm
kms_master_key_id = lookup(apply_server_side_encryption_by_default.value, "kms_master_key_id", null)
}
}
}
}
}
}
根据您的需要,您可以自定义模块的示例。
推荐阅读
- javascript - 如何在函数中设置变量?
- url - URL 子域 ==> IIS 网站:添加或删除导致应用程序池回收的绑定
- extjs - Sencha Themer:用户界面完全卡住,然后无法打开我的主题
- python - 如何遍历只有 2 个小数点的列中的字符串,例如 100.00.0?
- javascript - JavaScript:获取嵌套对象(或 JSON)中给定键值对的路径
- python - 熊猫合并范围日期
- reactjs - 复选框返回
- javascript - 反应,对象没有渲染
- spring-boot - 为什么在 For 循环的每次迭代中都没有提交数据?
- android - Flutter - 后台通知服务