时间戳

首页 > 解决方案 > Terraform - 使用地图时“此处不需要命名的参数”

amazon-web-services - Terraform - 使用地图时“此处不需要命名的参数”

问题描述

我正在创建一个简单的 terraform 模块,就像这个

resource "aws_s3_bucket" "terraform_state" {
  bucket = var.bucket

  lifecycle_rule = var.s3_lifecycle

  versioning {
    enabled = true
    mfa_delete = false
  }

  server_side_encryption_configuration = var.s3_server_side_encryption_configuration

  policy = var.s3_policy

  tags = var.s3_tags

  force_destroy = var.s3_force_destroy

  logging = var.s3_logging
}

除存储桶名称外,所有变量都定义为映射。

当我尝试像这样调用模块时

module "backend" {
    source = "../"

    bucket = "terraform_state_test_${random_id.random_bucket_id.hex}"

    s3_lifecycle = {
      prevent_destroy = false
    }

    s3_force_destroy = false

    s3_tags = {
        TerraformManaged = "true"
        env = "test"
    }

    s3_server_side_encryption_configuration = {
      rule = {
      apply_server_side_encryption_by_default = {
        sse_algorithm = "AES256"
      }
    }
  }
}

我在所有地图中都有几个错误(除了“标签”)这样

Error: Unsupported argument

  on ../main.tf line 11, in resource "aws_s3_bucket" "terraform_state":
  11:   server_side_encryption_configuration = var.s3_server_side_encryption_configuration

An argument named "server_side_encryption_configuration" is not expected here.
Did you mean to define a block of type "server_side_encryption_configuration"?

我无法理解我做错了什么......有人可以帮助我吗?

谢谢,

标签: amazon-web-servicesterraformterraform-provider-aws

解决方案

根据文档,这是不正确的。

server_side_encryption_configuration = var.s3_server_side_encryption_configuration

resource "aws_s3_bucket" "mybucket" {
  bucket = "mybucket"

  server_side_encryption_configuration {
    rule {
      apply_server_side_encryption_by_default {
        kms_master_key_id = aws_kms_key.mykey.arn
        sse_algorithm     = "aws:kms"
      }
    }
  }
}

启用默认服务器端加密

是一个简洁的例子。

# Max 1 block - server_side_encryption_configuration
dynamic "server_side_encryption_configuration" {
for_each = length(keys(var.server_side_encryption_configuration)) == 0 ? [] : [var.server_side_encryption_configuration]

content {

    dynamic "rule" {
    for_each = length(keys(lookup(server_side_encryption_configuration.value, "rule", {}))) == 0 ? [] : [lookup(server_side_encryption_configuration.value, "rule", {})]

    content {

        dynamic "apply_server_side_encryption_by_default" {
        for_each = length(keys(lookup(rule.value, "apply_server_side_encryption_by_default", {}))) == 0 ? [] : [
        lookup(rule.value, "apply_server_side_encryption_by_default", {})]

        content {
            sse_algorithm     = apply_server_side_encryption_by_default.value.sse_algorithm
            kms_master_key_id = lookup(apply_server_side_encryption_by_default.value, "kms_master_key_id", null)
        }
        }
    }
    }
}
}

根据您的需要,您可以自定义模块的示例。

推荐阅读