amazon-web-services - AWS SSM 作为 Terraform 中任务的 valueFrom 不起作用
问题描述
我正在 AWS 中定义一个我已经使用aws_ecs_task_definition
模块工作的任务。我正在使用terraform
模块中的环境变量设置一些环境变量,但其中一些将通过提供AWS SSM
。没有的正常创建AWS SSM
是:
environment : [
{
name : "user",
value : "name"
},
],
这就像一个魅力。
然后我尝试了:
environment : [
{
name : "user",
valueFrom : "my_env_var_name_in_ssm"
},
],
但它不起作用。当我转到任务定义的 UI 时,ENV
变量不存在,UI 的 json 定义中也不存在。
然后我尝试在 UI 中创建它们并且任务完美运行,我看到当您设置 valueFrom 时,该ENV
变量是在 json 定义的 secrets 部分下创建的。所以我试图复制它,Terraform
例如:
secrets : [
{
name : "user",
valueFrom : "my_env_var_name_in_ssm"
},
],
但它也不起作用。任务定义json为:
{
"ipcMode": null,
"executionRoleArn": "arn",
"containerDefinitions": [
{
"dnsSearchDomains": null,
"environmentFiles": null,
"logConfiguration": null,
"entryPoint": null,
"portMappings": [
{
"hostPort": 8080,
"protocol": "tcp",
"containerPort": 8080
},
{
"hostPort": 8793,
"protocol": "tcp",
"containerPort": 8793
}
],
"command": null,
"linuxParameters": null,
"cpu": 7,
"environment": [
{
"name": "name",
"value": "harcoded"
},
],
"resourceRequirements": null,
"ulimits": null,
"dnsServers": null,
"mountPoints": [],
"workingDirectory": null,
"secrets": null,
"dockerSecurityOptions": null,
"memory": null,
"memoryReservation": 128,
"volumesFrom": [],
"stopTimeout": null,
"image": "image_arn",
"startTimeout": null,
"firelensConfiguration": null,
"dependsOn": null,
"disableNetworking": null,
"interactive": null,
"healthCheck": null,
"essential": true,
"links": null,
"hostname": null,
"extraHosts": null,
"pseudoTerminal": null,
"user": null,
"readonlyRootFilesystem": null,
"dockerLabels": null,
"systemControls": null,
"privileged": null,
"name": "my-name"
}
],
"placementConstraints": [],
"memory": null,
"taskRoleArn": "arn",
"compatibilities": [
"EC2"
],
"taskDefinitionArn": "arn",
"family": "family-name",
"requiresAttributes": [
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.ecr-auth"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.21"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.task-iam-role"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "ecs.capability.execution-role-ecr-pull"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "com.amazonaws.ecs.capability.docker-remote-api.1.18"
},
{
"targetId": null,
"targetType": null,
"value": null,
"name": "ecs.capability.task-eni"
}
],
"pidMode": null,
"requiresCompatibilities": [],
"networkMode": "awsvpc",
"cpu": null,
"revision": 2,
"status": "ACTIVE",
"inferenceAccelerators": null,
"proxyConfiguration": null,
"volumes": []
}
如您所见,json 返回:"secrets": null,
当 terraformcontainer_definitions
像这样运行时:
container_definitions = jsonencode(
[
{
name = aws_ecs_cluster.cluster.name,
image = "${var.image_url}:latest",
cpu = 7,
dnsSearchDomains = null,
network_configuration = "awsvpc",
entryPoint = null,
portMappings = [
{
hostPort = 8080,
protocol = "tcp",
containerPort = 8080
},
{
hostPort = 8793,
protocol = "tcp",
containerPort = 8793
}
],
command : null,
linuxParameters : null,
environment : [
{
name : "name",
value : "harcoded"
},
],
secrets : [
{
name : "parameter-name",
valueFrom : "arn:aws:ssm:eu-west-2:111111111:parameter/my_env_var_name_in_ssm"
},
],
resourceRequirements : null,
ulimits : null,
dnsServers : null,
mountPoints : null,
workingDirectory : null,
secrets : null,
dockerSecurityOptions : null,
memoryReservation : 128,
volumesFrom : [],
stopTimeout : null,
startTimeout : null,
firelensConfiguration : null,
dependsOn : null,
disableNetworking : null,
interactive : null,
healthCheck: null
essential : true,
links : null,
hostname : null,
extraHosts : null,
pseudoTerminal : null,
user : null,
readonlyRootFilesystem : null,
dockerLabels : null,
systemControls : null,
privileged : null
}
]
)
}
terraform apply
工作正常,但secrets
不在 terraform 执行操作的输出中,因此 json 定义显示为空是正常的。然后我想真正的问题是如何在 terraform 中编写它。
如何AWS SSM
在 Terraform 中定义的 AWS ECS 任务中用作 valueFrom?如您所见,json是
解决方案
您的任务定义已secrets
定义两次。一次是值,一次是null
:
请参阅我从您发布的代码中复制的此块中的第一行和最后一行:
secrets : [
{
name : "parameter-name",
valueFrom : "arn:aws:ssm:eu-west-2:111111111:parameter/my_env_var_name_in_ssm"
},
],
resourceRequirements : null,
ulimits : null,
dnsServers : null,
mountPoints : null,
workingDirectory : null,
secrets : null,
您需要删除该行secrets : null
,因为它覆盖了之前的设置。
推荐阅读
- java - 通知操作意图未触发
- cassandra - 关于 Cassandra 关于键、分区的文档(草率,仍然令人困惑)
- html - 如何让 HTML 视频始终播放?
- javascript - 使用 react-router-dom v5 在路由更改前后做一些事情
- asp.net - 使用 VB.NET 调用 RESTful 服务
- python-3.x - 从文件中读取值并输出文件中的每个数字、最大/最小数字、总和以及数字的平均值
- python - 使用 django 基于函数在视图中发送两个或多个参数
- javascript - 如何隐藏电子邮件地址?
- google-apps-script - 当我将图像插入电子表格然后将其转换为 pdf 时,我的应用程序脚本出现问题。图像未出现在文档 pdf 中
- c# - 如何将datagrid中的选定行数返回到WPF中的文本框?