有没有一种方法可以使用CloudFormation / Terraform创建EMR安全配置
[英]Is there a way to create EMR security config with CloudFormation/Terraform
问题描述
我想存档类似于CLI命令的逻辑:aws emr create-security-configuration --name [name] --security-configuration ...并在Terraform脚本中进一步使用它。
2 个解决方案
解决方案1
0 2017-02-09 17:09:44
Update 06/07/2017 : As of Jun 6 2017 , the AWS::EMR::SecurityConfiguration resource is now available in CloudFormation, and as of May 11 2017 (v0.9.5) the emr_security_configuration resource is available in Terraform. 
更新06/07/2017 :从2017年6月6日开始 ,CloudFormation中现在提供了AWS::EMR::SecurityConfiguration资源,从2017年5月11日(v0.9.5)起,在Terraform中提供了emr_security_configuration资源。
Unfortunately, it doesn't look like it is currently possible to specify a SecurityConfiguration for the RunJobFlow API using either CloudFormation's AWS::EMR::Cluster CloudFormation Resource or Terraform's aws_emr_cluster resource, and there are no resources that correspond to the CreateSecurityConfiguration API. 不幸的是,当前似乎无法使用RunJobFlow的AWS::EMR::Cluster aws_emr_cluster资源或Terraform的aws_emr_cluster资源为RunJobFlow API指定SecurityConfiguration ,并且没有与CreateSecurityConfiguration API对应的资源。
The EMR Security Configuration feature was added on Sep 21 2016 , and there is typically a lag between new feature announcements and their corresponding support in existing CloudFormation resources. EMR安全配置功能已于2016年9月21日添加,通常在新功能公告与其在现有CloudFormation资源中的相应支持之间存在时滞。
Although Terraform tends to be updated more quickly as it is an open-source project with a larger development community, the aws_emr_cluster resource is still relatively new (released Oct 6 2016 ). 尽管Terraform是一个具有较大开发社区的开源项目,因此往往会更新得更快,但aws_emr_cluster资源仍然相对较新(2016年10月6日发布)。 I've opened a GitHub issue tracking a feature request for this implementation. 我已经打开了一个GitHub问题,跟踪此实现的功能请求。
As a workaround for now, you could create a Custom Resource that calls the CreateSecurityConfiguration and RunJobFlow APIs directly. 作为目前的解决方法,您可以创建一个直接调用CreateSecurityConfiguration和RunJobFlow API的自定义资源 。
解决方案2
-1 2016-12-29 20:56:12
You can follow the basic examples here https://www.terraform.io/docs/providers/aws/r/security_group.html and here https://www.terraform.io/docs/providers/aws/r/emr_cluster.html . 您可以在https://www.terraform.io/docs/providers/aws/r/security_group.html和https://www.terraform.io/docs/providers/aws/r/emr_cluster中遵循基本示例。 html 。
It would be similar to: 它类似于:
resource "aws_security_group" "sg" {
name = "allow_all"
description = "Allow all inbound traffic"
ingress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
prefix_list_ids = ["pl-12c4e678"]
}
}
resource "aws_emr_cluster" "emr-test-cluster" {
name = "emr-test-arn"
release_label = "emr-4.6.0"
applications = ["Spark"]
termination_protection = false
keep_job_flow_alive_when_no_steps = true
ec2_attributes {
subnet_id = "${aws_subnet.main.id}"
emr_managed_master_security_group = "${aws_security_group.sg.id}"
emr_managed_slave_security_group = "${aws_security_group.sg.id}"
instance_profile = "${aws_iam_instance_profile.emr_profile.arn}"
}
...
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.