Terraform:模块的depends_on 在AWS 中无法按预期工作
[英]Terraform: depends_on for module not working as expected in AWS
问题描述
I am new to terraform.
我是 terraform 的新手。 I was working with terraform v0.12 previously and since I wanted to bring in a dependency between modules, I started using terraform v0.13 recently.我之前使用 terraform v0.12,因为我想在模块之间引入依赖关系,所以我最近开始使用 terraform v0.13。 I am trying to create an IAM role and attach a few policies to the created role.我正在尝试创建一个 IAM 角色并将一些策略附加到创建的角色。 But the issue arises in policy attachment to the role.但问题出现在对角色的政策依附中。 Few policies are getting attached to the role but some policies throw an error saying no such role exists while the other policies are attached to the role properly.很少有策略附加到角色,但有些策略会抛出错误,指出不存在此类角色,而其他策略则正确附加到角色。 Is there anything wrong in my implementation?我的实现有什么问题吗?
module.tf模块.tf
provider "aws" {
region = "ap-southeast-1"
}
#Control Plane role and policies
module "ControlPlane_Role" {
source = "../../templates/IAM/roles"
role_name = var.EKS-master-role
}
module "ControlPlane_Policy1" {
source = "../../templates/IAM/aws_policy"
role_name = var.EKS-master-role
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
depends_on = [module.ControlPlane_Role.role_create]
}
module "ControlPlane_Policy2" {
source = "../../templates/IAM/aws_policy"
role_name = var.EKS-master-role
policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
depends_on = [module.ControlPlane_Role.role_create]
}
templates/IAM/roles/role.tf模板/IAM/roles/role.tf
resource "aws_iam_role" "role_create" {
assume_role_policy = data.aws_iam_policy_document.trusted_entity.json
name = var.role_name
}
aws_policy.tf aws_policy.tf
resource "aws_iam_role_policy_attachment" "aws_policy" {
role = var.role_name
policy_arn = var.policy_arn
}
I'll be passing the variable files separately and there are no issues with that.我将分别传递变量文件,这没有问题。
Error:错误:
Error: Error attaching policy arn:aws:iam::aws:policy/AmazonEKSClusterPolicy to IAM Role EKS-master: NoSuchEntity: The role with name EKS-master cannot be found.
Error attaching policy arn:aws:iam::aws:policy/AmazonEKSServicePolicy to IAM Role EKS-master: NoSuchEntity: The role with name EKS-master cannot be found.
If I re-run the command terraform apply again on the same resources without any change, the policies are getting attached.如果我在相同的资源上再次运行命令 terraform apply 而不做任何更改,则策略将被附加。
1 个解决方案
解决方案1
3 已采纳 2020-09-07 11:49:44
You shouldn't use depends_on except for some exceptional cases.除了某些特殊情况外,您不应该使用depends_on 。 From the templates/IAM/roles , define an output that is the name of the role and in the other modules pass this output ( role_name = module.ControlPlane_Role.output_role_name ).从templates/IAM/roles ,定义一个作为角色名称的输出,并在其他模块中传递此输出 ( role_name = module.ControlPlane_Role.output_role_name )。 With this setup, the dependency graph is clear (create the role, create the things that depend on the role) instead of having to manually define dependencies with depends_on .通过这种设置,依赖关系图很清晰(创建角色,创建依赖于角色的东西),而不必手动定义依赖关系depends_on 。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.