堆栈内存溢出
  简体   繁体   English

AWS VPC 端点服务:如何 append 委托人

[英]AWS VPC Endpoint Service: How to append Principals

 原文  2020-12-24 14:29:07       amazon-web-services/ terraform/ amazon-vpc

问题描述

I am trying to create an AWS VPC Endpoint Service (PrivateLink) where I can add Principals to those that already exist.我正在尝试创建一个 AWS VPC 端点服务 (PrivateLink),我可以在其中将委托人添加到那些已经存在的服务中。 Here is my current code这是我当前的代码

resource "aws_vpc_endpoint_service" "privatelink" {
  provider                   = aws.customer
  acceptance_required        = true
  network_load_balancer_arns = ["${aws_lb.nlb.arn}"]
}

resource "aws_vpc_endpoint_service_allowed_principal" "addition" {
  provider                = aws.customer
  vpc_endpoint_service_id = aws_vpc_endpoint_service.privatelink.id
  principal_arn           = var.consumer_principal_arn
}

That works great for the one Principal specified in the variable but overwrites the existing Principal when I run it again with a different Principal.这对于变量中指定的一个 Principal 非常有效,但是当我使用不同的 Principal 再次运行它时会覆盖现有的 Principal。 What I want is to append zero or more Principals to the list of existing Principals, each time I do a terraform apply .我想要的是将append零个或多个 Principals 添加到现有 Principals 列表中,每次我执行 terraform apply For example, the first time I run it, I specify Principal X. I run it again, specifying Principal Y. Now the list of allowed Principals is X and Y.例如,我第一次运行它时,我指定了 Principal X。我再次运行它时,指定了 Principal Y。现在允许的 Principals 列表是 X 和 Y。

2 个解决方案

解决方案1
 2  2020-12-24 17:01:11

You would need to create multiple aws_vpc_endpoint_service_allowed_principal resources with each additional ARN.您需要为每个额外的 ARN 创建多个aws_vpc_endpoint_service_allowed_principal资源。 This way you can revoke principal(s) in the future without destroying other existing associations.这样你就可以在未来撤销委托人而不破坏其他现有的关联。 Of course you can use for each loop and create aws_vpc_endpoint_service_allowed_principal resources with count and a list of principal ARNs.当然,您可以为每个循环使用并创建aws_vpc_endpoint_service_allowed_principal资源,其中包含计数和主体 ARN 列表。 However, if you remove a principal from the list, associations for all the principals after the removed principal from the list will be recreated and the associations needs to be accepted again.但是,如果您从列表中删除一个委托人,则将重新创建从列表中删除的委托人之后的所有委托人的关联,并且需要再次接受这些关联。

解决方案2
 1  2020-12-24 14:39:25

You can't edit the existing resource definition to add another principal.您无法编辑现有资源定义来添加另一个主体。 Terraform sees that as an update to the resource named "addition" and performs an update instead. Terraform 将其视为对名为“addition”的资源的更新,并改为执行更新。 Instead you need to add another aws_vpc_endpoint_service_allowed_principal resource.相反,您需要添加另一个aws_vpc_endpoint_service_allowed_principal资源。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 aws_vpc_endpoint_service_allowed_principal 的数据源 - Data source for aws_vpc_endpoint_service_allowed_principal aws vpc s3 端点 cli 语法 - aws vpc s3 endpoint cli syntax AWS 专用链接与 VPC 端点 - AWS Private Link vs VPC Endpoint 对 VPC 端点网关使用 aws 可达性分析器 - using aws reachability analyzer for VPC Endpoint Gateways 如何将“所有委托人”生成为委托人 - “AWS”:“*” - How to produce "all principals" to principal - "AWS": "*" 如何删除 AWS VPC? - How to delete AWS VPC? 如何从 aws 中的 lambda function 调用对 a.network load balancer(nlb) vpc 端点的请求 - how to invoke a request to a network load balancer(nlb) vpc endpoint from a lambda function in aws 如何配置 AWS lambda 触发器以通过 vpc 端点使用 SQS 队列 - How to configure an AWS lambda trigger to use an SQS queue using an vpc endpoint Terraform aws_storagegateway_gateway 找不到 VPC 端点 - Terraform aws_storagegateway_gateway not finding VPC Endpoint 从 S3 VPC 端点安装 AWS Cloudwatch 代理 - Install the AWS Cloudwatch Agent from a S3 VPC endpoint
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM