stackoom
  简体   繁体   中英

Terraform command to list existing AWS resources as a Hello World

 原文  2019-06-10 16:30:09       amazon-web-services/ amazon-ec2/ terraform/ terraform-provider-aws

Question

I have the AWS CLI installed on my Windows computer, and running this command "works" exactly like I want it to. 

aws ec2 describe-images

I get the following output, which is exactly what I want to see, because although I have access to AWS through my corporation (eg to check code into CodeCommit), I can see in the AWS web console for EC2 that I don't have permission to list running instances: 

An error occurred (UnauthorizedOperation) when calling the DescribeImages operation: You are not authorized to perform this operation.

I've put terraform.exe onto my computer as well, and I've created a file "example.tf" that contains the following: 

provider "aws" {
  region     = "us-east-1"
}

I'd like to issue some sort of Terraform command that would yell at me, explaining that my AWS account is not allowed to list Amazon instances.

Most Hello World examples involve using terraform plan against a resource to do an "almost-write" against AWS.

Personally, however, I always feel more comfortable knowing that things are behaving as expected with something a bit more "truly read-only." That way, I really know the round-trip to AWS worked but I didn't modify any of my corporation's state.

There's a bunch of stuff on the internet about "data sources" and their "aws_ami" or "aws_instances" flavors, but I can't find anything that tells me how to actually use it with a Terraform command for a simple print() -type interaction (the way it's obvious that, say, "resources" go with the "terraform plan" and "terraform apply" commands) .

Is there something I can do with Terraform commands to "hello world" an attempt at listing all my organization's EC2 servers and, accordingly, watching AWS tell me to buzz off because I'm not authorized?

1 answers

solution1
 3 ACCPTED  2019-06-10 17:08:36

You can use the data source for AWS instances . You create a data source similar to the below: 

data "aws_instances" "test" {
  instance_tags = {
    Role = "HardWorker"
  }

  filter {
    name   = "instance.group-id"
    values = ["sg-12345678"]
  }

  instance_state_names = ["running", "stopped"]
}

This will attempt to perform a read action listing your EC2 instances designated by the filter you put in the config. This will also utilize the IAM associated with the Terraform user you are performing the terraform plan with. This will result in the error you described regarding lack of authorization, which is your stated goal. You should modify the filter to target your organization's EC2 instances.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Terraform - Will it wipe existing resources AWS Importing existing AWS Resources using Terraform Module Terraform with existing production resources AWS Sam Hello World Failed Forced tagging for terraform resources in AWS Node JS “Hello world” server on AWS Create AWS Amplify Resources with Terraform aws ec2 uWSGI “”hello world“” error Testing Python “Hello World” in AWS Lambda Error executing “Hello World” for AWS Lambda in Java
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM