stackoom
  简体   繁体   中英

Terraform: How to use key value output

 原文  2021-02-01 10:27:57       amazon-web-services/ terraform/ amazon-kms

Question

I've researched a possible solution for my problem, but it seems mine is more specific.

So, I've a resource aws_kms_key which is created by for_each expression:

for_each = { for keys in var.parameters : keys.name => keys if local.secrets.init.self == true }

Nothing specific, everything is working fine, however I don't know how to use an output arn of created key. Here is my output:

output "key" {
   description = "The 'Amazon Resource Name (ARN)' of 'KMS' key(s)"
   value       = zipmap( 
     values(aws_kms_alias.global)[*].name, values(aws_kms_key.global)[*].arn
   )
}

I've used before for expression but in that case, I have to use index to allocate the arn of kms key, which is obviously not good even not acceptable practice. Here is my old output way:

output "key" {
   description = "The 'Amazon Resource Name (ARN)' of 'KMS' key(s)"
   value       = [ for key, value in aws_kms_key.global : value.arn ]
}

Usage

flowlog_encryption  = [{
  keys            = element(module.secrets.*.key, 0)[0]
  retention       = 14
}]

The problem with "old" way is, when resource is created I can access only with index, and when something is changing, the orders of index is changing too, so when I'm creating a key for dynamodb and flowlogs the dynamodb took key of flowlogs and flowlogs tooks key of dynamodb , completely random behaviour.

1 answers

solution1
 1 ACCPTED  2021-02-01 10:39:01

Your new output key , the one where zipmap is used, is going to produce a map with keys of alias name, and the corresponding values of keys arn. This will be something as follows:

output "key" {
   description = "The 'Amazon Resource Name (ARN)' of 'KMS' key(s)"
   value       = {
        alias_name1 = key_arn1
        alias_name2 = key_arn2
        alias_name3 = key_arn3
   }
}

Assuming that module.secrets.key is your output key above, you would use it as follows:

flowlog_encryption  = [{
  keys            = module.secrets.key["alias_name1"]
  retention       = 14
}]

or with lookup :

flowlog_encryption  = [{
  keys            = lookup(module.secrets.key, "alias_name1", "default_key_arn")
  retention       = 14
}]

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Use output value in terraform object How we can "aws_alb_target_group.tenant[each.key].arn" declare in terraform output value? How to reference Terraform module output value as a input value to another module How i get any value from the tuple in output of module in Terraform? How to use aws provided kms Encryption Key for SQS in Terraform Take Output From First Terraform and Use in Second Terraform Terraform - Get a value from map output In terraform, how do I output an aws_route53_record alias value? How to use kms key from one module inside other sqs module in terraform? How to access key value pairs stored in aws parameter store using terraform script
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM