Terraform 上的 AWS Lambda VPC
AWS Lambda VPC on Terraform
使用 terraform 0.9.3 创建 AWS Lambda 函数时,我无法将其加入我选择的 VPC。
我的函数是这样的:
resource "aws_lambda_function" "lambda_function" {
s3_bucket = "${var.s3_bucket}"
s3_key = "${var.s3_key}"
function_name = "${var.function_name}"
role = "${var.role_arn}"
handler = "${var.handler}"
runtime = "${var.runtime}"
timeout = "30"
memory_size = 256
publish = true
vpc_config {
subnet_ids = ["${var.subnet_ids}"]
security_group_ids = ["${var.security_group_ids}"]
}
}
我为角色使用的策略是
data "aws_iam_policy_document" "lambda-policy_policy_document" {
statement {
effect = "Allow"
actions = [
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterface"
]
resources = ["*"]
}
}
资源创建得很好,如果我尝试通过 AWS 控制台添加 VPC 和子网,一切都会成功。
更新(创作计划):
module.******.aws_lambda_function.lambda_function
arn: "<computed>"
environment.#: "1"
environment.0.variables.%: "1"
environment.0.variables.environment: "******"
function_name: "******"
handler: "******"
last_modified: "<computed>"
memory_size: "256"
publish: "true"
qualified_arn: "<computed>"
role: "******"
runtime: "******"
s3_bucket: "******"
s3_key: "******"
source_code_hash: "<computed>"
timeout: "30"
version: "<computed>"
vpc_config.#: "1"
vpc_config.0.vpc_id: "<computed>"
不过,如果我再次 运行 terraform 计划,VPC 配置总是会更改。
vpc_config.#: "0" => "1" (forces new resource)
lambda 模块缺少一个映射。在修复它之后,VPC 配置的计划应该是这样的:
vpc_config.#: "1"
vpc_config.0.security_group_ids.#: "1"
vpc_config.0.security_group_ids.571116572: "******"
vpc_config.0.subnet_ids.#: "3"
vpc_config.0.subnet_ids.1396457994: "****"
vpc_config.0.subnet_ids.1722519307: "****"
vpc_config.0.subnet_ids.830820656: "****"
vpc_config.0.vpc_id: "<computed>"
我认为 subnet_ids 的值是这样的: "subnet-xxxxx,subnet-yyyyy,subnet-zzzzz" 它将它作为单个子网而不是列表。您可以这样解决这个问题:
vpc_config {
subnet_ids = ["${split(",", var.subnet_ids)}"]
security_group_ids = ["${var.security_group_ids}"]
}
使用 terraform 0.9.3 创建 AWS Lambda 函数时,我无法将其加入我选择的 VPC。
我的函数是这样的:
resource "aws_lambda_function" "lambda_function" {
s3_bucket = "${var.s3_bucket}"
s3_key = "${var.s3_key}"
function_name = "${var.function_name}"
role = "${var.role_arn}"
handler = "${var.handler}"
runtime = "${var.runtime}"
timeout = "30"
memory_size = 256
publish = true
vpc_config {
subnet_ids = ["${var.subnet_ids}"]
security_group_ids = ["${var.security_group_ids}"]
}
}
我为角色使用的策略是
data "aws_iam_policy_document" "lambda-policy_policy_document" {
statement {
effect = "Allow"
actions = [
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterface"
]
resources = ["*"]
}
}
资源创建得很好,如果我尝试通过 AWS 控制台添加 VPC 和子网,一切都会成功。
更新(创作计划):
module.******.aws_lambda_function.lambda_function
arn: "<computed>"
environment.#: "1"
environment.0.variables.%: "1"
environment.0.variables.environment: "******"
function_name: "******"
handler: "******"
last_modified: "<computed>"
memory_size: "256"
publish: "true"
qualified_arn: "<computed>"
role: "******"
runtime: "******"
s3_bucket: "******"
s3_key: "******"
source_code_hash: "<computed>"
timeout: "30"
version: "<computed>"
vpc_config.#: "1"
vpc_config.0.vpc_id: "<computed>"
不过,如果我再次 运行 terraform 计划,VPC 配置总是会更改。
vpc_config.#: "0" => "1" (forces new resource)
lambda 模块缺少一个映射。在修复它之后,VPC 配置的计划应该是这样的:
vpc_config.#: "1"
vpc_config.0.security_group_ids.#: "1"
vpc_config.0.security_group_ids.571116572: "******"
vpc_config.0.subnet_ids.#: "3"
vpc_config.0.subnet_ids.1396457994: "****"
vpc_config.0.subnet_ids.1722519307: "****"
vpc_config.0.subnet_ids.830820656: "****"
vpc_config.0.vpc_id: "<computed>"
我认为 subnet_ids 的值是这样的: "subnet-xxxxx,subnet-yyyyy,subnet-zzzzz" 它将它作为单个子网而不是列表。您可以这样解决这个问题:
vpc_config {
subnet_ids = ["${split(",", var.subnet_ids)}"]
security_group_ids = ["${var.security_group_ids}"]
}