如何使用 Terraform Module 进行跨账户工作
How to use Terraform Module for cross-account work
我在 dev_account 创建了一个 codepipeline,它在 dev_account、test_account 和 prod_account 触发了两个 codedeploy,三个账户的 codedeploy 看起来是一样的,除了它们是在不同的帐户中。
下面是我的地形文件的组织。我使用 terraform 模块重用代码,但我仍然认为我的代码有很多重复代码,如何优化它们?
common_infr/
codepipeline.tf # dev_account has codepipeline, codedeploy
codedeploy.tf
test_account/
codedeploy.tf # test_account has a codedeploy
prod_account/
codedeploy.tf # prod_account has a codedeploy
pipeline1/
main.tf #run terraform apply here using dev account
test_account/
main.tf #run terraform apply here using test account
prod_account/
main.tf #run terraform apply here using prod account
这是 pipeline1/main.tf:
module "pipeline1" {
source = "../common_infra"
variable1 = "..."
...
}
这是 pipeline1/test_account/main.tf:
module "pipeline1" {
source = "../../common_infra/test_account"
variable1 = "..."
...
}
这是 pipeline1/prod_account/main.tf:
module "pipeline1" {
source = "../../common_infra/prod_account"
variable1 = "..."
...
}
三个帐户的 codedeploy.tf 看起来一样。如何优化这个?
不是为每个帐户的 codedeploy.tf 创建 3 个模块,而是创建一个 codedeploy 模块。在每个帐户的 main.tf 中,获取 codedeploy 模块和 pass in the account's provider。 test_account 可能是这样的。
provider "aws" {
alias = "test_account"
profile = "your_profile_name_for_test_account"
}
module "pipeline1" {
providers = {
aws = "aws.test_account"
}
source = "../../common_infra/codedeploy"
variable1 = "..."
...
}
编辑以详细说明目录布局。最终,您要从 common_infr 中删除 codepipeline 并将其放入自己的模块中。
modules/
codepipeline/
codepipeline.tf
common_infr/
codedeploy.tf
accounts/
test_account/
main.tf
prod_account/
main.tf
test_account/main.tf:
provider "aws" {
alias = "test_account"
profile = "your_profile_name_for_test_account"
}
module "pipeline1" {
providers = {
aws = "aws.test_account"
}
source = "../modules/codepipeline"
variable1 = "..."
...
}
module "common_infr" {
providers = {
aws = "aws.test_account"
}
source = "../modules/common_infr"
variable1 = "..."
...
}
prod_account/main.tf:
provider "aws" {
alias = "prod_account"
profile = "your_profile_name_for_prod_account"
}
module "common_infr" {
providers = {
aws = "aws.prod_account"
}
source = "../modules/common_infr"
variable1 = "..."
...
}
我在 dev_account 创建了一个 codepipeline,它在 dev_account、test_account 和 prod_account 触发了两个 codedeploy,三个账户的 codedeploy 看起来是一样的,除了它们是在不同的帐户中。
下面是我的地形文件的组织。我使用 terraform 模块重用代码,但我仍然认为我的代码有很多重复代码,如何优化它们?
common_infr/
codepipeline.tf # dev_account has codepipeline, codedeploy
codedeploy.tf
test_account/
codedeploy.tf # test_account has a codedeploy
prod_account/
codedeploy.tf # prod_account has a codedeploy
pipeline1/
main.tf #run terraform apply here using dev account
test_account/
main.tf #run terraform apply here using test account
prod_account/
main.tf #run terraform apply here using prod account
这是 pipeline1/main.tf:
module "pipeline1" {
source = "../common_infra"
variable1 = "..."
...
}
这是 pipeline1/test_account/main.tf:
module "pipeline1" {
source = "../../common_infra/test_account"
variable1 = "..."
...
}
这是 pipeline1/prod_account/main.tf:
module "pipeline1" {
source = "../../common_infra/prod_account"
variable1 = "..."
...
}
三个帐户的 codedeploy.tf 看起来一样。如何优化这个?
不是为每个帐户的 codedeploy.tf 创建 3 个模块,而是创建一个 codedeploy 模块。在每个帐户的 main.tf 中,获取 codedeploy 模块和 pass in the account's provider。 test_account 可能是这样的。
provider "aws" {
alias = "test_account"
profile = "your_profile_name_for_test_account"
}
module "pipeline1" {
providers = {
aws = "aws.test_account"
}
source = "../../common_infra/codedeploy"
variable1 = "..."
...
}
编辑以详细说明目录布局。最终,您要从 common_infr 中删除 codepipeline 并将其放入自己的模块中。
modules/
codepipeline/
codepipeline.tf
common_infr/
codedeploy.tf
accounts/
test_account/
main.tf
prod_account/
main.tf
test_account/main.tf:
provider "aws" {
alias = "test_account"
profile = "your_profile_name_for_test_account"
}
module "pipeline1" {
providers = {
aws = "aws.test_account"
}
source = "../modules/codepipeline"
variable1 = "..."
...
}
module "common_infr" {
providers = {
aws = "aws.test_account"
}
source = "../modules/common_infr"
variable1 = "..."
...
}
prod_account/main.tf:
provider "aws" {
alias = "prod_account"
profile = "your_profile_name_for_prod_account"
}
module "common_infr" {
providers = {
aws = "aws.prod_account"
}
source = "../modules/common_infr"
variable1 = "..."
...
}