Terraform

Question

我们将最新批准的 AMI 存储在 AWS 参数存储中。使用 Terraform 创建新实例时，我想以编程方式获取此 AMI ID。我有一个提取 AMI ID 的命令，但我不确定如何将它与 Terraform 一起使用。

这是我用来提取 AMI ID 的命令：

$(aws ssm get-parameter --name /path/to/ami --query 'Parameter.Value' --output text)

这是我的 Terraform 脚本：

resource "aws_instance" "nginx" {
  ami           = "ami-c58c1dd3" # pull value from parameter store
  instance_type = "t2.micro"
  #key_name        = "${var.key_name}"

  provisioner "remote-exec" {
    inline = [
      "sudo yum install nginx -y",
      "sudo service nginx start"
    ]
  }
}

如何使用命令在 Terraform 脚本中拉取 AMI ID？

Answer 1

您可以使用 aws_ssm_parameter data source 在运行时获取参数值：

data "aws_ssm_parameter" "ami" {
  name = "/path/to/ami"
}

resource "aws_instance" "nginx" {
  ami           = data.aws_ssm_parameter.ami.value # pull value from parameter store
  instance_type = "t2.micro"

  provisioner "remote-exec" {
    inline = [
      "sudo yum install nginx -y",
      "sudo service nginx start"
    ]
  }
}

但是，更好的方法可能是使用正在寻找最新 Ubuntu 20.04 AMI 的 aws_ami data source to filter for the AMI you want more directly instead of pushing the AMI ID to SSM parameter store and then looking it up later. You can filter on a number of criteria including name, account owner and tags. Here's the example from the aws_instance resource documentation：

data "aws_ami" "ubuntu" {
  most_recent = true

  filter {
    name   = "name"
    values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
  }

  filter {
    name   = "virtualization-type"
    values = ["hvm"]
  }

  owners = ["099720109477"] # Canonical
}

resource "aws_instance" "web" {
  ami           = data.aws_ami.ubuntu.id
  instance_type = "t2.micro"

  tags = {
    Name = "HelloWorld"
  }
}

Terraform - 从参数存储中获取值并传递给资源

Terraform - Get a value from parameter store and pass to resource

amazon-web-services

terraform-provider-aws