如何让 Terragrunt 自动设置 "AWS_PROFILE" 环境变量?
How To Have Terragrunt Auto Set "AWS_PROFILE" environment variable?
我这辈子都做不到。我需要设置 AWS_PROFILE 环境变量才能将 terrag运行t 正确设置为 运行。如果我 运行:
export AWS_PROFILE=myprofile; terragrunt plan
那行得通,但这不是我想要的 运行:
terragrunt plan
并让它自动选择我应该使用的正确 aws 配置文件。这是我拥有的:
generate "provider" {
path = "provider.tf"
if_exists = "overwrite_terragrunt"
contents = <<EOF
provider "aws" {
region = "${local.region}"
profile = "${trimspace(run_cmd("bash", "${get_parent_terragrunt_dir()}/../../set_profile.sh",local.profile))}"
}
EOF
}
remote_state {
backend = "s3"
generate = {
path = "backend.tf"
if_exists = "overwrite"
}
config = {
...
...
region = local.region
profile = local.profile
...
...
}
}
它总是向我抛出错误:
Error finding AWS credentials (did you set the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables?): NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors
set_profile.sh 脚本如下:
#!/bin/bash
VALUE=$(echo | sed $'s/\r//')
export AWS_PROFILE=$VALUE
echo "$AWS_PROFILE"
如果我回显我的 AWS_PROFILE 它仍然是空白的。所以这就像 运行 命令实际上并没有将导出值保存到我的控制台。
我做错了什么?有没有人真正成功地使用 terrag运行t 动态设置他们的 AWS_PROFILE?
这就是我的解决方案。
我有以下结构:
<project>
|-- <region1>
|-- <region2>
|-- account.hcl
terragrunt.hcl
在account.hcl
locals {
aws_profile_name = "myprofile"
}
主要terragrunt.hcl
locals {
# Automatically load account-level variables
account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
aws_profile = local.account_vars.locals.aws_profile_name
}
terraform {
extra_arguments "aws_profile" {
commands = [
"init",
"apply",
"refresh",
"import",
"plan",
"taint",
"untaint"
]
env_vars = {
AWS_PROFILE = "${local.aws_profile}"
}
}
}
remote_state {
...
config = {
...
profile = "${local.aws_profile}"
}
}
generate "provider" {
...
contents
contents = <<EOF
provider "aws" {
profile = "${local.aws_profile}"
}
EOF
}
...
这个 post 帮助我解决了我的问题:
我忘记了我的配置有 2 个要设置的 AWS 连接
- 后端
- 提供商
因此 AWS 配置文件必须设置两次:
- 在
remote_state
remote_state {
backend = "s3"
config = {
...
profile = local.profile
...
}
}
- 在
provider.tf
generate "provider" {
path = "provider.tf"
if_exists = "skip"
contents = <<EOF
provider "aws" {
...
profile = "${local.profile}"
...
}
EOF
}
希望这能拯救我今天浪费的所有时间!
我这辈子都做不到。我需要设置 AWS_PROFILE 环境变量才能将 terrag运行t 正确设置为 运行。如果我 运行:
export AWS_PROFILE=myprofile; terragrunt plan
那行得通,但这不是我想要的 运行:
terragrunt plan
并让它自动选择我应该使用的正确 aws 配置文件。这是我拥有的:
generate "provider" {
path = "provider.tf"
if_exists = "overwrite_terragrunt"
contents = <<EOF
provider "aws" {
region = "${local.region}"
profile = "${trimspace(run_cmd("bash", "${get_parent_terragrunt_dir()}/../../set_profile.sh",local.profile))}"
}
EOF
}
remote_state {
backend = "s3"
generate = {
path = "backend.tf"
if_exists = "overwrite"
}
config = {
...
...
region = local.region
profile = local.profile
...
...
}
}
它总是向我抛出错误:
Error finding AWS credentials (did you set the AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables?): NoCredentialProviders: no valid providers in chain. Deprecated.
For verbose messaging see aws.Config.CredentialsChainVerboseErrors
set_profile.sh 脚本如下:
#!/bin/bash
VALUE=$(echo | sed $'s/\r//')
export AWS_PROFILE=$VALUE
echo "$AWS_PROFILE"
如果我回显我的 AWS_PROFILE 它仍然是空白的。所以这就像 运行 命令实际上并没有将导出值保存到我的控制台。
我做错了什么?有没有人真正成功地使用 terrag运行t 动态设置他们的 AWS_PROFILE?
这就是我的解决方案。 我有以下结构:
<project>
|-- <region1>
|-- <region2>
|-- account.hcl
terragrunt.hcl
在account.hcl
locals {
aws_profile_name = "myprofile"
}
主要terragrunt.hcl
locals {
# Automatically load account-level variables
account_vars = read_terragrunt_config(find_in_parent_folders("account.hcl"))
aws_profile = local.account_vars.locals.aws_profile_name
}
terraform {
extra_arguments "aws_profile" {
commands = [
"init",
"apply",
"refresh",
"import",
"plan",
"taint",
"untaint"
]
env_vars = {
AWS_PROFILE = "${local.aws_profile}"
}
}
}
remote_state {
...
config = {
...
profile = "${local.aws_profile}"
}
}
generate "provider" {
...
contents
contents = <<EOF
provider "aws" {
profile = "${local.aws_profile}"
}
EOF
}
...
这个 post 帮助我解决了我的问题:
我忘记了我的配置有 2 个要设置的 AWS 连接
- 后端
- 提供商
因此 AWS 配置文件必须设置两次:
- 在
remote_stateremote_state { backend = "s3" config = { ... profile = local.profile ... } } - 在
provider.tfgenerate "provider" { path = "provider.tf" if_exists = "skip" contents = <<EOF provider "aws" { ... profile = "${local.profile}" ... } EOF }
希望这能拯救我今天浪费的所有时间!