在 terraform 的嵌套模块中引用变量
Referencing variables in nested modules in terraform
我正在使用 terraform 开发用于用户池身份验证的 lambda 授权方,我需要将环境变量动态设置为 src>modules>application-services>modules>application-service>variables.tf
到 src>modules>lambda-auth>variables.tf
。我不确定如何引用它我已经在 outputs.tf 中为 application-services>modules>application-service>variables.tf
声明了它们。这是我的文件结构。
src
┣ modules
┃ ┣ application-services
┃ ┃ ┣ modules
┃ ┃ ┃ ┗ application-service
┃ ┃ ┃ ┃ ┣ api.tf
┃ ┃ ┃ ┃ ┣ outputs.tf
┃ ┃ ┃ ┃ ┣ providers.tf
┃ ┃ ┃ ┃ ┣ stage-variables.tf
┃ ┃ ┃ ┃ ┣ stages.tf
┃ ┃ ┃ ┃ ┗ variables.tf
┃ ┃ ┣ application-service.tf
┃ ┃ ┣ providers.tf
┃ ┃ ┗ variables.tf
┃ ┣ lambda-auth
┃ ┃ ┣ resource
┃ ┃ ┃ ┗ lambda-authorizer.zip
┃ ┃ ┣ src
┃ ┃ ┃ ┗ auth.go
┃ ┃ ┣ lambda.tf
┃ ┃ ┣ providers.tf
┃ ┃ ┗ variables.tf
┣ application-services.tf
┣ main.tf
┣ outputs.tf
┣ providers.tf
┣ remote.tf
┗ variables.tf
┗ lambda-main.tf
这是我的 src>模块>应用程序>服务>模块>应用程序服务>outputs.tf 文件
output "user-pool-id" {
value = var.service.app_name
}
这是我的 src>模块>应用>服务>模块>应用服务>variables.tf 文件
variable "service" {
description = "The service which we want to deploy into the gateway"
type = object({
name = string
app_name = string
route = string
attributes = map(string)
user_pool_arns = list(string)
environments = list(object({
name = string
vpcLinkId = string
domainId = string
uri = string
}))
})
}
我想获取“app_name”的值,并在src>modules>lambda-auth>lambda.tf
中使用它,我想用那个“app_name”代替“[=43=” ]",我已经处理了其他方面,例如创建 IAM 角色和策略。
resource "aws_lambda_function" "authorizer_lambda_parser" {
filename = data.archive_file.lambda_resources_zip.output_path
function_name = "lambda-authorizer"
handler = "auth.go"
runtime = "go1.x"
role = aws_iam_role.lambda_authorizer_parser_role.arn
source_code_hash = data.archive_file.lambda_resources_zip.output_base64sha256
environment {
variables = {
Dev_Region = var.dev_region
Dev_AppID = var.dev_appid
Dev_Stage = var.dev_stage
Dev_UserPoolId = var.dev_userpoolid
Dev_CognitoClients = var.dev_cognitoclient
Prod_Region = var.prod_region
Prod_AppId = var.prod_appid
Prod_Stage = var.prod_stage
Prod_UserPoolId = var.prod_userpoolid
Prod_CognitoClients = var.prod_cognitoclient
}
}
}
这是我的 src>modules>lambda-auth>variables.tf
文件
variable "dev_region" {
default = ""
type = string
description = "Region for Dev Environment"
}
variable "dev_appid" {
default = ""
type = string
description = " App ID for Dev Environment"
}
variable "dev_stage" {
default = ""
type = string
description = " Stage for Dev Environment"
}
variable "dev_userpoolid" {
default = ""
type = string
description = " User Pool ID for Dev Environment"
}
variable "dev_cognitoclient" {
default = ""
type = string
description = " Cognito Client ID for Dev Environment"
}
variable "prod_region" {
default = ""
type = string
description = "Region for Prod Environment"
}
variable "prod_appid" {
default = ""
type = string
description = " App ID for Prod Environment"
}
variable "prod_stage" {
default = ""
type = string
description = " Stage for Prod Environment"
}
variable "prod_userpoolid" {
default = ""
type = string
description = " User Pool ID for Prod Environment"
}
variable "prod_cognitoclient" {
default = ""
type = string
description = " Cognito Client ID for Prod Environment"
}
这是我的 lambda-main.tf 文件:
module "lambda-auth" {
source = "lambda-auth"
prod_userpoolid = module.application-services.user-pool-id
}
这是我的 src>application-serivces.tf
文件:
# 我们检索每个服务的必要信息,包括:user_pool_arns、vpcLinkId、domainId
当地人{
app_service_input = { 对于 app_file,在 local.app_object_list 中的应用:application.name => 展平([
对于 application.services 中的服务:[merge(service,
{
app_name = application.name
user_pool_arns = [对于 application.user_pools 中的 user_pool : module.iam-pools[user_pool].results.pool.arn]
environments = [对于 service.environments 中的环境:
{
姓名 = environment.name
vpcLinkId = module.gateway-link[environment.link].results.vpcLinkId
domainId = module.gateway-domain[app_file].results.domain[application.domains.service][environment.name]
乌里 = environment.uri
}] })]
]) }
}
module "application-services" {
source = "./modules/application-services"
providers = {
aws.gateway = aws.networking
}
for_each = local.app_service_input
application_services = each.value
}
我不确定如何从一个模块引用到另一个模块,在此先感谢。
您根本无法将值直接从一个模块引用到另一个模块。声明 module
的级别是唯一可以访问模块输出的级别。要将这些值传递到其他级别,您还必须将该值声明为 application-services
模块的输出,这将使它在 main
中可用。然后为 lambda
模块声明一个输入变量,并让 main
将值传递给 lambda
模块。
application-services/outputs.tf
output "user-pool-id" {
value = module.application-service.user-pool-id
}
main.tf
module "lambda-auth" {
source = "lambda-auth"
prod_userpoolid = module.application-services.user-pool-id
}
我正在使用 terraform 开发用于用户池身份验证的 lambda 授权方,我需要将环境变量动态设置为 src>modules>application-services>modules>application-service>variables.tf
到 src>modules>lambda-auth>variables.tf
。我不确定如何引用它我已经在 outputs.tf 中为 application-services>modules>application-service>variables.tf
声明了它们。这是我的文件结构。
src
┣ modules
┃ ┣ application-services
┃ ┃ ┣ modules
┃ ┃ ┃ ┗ application-service
┃ ┃ ┃ ┃ ┣ api.tf
┃ ┃ ┃ ┃ ┣ outputs.tf
┃ ┃ ┃ ┃ ┣ providers.tf
┃ ┃ ┃ ┃ ┣ stage-variables.tf
┃ ┃ ┃ ┃ ┣ stages.tf
┃ ┃ ┃ ┃ ┗ variables.tf
┃ ┃ ┣ application-service.tf
┃ ┃ ┣ providers.tf
┃ ┃ ┗ variables.tf
┃ ┣ lambda-auth
┃ ┃ ┣ resource
┃ ┃ ┃ ┗ lambda-authorizer.zip
┃ ┃ ┣ src
┃ ┃ ┃ ┗ auth.go
┃ ┃ ┣ lambda.tf
┃ ┃ ┣ providers.tf
┃ ┃ ┗ variables.tf
┣ application-services.tf
┣ main.tf
┣ outputs.tf
┣ providers.tf
┣ remote.tf
┗ variables.tf
┗ lambda-main.tf
这是我的 src>模块>应用程序>服务>模块>应用程序服务>outputs.tf 文件
output "user-pool-id" {
value = var.service.app_name
}
这是我的 src>模块>应用>服务>模块>应用服务>variables.tf 文件
variable "service" {
description = "The service which we want to deploy into the gateway"
type = object({
name = string
app_name = string
route = string
attributes = map(string)
user_pool_arns = list(string)
environments = list(object({
name = string
vpcLinkId = string
domainId = string
uri = string
}))
})
}
我想获取“app_name”的值,并在src>modules>lambda-auth>lambda.tf
中使用它,我想用那个“app_name”代替“[=43=” ]",我已经处理了其他方面,例如创建 IAM 角色和策略。
resource "aws_lambda_function" "authorizer_lambda_parser" {
filename = data.archive_file.lambda_resources_zip.output_path
function_name = "lambda-authorizer"
handler = "auth.go"
runtime = "go1.x"
role = aws_iam_role.lambda_authorizer_parser_role.arn
source_code_hash = data.archive_file.lambda_resources_zip.output_base64sha256
environment {
variables = {
Dev_Region = var.dev_region
Dev_AppID = var.dev_appid
Dev_Stage = var.dev_stage
Dev_UserPoolId = var.dev_userpoolid
Dev_CognitoClients = var.dev_cognitoclient
Prod_Region = var.prod_region
Prod_AppId = var.prod_appid
Prod_Stage = var.prod_stage
Prod_UserPoolId = var.prod_userpoolid
Prod_CognitoClients = var.prod_cognitoclient
}
}
}
这是我的 src>modules>lambda-auth>variables.tf
文件
variable "dev_region" {
default = ""
type = string
description = "Region for Dev Environment"
}
variable "dev_appid" {
default = ""
type = string
description = " App ID for Dev Environment"
}
variable "dev_stage" {
default = ""
type = string
description = " Stage for Dev Environment"
}
variable "dev_userpoolid" {
default = ""
type = string
description = " User Pool ID for Dev Environment"
}
variable "dev_cognitoclient" {
default = ""
type = string
description = " Cognito Client ID for Dev Environment"
}
variable "prod_region" {
default = ""
type = string
description = "Region for Prod Environment"
}
variable "prod_appid" {
default = ""
type = string
description = " App ID for Prod Environment"
}
variable "prod_stage" {
default = ""
type = string
description = " Stage for Prod Environment"
}
variable "prod_userpoolid" {
default = ""
type = string
description = " User Pool ID for Prod Environment"
}
variable "prod_cognitoclient" {
default = ""
type = string
description = " Cognito Client ID for Prod Environment"
}
这是我的 lambda-main.tf 文件:
module "lambda-auth" {
source = "lambda-auth"
prod_userpoolid = module.application-services.user-pool-id
}
这是我的 src>application-serivces.tf
文件:
# 我们检索每个服务的必要信息,包括:user_pool_arns、vpcLinkId、domainId
当地人{
app_service_input = { 对于 app_file,在 local.app_object_list 中的应用:application.name => 展平([
对于 application.services 中的服务:[merge(service,
{
app_name = application.name
user_pool_arns = [对于 application.user_pools 中的 user_pool : module.iam-pools[user_pool].results.pool.arn]
environments = [对于 service.environments 中的环境:
{
姓名 = environment.name
vpcLinkId = module.gateway-link[environment.link].results.vpcLinkId
domainId = module.gateway-domain[app_file].results.domain[application.domains.service][environment.name]
乌里 = environment.uri
}] })]
]) }
}
module "application-services" {
source = "./modules/application-services"
providers = {
aws.gateway = aws.networking
}
for_each = local.app_service_input
application_services = each.value
}
我不确定如何从一个模块引用到另一个模块,在此先感谢。
您根本无法将值直接从一个模块引用到另一个模块。声明 module
的级别是唯一可以访问模块输出的级别。要将这些值传递到其他级别,您还必须将该值声明为 application-services
模块的输出,这将使它在 main
中可用。然后为 lambda
模块声明一个输入变量,并让 main
将值传递给 lambda
模块。
application-services/outputs.tf
output "user-pool-id" {
value = module.application-service.user-pool-id
}
main.tf
module "lambda-auth" {
source = "lambda-auth"
prod_userpoolid = module.application-services.user-pool-id
}