在 terraform 的嵌套模块中引用变量

Referencing variables in nested modules in terraform

我正在使用 terraform 开发用于用户池身份验证的 lambda 授权方,我需要将环境变量动态设置为 src>modules>application-services>modules>application-service>variables.tfsrc>modules>lambda-auth>variables.tf。我不确定如何引用它我已经在 outputs.tf 中为 application-services>modules>application-service>variables.tf 声明了它们。这是我的文件结构。

src
 ┣ modules
 ┃ ┣ application-services
 ┃ ┃ ┣ modules
 ┃ ┃ ┃ ┗ application-service
 ┃ ┃ ┃ ┃ ┣ api.tf
 ┃ ┃ ┃ ┃ ┣ outputs.tf
 ┃ ┃ ┃ ┃ ┣ providers.tf
 ┃ ┃ ┃ ┃ ┣ stage-variables.tf
 ┃ ┃ ┃ ┃ ┣ stages.tf
 ┃ ┃ ┃ ┃ ┗ variables.tf
 ┃ ┃ ┣ application-service.tf
 ┃ ┃ ┣ providers.tf
 ┃ ┃ ┗ variables.tf
 ┃ ┣ lambda-auth
 ┃ ┃ ┣ resource
 ┃ ┃ ┃ ┗ lambda-authorizer.zip
 ┃ ┃ ┣ src
 ┃ ┃ ┃ ┗ auth.go
 ┃ ┃ ┣ lambda.tf
 ┃ ┃ ┣ providers.tf
 ┃ ┃ ┗ variables.tf
 ┣ application-services.tf
 ┣ main.tf
 ┣ outputs.tf
 ┣ providers.tf
 ┣ remote.tf
 ┗ variables.tf
 ┗ lambda-main.tf

这是我的 src>模块>应用程序>服务>模块>应用程序服务>outputs.tf 文件

output "user-pool-id" {
  value = var.service.app_name
}

这是我的 src>模块>应用>服务>模块>应用服务>variables.tf 文件

variable "service" {
  description = "The service which we want to deploy into the gateway"
  type = object({
    name           = string
    app_name       = string
    route          = string
    attributes     = map(string)
    user_pool_arns = list(string)
    environments = list(object({
      name      = string
      vpcLinkId = string
      domainId  = string
      uri       = string
    }))
  })
}

我想获取“app_name”的值,并在src>modules>lambda-auth>lambda.tf中使用它,我想用那个“app_name”代替“[=43=” ]",我已经处理了其他方面,例如创建 IAM 角色和策略。

resource "aws_lambda_function" "authorizer_lambda_parser" {
  filename      = data.archive_file.lambda_resources_zip.output_path
  function_name = "lambda-authorizer"
  handler       = "auth.go"
  runtime       = "go1.x"
  role          = aws_iam_role.lambda_authorizer_parser_role.arn

  source_code_hash = data.archive_file.lambda_resources_zip.output_base64sha256
  environment {
    variables = {
      Dev_Region = var.dev_region
      Dev_AppID  = var.dev_appid
      Dev_Stage  = var.dev_stage
      Dev_UserPoolId = var.dev_userpoolid
      Dev_CognitoClients = var.dev_cognitoclient
      Prod_Region = var.prod_region
      Prod_AppId  = var.prod_appid
      Prod_Stage  = var.prod_stage
      Prod_UserPoolId = var.prod_userpoolid
      Prod_CognitoClients = var.prod_cognitoclient
    }
  }
}

这是我的 src>modules>lambda-auth>variables.tf 文件

variable "dev_region" {
    default = ""
    type    = string
    description = "Region for Dev Environment"
}

variable "dev_appid" {
    default = ""
    type    = string
    description = " App ID for Dev Environment"
}
variable "dev_stage" {
    default = ""
    type    = string
    description = " Stage for Dev Environment"
}
variable "dev_userpoolid" {
    default = ""
    type    = string
    description = " User Pool ID for Dev Environment"
}
variable "dev_cognitoclient" {
    default = ""
    type    = string
    description = " Cognito Client ID for Dev Environment"
}
variable "prod_region" {
    default = ""
    type    = string
    description = "Region for Prod Environment"
}
variable "prod_appid" {
    default = ""
    type    = string
    description = " App ID for Prod Environment"
}
variable "prod_stage" {
    default = ""
    type    = string
    description = " Stage for Prod Environment"
}
variable "prod_userpoolid" {
    default = ""
    type    = string
    description = " User Pool ID for Prod Environment"
}
variable "prod_cognitoclient" {
    default = ""
    type    = string
    description = " Cognito Client ID for Prod Environment"
}

这是我的 lambda-main.tf 文件:

module "lambda-auth" {
  source = "lambda-auth"

  prod_userpoolid = module.application-services.user-pool-id
}

这是我的 src>application-serivces.tf 文件:
# 我们检索每个服务的必要信息,包括:user_pool_arns、vpcLinkId、domainId 当地人{ app_service_input = { 对于 app_file,在 local.app_object_list 中的应用:application.name => 展平([ 对于 application.services 中的服务:[merge(service, { app_name = application.name user_pool_arns = [对于 application.user_pools 中的 user_pool : module.iam-pools[user_pool].results.pool.arn] environments = [对于 service.environments 中的环境: { 姓名 = environment.name vpcLinkId = module.gateway-link[environment.link].results.vpcLinkId domainId = module.gateway-domain[app_file].results.domain[application.domains.service][environment.name] 乌里 = environment.uri }] })] ]) } }

module "application-services" {
  source = "./modules/application-services"

  providers = {
    aws.gateway = aws.networking
  }

  for_each = local.app_service_input

  application_services = each.value
}

我不确定如何从一个模块引用到另一个模块,在此先感谢。

您根本无法将值直接从一个模块引用到另一个模块。声明 module 的级别是唯一可以访问模块输出的级别。要将这些值传递到其他级别,您还必须将该值声明为 application-services 模块的输出,这将使它在 main 中可用。然后为 lambda 模块声明一个输入变量,并让 main 将值传递给 lambda 模块。


application-services/outputs.tf

output "user-pool-id" {
  value = module.application-service.user-pool-id
}

main.tf

module "lambda-auth" {
  source = "lambda-auth"

  prod_userpoolid = module.application-services.user-pool-id
}