terraform aws_ram_principal_association 排除主账户 ID
terraform aws_ram_principal_association exlcude master account id
是否可以从 aws_ram_principal_association 中排除包含“523134851043”帐户的字符串,该帐户拥有一些共享资源?
settings.yaml
aws:
- accounts: ciss-goesaws-test
id: "523134851043"
private_subnets:
-
nat_gw: true
az: eu-central-1a
short: a
cidr: 10.44.4.96/27
-
nat_gw: false
az: eu-central-1b
short: b
cidr: 10.44.5.128/27
-
nat_gw: false
az: eu-central-1c
short: c
cidr: 10.44.6.160/27
variables.tf
variable "aws" {
type = list(object({
accounts: string
id: string
public_subnets: list(object({
nat_gw: bool
az: string
short: string
cidr: string
}))
private_subnets: list(object({
nat_gw: bool
az: string
short: string
cidr: string
}))
}))
}
locals {
public_ram = flatten([
for a in var.aws : [
for ps in a.public_subnets : {
id = a.id
cidr = ps.cidr
}
]
])
}
resource "aws_ram_principal_association" "public_principal_association" {
for_each = {
for account_id in local.public_ram : account_id.id => account_id...
}
principal = each.key
resource_share_arn = aws_ram_resource_share.ci_vpc_share.arn
}
我遍历帐户,它包含导致此错误的帐户 ID“523134851043”。
│ Error: error reading RAM Resource Share (arn:aws:ram:eu-central-1:523134851043:resource-share/d958c0c7-555e-411b-ac6b-3302a901408b) Principal Association (523134851043), status not associating or associated: FAILED
│
│ with aws_ram_principal_association.public_principal_association["523134851043"],
│ on ram.tf line 47, in resource "aws_ram_principal_association" "public_principal_association":
│ 47: resource "aws_ram_principal_association" "public_principal_association" {
我已经更新了 Matt 提到的 for 表达式
resource "aws_ram_principal_association" "private_principal_association" {
for_each = {
for account_id in local.private_ram : account_id.id => account_id... if !(can(regex("523134851043", account_id)))
}
但是 terraform 仍然想创建这个资源
# aws_ram_principal_association.private_principal_association["523134851043"] will be created
+ resource "aws_ram_principal_association" "private_principal_association" {
+ id = (known after apply)
+ principal = "523134851043"
+ resource_share_arn = (known after apply)
}
这个解决方案适合我
resource "aws_ram_principal_association" "public_principal_association" {
for_each = {
for account_id in local.public_ram : account_id.id => account_id... if ! contains(values(account_id), "523134851043")
}
principal = each.key
resource_share_arn = aws_ram_resource_share.ci_vpc_share.arn
}
是否可以从 aws_ram_principal_association 中排除包含“523134851043”帐户的字符串,该帐户拥有一些共享资源?
settings.yaml
aws:
- accounts: ciss-goesaws-test
id: "523134851043"
private_subnets:
-
nat_gw: true
az: eu-central-1a
short: a
cidr: 10.44.4.96/27
-
nat_gw: false
az: eu-central-1b
short: b
cidr: 10.44.5.128/27
-
nat_gw: false
az: eu-central-1c
short: c
cidr: 10.44.6.160/27
variables.tf
variable "aws" {
type = list(object({
accounts: string
id: string
public_subnets: list(object({
nat_gw: bool
az: string
short: string
cidr: string
}))
private_subnets: list(object({
nat_gw: bool
az: string
short: string
cidr: string
}))
}))
}
locals {
public_ram = flatten([
for a in var.aws : [
for ps in a.public_subnets : {
id = a.id
cidr = ps.cidr
}
]
])
}
resource "aws_ram_principal_association" "public_principal_association" {
for_each = {
for account_id in local.public_ram : account_id.id => account_id...
}
principal = each.key
resource_share_arn = aws_ram_resource_share.ci_vpc_share.arn
}
我遍历帐户,它包含导致此错误的帐户 ID“523134851043”。
│ Error: error reading RAM Resource Share (arn:aws:ram:eu-central-1:523134851043:resource-share/d958c0c7-555e-411b-ac6b-3302a901408b) Principal Association (523134851043), status not associating or associated: FAILED
│
│ with aws_ram_principal_association.public_principal_association["523134851043"],
│ on ram.tf line 47, in resource "aws_ram_principal_association" "public_principal_association":
│ 47: resource "aws_ram_principal_association" "public_principal_association" {
我已经更新了 Matt 提到的 for 表达式
resource "aws_ram_principal_association" "private_principal_association" {
for_each = {
for account_id in local.private_ram : account_id.id => account_id... if !(can(regex("523134851043", account_id)))
}
但是 terraform 仍然想创建这个资源
# aws_ram_principal_association.private_principal_association["523134851043"] will be created
+ resource "aws_ram_principal_association" "private_principal_association" {
+ id = (known after apply)
+ principal = "523134851043"
+ resource_share_arn = (known after apply)
}
这个解决方案适合我
resource "aws_ram_principal_association" "public_principal_association" {
for_each = {
for account_id in local.public_ram : account_id.id => account_id... if ! contains(values(account_id), "523134851043")
}
principal = each.key
resource_share_arn = aws_ram_resource_share.ci_vpc_share.arn
}