terraform

问题 Using terraform, does anyone know how to set a predefined SSL Security Policy for an ELB, from within the aws_elastic_beanstalk_environment resource? I've tried various permutations of parameters, branching out from something like the below, but have had no luck. ``` setting { name = "PolicyNames" namespace = "aws:elb:listener" value = "ELBSecurityPolicy-TLS-1-2-2017-01" } ``` Can this be done using the setting syntax? regards Michael 回答1: Following works for classic ELB, LoadBalancerPorts is

问题 I am very new to GCP with terraform and I want to deploy all my modules using centralized tools. Is there any way to remove the step of enabling google API's every time so that deployment is not interrupted? 回答1: There is a Terraform resource definition called "google_project_service" that allows one to enable a service (API). This is documented at google_project_service. An example of usage appears to be: resource "google_project_service" "project" { project = "your-project-id" service =

问题 I'm using Terraform to script an AWS build. I'm spinning up a number of instances across multiple availability zones, in this example, 2: resource "aws_instance" "myinstance" { count = 2 ami = "${var.myamiid}" instance_type = "${var.instancetype}" availability_zone = "${data.aws_availability_zones.all.names[count.index]}" # other details omitted for brevity } I now need to assign an Elastic IP to these instances, so that I can rebuild the instances in the future without their IP address

问题 I have a Terraform configuration targeting deployment on AWS. It applies beautifully when using an IAM user that has permission to do anything (i.e. {actions: ["*"], resources: ["*"]} . In pursuit of automating the application of this Terraform configuration, I want to determine the minimum set of permissions necessary to apply the configuration initially and effect subsequent changes. I specifically want to avoid giving overbroad permissions in policy, e.g. {actions: ["s3:*"], resources: ["*

问题 I have a root Terraform module that declares a VPC module and other modules such as an EC2 instance that is to launch in the VPC. In the EC2 module, I read the VPC using the aws_vpc type: data "aws_vpc" "vpc" { filter { name = "tag:Name" values = [var.name_tag] } } Now this works fine if I declare the modules independently. But when declaring a root module that declares these other modules separately, I get this failure: ▶ terraform apply module.cloudwatch.data.aws_ami.ami: Refreshing state..

问题 I'm wondering if it's possible to know when the script in user data executes completely? data "template_file" "script" { template = file("${path.module}/installing.sh") } data "template_cloudinit_config" "config" { gzip = false base64_encode = false # Main cloud-config configuration file. part { filename = "install.sh" content = "${data.template_file.script.rendered}" } } resource "aws_instance" "web" { ami = "ami-04e7b4117bb0488e4" instance_type = "t2.micro" key_name = "KEY" vpc_security

问题 Terraform Info: Terraform v0.12.18 provider.aws v2.43.0 provider.template v2.1.2 I have a security group defined: If I run terraform plan or terraform apply against my existing stack, there are NO changes pending, state is fully up-to-date. resource "aws_security_group" "sg_apps" { name = "Custom apps ${var.env}" description = "Custom apps ${var.env}" vpc_id = data.terraform_remote_state.vpc.outputs.vpc_east_id tags = { Name = "Custom apps ${var.env} - TF" } ingress { from_port = 3306 to_port

问题 Terraform Info: Terraform v0.12.18 provider.aws v2.43.0 provider.template v2.1.2 I have a security group defined: If I run terraform plan or terraform apply against my existing stack, there are NO changes pending, state is fully up-to-date. resource "aws_security_group" "sg_apps" { name = "Custom apps ${var.env}" description = "Custom apps ${var.env}" vpc_id = data.terraform_remote_state.vpc.outputs.vpc_east_id tags = { Name = "Custom apps ${var.env} - TF" } ingress { from_port = 3306 to_port

问题 I have terraform script which creates Backend address pools and Loadbalancer rules in Loadbalancer in resource group. These tasks are included in Azure-pipeline. FOr the first time I run the pipeline.Its creating properly. If I run the pipeline for the second time. Its not updating the existing one .Its keeping the Backend address pools and Loadbalancer rules which are created by previous release and adding the extra Backend address pools and Loadbalancer rules for this release which is

问题 I am trying to generate a bunch of files from templates - I need to replace the hardcoded 1 with the count.index , not sure what format terraform will allow we to use. resource "local_file" "foo" { count = "${length(var.files)}" content = "${data.template_file.tenant_repo_multi.1.rendered}" #TODO: Replace 1 with count index. filename = "${element(var.files, count.index)}" } data "template_file" "tenant_repo_multi" { count = "${length(var.files)}" template = "${file("templates/${element(var