English 中文(简体)
建立动态的SSM自动化平台模板
原标题:terraform template to build dynamic SSM automation

1. 地形图

• 每一行的SSM自动化需求

{
     "description": "Invoke Lambda Function ${key}",
     "name": "InvokeLambdaFunction${key}",
     "action": "aws:invokeLambdaFunction",
     "inputs": {
         "FunctionName": "arn:aws:lambda:us-east-1:${account_number}:function:hello",
         "InvocationType": "RequestResponse",
         "Payload": "{"key1": "${account_number}", "key2": "<first value from arg_map>", "key3": "<second value from arg_map>"}"
     }
}

主 席

provider "aws" {
  region = "us-east-1"  # Set your desired region here
}
    
variable "account_number" {
  default = "123456789"
}
    
variable "arg_map" {
  type = map(list(string))
  default = {
    "key" = ["a", "b"]
    "key" = ["d", "e"]
    "key" = ["g", "h"]
    "key" = ["j", "k"]
  }
}
    
resource "aws_ssm_document" "sync_epv2asm" {
  name          = "sync_epv2asm"
  document_type = "Automation"
 
  content = templatefile("${path.module}/ssm_document_template.tftpl", {
    account_number = var.account_number
    arg_map        = var.arg_map
  })
}

ssm_document_template.tftpl

{
  "schemaVersion": "0.3",
  "description": "My description.",
  "mainSteps": [
    % for key, values in arg_map:
     {
        "description": "Invoke Lambda Function ${key}",
        "name": "InvokeLambdaFunction${key}",
        "action": "aws:invokeLambdaFunction",
        "inputs": {
          "FunctionName": "arn:aws:lambda:us-east-1:${account_number}:function:hello",
          "InvocationType": "RequestResponse",
          "Payload": "{"key1": "${account_number}", "key2": "${values[0]}", "key3": "${values[1]}"}"
        }
    }% if not loop.last %,
    % endif
    % endfor
  ]
}

运行地貌应用

│ Error: Invalid function argument │ │ on 主 席 line 23, in resource "aws_ssm_document" "sync_epv2asm": │ 23: content = templatefile("${path.module}/ssm_document_template.tftpl", { │ 24: account_number = var.account_number │ 25: arg_map = var.arg_map │ 26: }) │ ├──────────────── │ │ while calling templatefile(path, vars) │ │ var.arg_map is a map of list of string │ │ Invalid value for "vars" parameter: vars map does not contain key "key", referenced at ./ssm_document_template.tftpl:7,44-47.

around不见。 我甚至试图让一些大赦国际看看看他们是否并查明我的问题。

互联网上的一些东西显示“{}”围绕“%”的模板。 这并没有改变我的错误。

对我为什么不能把模板投入工作有什么想法?

最佳回答

由于你正在尝试制作一份JSON文件,templatefile就几乎永远无法做到这一点。 根据documentation for templatefile, 您也可使用与模板有关的载于jsonencode的功能。 它应当研究如下内容:

${jsonencode({
  "schemaVersion": "0.3",
  "description": "My description.",
  "mainSteps": [
    for key, values in arg_map:
    {
      "description": "Invoke Lambda Function ${key}",
      "name": "InvokeLambdaFunction${key}",
      "action": "aws:invokeLambdaFunction",
      "inputs": {
        "FunctionName": "arn:aws:lambda:us-east-1:${account_number}:function:hello:$LATEST",
        "InvocationType": "RequestResponse",
        "Payload": "{"key1": "${account_number}", "key2": "${values[0]}", "key3": "${values[1]}"}"
      }
    }
  ]
})}

The plan output shows the result like this:

  # aws_ssm_document.sync_epv2asm will be created
  + resource "aws_ssm_document" "sync_epv2asm" {
      + arn              = (known after apply)
      + content          = jsonencode(
            {
              + description   = "My description."
              + mainSteps     = [
                  + {
                      + action      = "aws:invokeLambdaFunction"
                      + description = "Invoke Lambda Function key1"
                      + inputs      = {
                          + FunctionName   = "arn:aws:lambda:us-east-1:123456789:function:hello:$LATEST"
                          + InvocationType = "RequestResponse"
                          + Payload        = jsonencode(
                                {
                                  + key1 = "123456789"
                                  + key2 = "a"
                                  + key3 = "b"
                                }
                            )
                        }
                      + name        = "InvokeLambdaFunctionkey1"
                    },
                  + {
                      + action      = "aws:invokeLambdaFunction"
                      + description = "Invoke Lambda Function key2"
                      + inputs      = {
                          + FunctionName   = "arn:aws:lambda:us-east-1:123456789:function:hello:$LATEST"
                          + InvocationType = "RequestResponse"
                          + Payload        = jsonencode(
                                {
                                  + key1 = "123456789"
                                  + key2 = "d"
                                  + key3 = "e"
                                }
                            )
                        }
                      + name        = "InvokeLambdaFunctionkey2"
                    },
                ]
              + schemaVersion = "0.3"
            }
        )
      + created_date     = (known after apply)
      + default_version  = (known after apply)
      + description      = (known after apply)
      + document_format  = "JSON"
      + document_type    = "Automation"
      + document_version = (known after apply)
      + hash             = (known after apply)
      + hash_type        = (known after apply)
      + id               = (known after apply)
      + latest_version   = (known after apply)
      + name             = "sync_epv2asm"
      + owner            = (known after apply)
      + parameter        = (known after apply)
      + platform_types   = (known after apply)
      + schema_version   = (known after apply)
      + status           = (known after apply)
      + tags_all         = (known after apply)
    }

我把这个例子 only为只使用两个钥匙,但这应当针对任何几个关键因素。

NOTE:You also have to append the Lambda edition to the Lambda ARN, or using $LATEST or a text number, otherwise, the SSM document will sediment a mis:

Error: Creat SSM Document (sync_epv2asm): InvalidDocumentContent: Input arn:aws:lambda:us-east-1:123456789:Function:hello未达到文件中规定的标准:(arn:aws)?(-[a-z]+)?(a-[a-z]+)?(a-[a-z]+)?

产出:

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_ssm_document.sync_epv2asm will be created
  + resource "aws_ssm_document" "sync_epv2asm" {
      + arn              = (known after apply)
      + content          = jsonencode(
            {
              + description   = "My description."
              + mainSteps     = [
                  + {
                      + action      = "aws:invokeLambdaFunction"
                      + description = "Invoke Lambda Function key1"
                      + inputs      = {
                          + FunctionName   = "arn:aws:lambda:us-east-1:123456789:function:hello:$LATEST"
                          + InvocationType = "RequestResponse"
                          + Payload        = jsonencode(
                                {
                                  + key1 = "123456789"
                                  + key2 = "a"
                                  + key3 = "b"
                                }
                            )
                        }
                      + name        = "InvokeLambdaFunctionkey1"
                    },
                  + {
                      + action      = "aws:invokeLambdaFunction"
                      + description = "Invoke Lambda Function key2"
                      + inputs      = {
                          + FunctionName   = "arn:aws:lambda:us-east-1:123456789:function:hello:$LATEST"
                          + InvocationType = "RequestResponse"
                          + Payload        = jsonencode(
                                {
                                  + key1 = "123456789"
                                  + key2 = "d"
                                  + key3 = "e"
                                }
                            )
                        }
                      + name        = "InvokeLambdaFunctionkey2"
                    },
                ]
              + schemaVersion = "0.3"
            }
        )
      + created_date     = (known after apply)
      + default_version  = (known after apply)
      + description      = (known after apply)
      + document_format  = "JSON"
      + document_type    = "Automation"
      + document_version = (known after apply)
      + hash             = (known after apply)
      + hash_type        = (known after apply)
      + id               = (known after apply)
      + latest_version   = (known after apply)
      + name             = "sync_epv2asm"
      + owner            = (known after apply)
      + parameter        = (known after apply)
      + platform_types   = (known after apply)
      + schema_version   = (known after apply)
      + status           = (known after apply)
      + tags_all         = (known after apply)
    }

Plan: 1 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only  yes  will be accepted to approve.

  Enter a value: yes

aws_ssm_document.sync_epv2asm: Creating...
aws_ssm_document.sync_epv2asm: Creation complete after 0s [id=sync_epv2asm]

Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
时间:2024-03-07 08:20:35
问题回答

Apparently there was a problem with my terraform. for some reason the template would only use the last line of arg_map.
I had to uninstall Terraform and reinstall terraform.

It appears that the invoke lambda function is smart. it needed $LATEST or $, and the actual account number.

Main.tf

provider "aws" {
  region = "us-east-1" # Set your desired region here
}

variable "account_number" {
  default = "123456789"
}

variable "arg_map" {
  type = map(list(string))
  default = {
    "key1" = ["a", "b"]
    "key2" = ["d", "e"]
    "key3" = ["g", "h"]
    "key4" = ["j", "k"]
  }
}

resource "aws_ssm_document" "sync_epv2asm" {
  name          = "sync_epv2asm"
  document_type = "Automation"

  content = templatefile("${path.module}/ssm_document_template.tftpl", {
    account_number = var.account_number
    arg_map        = var.arg_map
  })
}

ssm_document_template.tftpl

${jsonencode({
  "schemaVersion": "0.3",
  "description": "My description.",
  "mainSteps": [
    for key, values in arg_map:
    {
      "description": "Invoke Lambda Function ${key}",
      "name": "InvokeLambdaFunction${key}",
      "action": "aws:invokeLambdaFunction",
      "inputs": {
        "FunctionName": "arn:aws:lambda:us-east-1:${account_number}:function:hello:$LATEST",
        "InvocationType": "RequestResponse",
        "Payload": "{"key1": "${account_number}", "key2": "${values[0]}", "key3": "${values[1]}"}"
      }
    }
  ]
})}
时间:2024-03-10 02:55:39


上一篇:
下一篇:


相关问题
Mount windows shared drive to MWAA in bootscript

In MWAA startup script sudo yum install samba-client cifs-utils -y sudo mount.cifs //dev/test/drop /mnt/dev/test-o username=testuser,password= pwd ,domain=XX Executing above commonds giving error - ...

时间:2023-05-24 03:03:55 回答:0 展示:1
How to get Amazon Seller Central orders programmatically?

We have been manually been keying Amazon orders into our system and would like to automate it. However, I can t seem to figure out how to go about it. Their documentation is barely there. There is: ...

时间:2009-11-23 21:09:14 回答:3 展示:1
Using a CDN like Amazon S3 to control access to media

I want to use Amazon S3/CloudFront to store flash files. These files must be private as they will be accessed by members. This will be done by storing each file with a link to Amazon using a mysql ...

时间:2009-11-20 13:44:03 回答:1 展示:1
unable to connect to database on AWS

actually I have my website build with Joomla hosted on hostmonster but all Joomla website need a database support to run this database is on AWS configuration files need to be updated for that I ...

时间:2009-11-19 13:31:08 回答:2 展示:1
Using EC2 Load Balancing with Existing Wordpress Blog

I currently have a virtual dedicated server through Media Temple that I use to run several high traffic Wordpress blogs. Both tend to receive sudden StumbleUpon traffic surges that (I m assuming) ...

时间:2009-11-19 01:26:57 回答:2 展示:1
SSL slowness in EC2

We ve deployed our rails app to EC2. In our setup, we have two proxies on small instances behind round-robin DNS. These run nginx load balancers for a dynamically growing and shrinking farm of web ...

时间:2009-11-13 03:37:45 回答:3 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全