使用 Terraform 时从实例获取 EC2 Windows 密码 [英] Getting EC2 Windows Password from instances when using Terraform

问题描述

在使用 terraform 时，我正在努力从几个新的 ec2 实例中获取密码.通读了几篇文章，并认为我拥有它，但没有取得任何进展.

I'm struggling to get the password from a couple of new ec2 instances when using terraform. Been reading up through a couple of posts and thought i had it but not getting anywhere.

这是我的配置:

resource "aws_instance" "example" {
  ami = "ami-06f9d25508c9681c3"
  count         = "2"
  instance_type = "t2.small"
  key_name = "mykey"
  vpc_security_group_ids =["sg-98d190fc","sg-0399f246d12812edb"]
  get_password_data = "true"
}

output "public_ip" {
    value = "${aws_instance.example.*.public_ip}"
}

output "public_dns" {
    value = "${aws_instance.example.*.public_dns}"
}

output "Administrator_Password" {
    value = "${rsadecrypt(aws_instance.example.*.password_data, 
file("mykey.pem"))}"
}

设法清除了所有语法错误，但现在运行时出现以下错误:

Managed to clear up all the syntax errors but now when running get the following error:

PS C:\tf> terraform apply
aws_instance.example[0]: Refreshing state... (ID: i-0e087e3610a8ff56d)
aws_instance.example[1]: Refreshing state... (ID: i-09557bc1e0cb09c67)

Error: Error refreshing state: 1 error(s) occurred:

* output.Administrator_Password: At column 3, line 1: rsadecrypt: argument 1 
should be type string, got type list in:

${rsadecrypt(aws_instance.example.*.password_data, file("mykey.pem"))}

推荐答案

返回此错误是因为 aws_instance.example.*.password_data 是 password_data 结果的列表来自每个 EC2 实例.每一个都必须用 rsadecrypt 单独解密.

This error is returned because aws_instance.example.*.password_data is a list of the password_data results from each of the EC2 instances. Each one must be decrypted separately with rsadecrypt.

要在 Terraform v0.11 中执行此操作，需要使用 null_resource 作为解决方法来实现for each"操作:

To do this in Terraform v0.11 requires using null_resource as a workaround to achieve a "for each" operation:

resource "aws_instance" "example" {
  count = 2

  ami                    = "ami-06f9d25508c9681c3"
  instance_type          = "t2.small"
  key_name               = "mykey"
  vpc_security_group_ids = ["sg-98d190fc","sg-0399f246d12812edb"]
  get_password_data      = true
}

resource "null_resource" "example" {
  count = 2

  triggers = {
    password = "${rsadecrypt(aws_instance.example.*.password_data[count.index], file("mykey.pem"))}"
  }
}

output "Administrator_Password" {
    value = "${null_resource.example.*.triggers.password}"
}

从 Terraform v0.12.0 开始，这可以使用新的 for 表达式构造来简化:

From Terraform v0.12.0 onwards, this can be simplified using the new for expression construct:

resource "aws_instance" "example" {
  count = 2

  ami                    = "ami-06f9d25508c9681c3"
  instance_type          = "t2.small"
  key_name               = "mykey"
  vpc_security_group_ids = ["sg-98d190fc","sg-0399f246d12812edb"]
  get_password_data      = true
}

output "Administrator_Password" {
  value = [
    for i in aws_instance.example : rsadecrypt(i.password_data, file("mykey.pem"))
  ]
}

这篇关于使用 Terraform 时从实例获取 EC2 Windows 密码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！