如何使提供者假设角色块有条件 [英] How to make provider assume_role block conditional
本文介绍了如何使提供者假设角色块有条件的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我有一个 provider 块,我想给它一个 assume_role 属性,但前提是它没有在我的本地机器上运行.
我在所有环境 .tfvars 文件中定义了一个变量 islocal,只有本地文件的值为 true.>
这是 provider 块:
提供者aws"{区域 = var.region1profile = var.islocal == true ?默认": null # 仅在本地使用假设角色 { # 不要在本地使用role_arn = var.terraform_execution_role}}问题:
- 如果我将
role_arn属性设置为null,这是否会使assume_role块无效?(即:与不在那里一样) - 如果
assume_role块确实有影响,即使role_arn值为null,我如何在时完全删除它>var.islocal是true吗?
我考虑过动态块,但不确定如何构建它.
解决方案
您可以使用 您的提供商中的动态块:
提供者aws"{区域 = var.region1profile = var.islocal == true ?默认": null # 仅在本地使用动态承担角色"{for_each = var.islocal == true ?[] : [1]内容 {role_arn = var.terraform_execution_role}}}I have a provider block which I want to give an assume_role property but only if it is not running on my local machine.
I have defined a variable islocal in all the environment .tfvars files, with only the local file having the value true.
This is the provider block:
provider "aws" {
region = var.region1
profile = var.islocal == true ? "default" : null # ONLY USED LOCALLY
assume_role { # NOT TO BE USED LOCALLY
role_arn = var.terraform_execution_role
}
}
Questions:
- If I set the
role_arnproperty tonulldoes this make theassume_roleblock ineffective? (ie: the same as not being there) - If the
assume_roleblock does have an impact, even when therole_arnvalue isnull, how can I completely remove it whenvar.islocalistrue?
I have considered a dynamic block but I'm not sure how to structure it.
解决方案
You can use dynamic blocks in your provider:
provider "aws" {
region = var.region1
profile = var.islocal == true ? "default" : null # ONLY USED LOCALLY
dynamic "assume_role" {
for_each = var.islocal == true ? [] : [1]
content {
role_arn = var.terraform_execution_role
}
}
}
这篇关于如何使提供者假设角色块有条件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
