如何在 Terraform 中为 `aws_apigatewayv2_route` 添加对 `aws_apigatewayv2_stage` 的依赖?
How can I add dependency on `aws_apigatewayv2_stage` for `aws_apigatewayv2_route` in Terraform?
我的地形设置如下:
resource "aws_apigatewayv2_route" "signup_route" {
api_id = "${aws_apigatewayv2_api.signup_redirect.id}"
route_key = "POST /signup"
target = "integrations/${aws_apigatewayv2_integration.lambda_integration.id}"
}
resource "aws_apigatewayv2_stage" "staging_stage" {
api_id = "${aws_apigatewayv2_api.signup_redirect.id}"
name = "staging"
auto_deploy = true
route_settings {
route_key = "POST /signup"
logging_level = "INFO"
detailed_metrics_enabled = true
}
}
部署时出现以下错误:
Error: error creating API Gateway v2 stage: NotFoundException: Unable to find Route by key POST /signup within the provided RouteSettings
似乎在创建路由之前部署了阶段。如何添加对舞台的依赖以依赖 route?
看起来 aws_apigatewayv2_route 没有导出任何我们可以使用的有用属性。但是 depends_on 不适用于这种情况吗? -
resource "aws_apigatewayv2_stage" "staging_stage" {
depends_on = [aws_apigatewayv2_route.signup_route]
...
https://www.terraform.io/docs/configuration/resources.html#depends_on-explicit-resource-dependencies
=====
(在此处编辑,因为我还没有足够的代表来评论另一个答案)我没有意识到您可以将来自一个资源的输入用作属性。这非常漂亮,绝对是正确的选择。
在 Terraform 中创建依赖项的最佳方式是编写对您要依赖的资源的引用。在这种情况下,它可能看起来像这样:
resource "aws_apigatewayv2_route" "signup_route" {
api_id = "${aws_apigatewayv2_api.signup_redirect.id}"
route_key = "POST /signup"
target = "integrations/${aws_apigatewayv2_integration.lambda_integration.id}"
}
resource "aws_apigatewayv2_stage" "staging_stage" {
api_id = aws_apigatewayv2_api.signup_redirect.id
name = "staging"
auto_deploy = true
route_settings {
route_key = aws_apigatewayv2_route.signup_route.route_key
logging_level = "INFO"
detailed_metrics_enabled = true
}
}
因为 route_settings 中的 route_key 指的是 aws_apigatewayv2_route.signup_route,Terraform 会将其视为对该资源的依赖。像这样隐含依赖关系很好,因为它允许您专注于描述数据如何从一个资源传播到另一个资源,如果您稍后删除此 route_settings 块,那么它隐含的依赖关系将自动删除,而无需您记得更新一些其他声明。
但是,在某些情况下,底层系统的设计使得这种显式数据流依赖成为不可能。这方面的一个例子是 AWS IAM 角色,其中附加到角色的策略与角色本身是分开的,因此自然的数据流推断依赖关系是策略和将承担角色的对象都依赖于角色,并且承担角色的对象自然不会依赖于策略。在那种情况下,我们往往需要添加额外的显式依赖项 depends_on 以确保系统在应用其策略之前不会尝试承担该角色:
resource "aws_iam_role" "for_lambda" {
name = "lambda_function"
assume_role_policy = jsonencode({
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
})
}
resource "aws_iam_role_policy" "for_lambda" {
# (policy that the lambda function needs to do its work)
}
resource "aws_lambda_function" "example" {
name = "example"
# ...
# This reference makes the function depend on the role,
# but the role isn't ready to use until the associated
# policy has been attached to it too.
role = aws_iam_role.for_lambda.arn
# ...so we need to explicitly declare this hidden dependency:
depends_on = [aws_iam_role_policy.for_lambda]
}
中提供了有关 Terraform 中依赖项如何工作的更多信息
我的地形设置如下:
resource "aws_apigatewayv2_route" "signup_route" {
api_id = "${aws_apigatewayv2_api.signup_redirect.id}"
route_key = "POST /signup"
target = "integrations/${aws_apigatewayv2_integration.lambda_integration.id}"
}
resource "aws_apigatewayv2_stage" "staging_stage" {
api_id = "${aws_apigatewayv2_api.signup_redirect.id}"
name = "staging"
auto_deploy = true
route_settings {
route_key = "POST /signup"
logging_level = "INFO"
detailed_metrics_enabled = true
}
}
部署时出现以下错误:
Error: error creating API Gateway v2 stage: NotFoundException: Unable to find Route by key POST /signup within the provided RouteSettings
似乎在创建路由之前部署了阶段。如何添加对舞台的依赖以依赖 route?
看起来 aws_apigatewayv2_route 没有导出任何我们可以使用的有用属性。但是 depends_on 不适用于这种情况吗? -
resource "aws_apigatewayv2_stage" "staging_stage" {
depends_on = [aws_apigatewayv2_route.signup_route]
...
https://www.terraform.io/docs/configuration/resources.html#depends_on-explicit-resource-dependencies
=====
(在此处编辑,因为我还没有足够的代表来评论另一个答案)我没有意识到您可以将来自一个资源的输入用作属性。这非常漂亮,绝对是正确的选择。
在 Terraform 中创建依赖项的最佳方式是编写对您要依赖的资源的引用。在这种情况下,它可能看起来像这样:
resource "aws_apigatewayv2_route" "signup_route" {
api_id = "${aws_apigatewayv2_api.signup_redirect.id}"
route_key = "POST /signup"
target = "integrations/${aws_apigatewayv2_integration.lambda_integration.id}"
}
resource "aws_apigatewayv2_stage" "staging_stage" {
api_id = aws_apigatewayv2_api.signup_redirect.id
name = "staging"
auto_deploy = true
route_settings {
route_key = aws_apigatewayv2_route.signup_route.route_key
logging_level = "INFO"
detailed_metrics_enabled = true
}
}
因为 route_settings 中的 route_key 指的是 aws_apigatewayv2_route.signup_route,Terraform 会将其视为对该资源的依赖。像这样隐含依赖关系很好,因为它允许您专注于描述数据如何从一个资源传播到另一个资源,如果您稍后删除此 route_settings 块,那么它隐含的依赖关系将自动删除,而无需您记得更新一些其他声明。
但是,在某些情况下,底层系统的设计使得这种显式数据流依赖成为不可能。这方面的一个例子是 AWS IAM 角色,其中附加到角色的策略与角色本身是分开的,因此自然的数据流推断依赖关系是策略和将承担角色的对象都依赖于角色,并且承担角色的对象自然不会依赖于策略。在那种情况下,我们往往需要添加额外的显式依赖项 depends_on 以确保系统在应用其策略之前不会尝试承担该角色:
resource "aws_iam_role" "for_lambda" {
name = "lambda_function"
assume_role_policy = jsonencode({
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
})
}
resource "aws_iam_role_policy" "for_lambda" {
# (policy that the lambda function needs to do its work)
}
resource "aws_lambda_function" "example" {
name = "example"
# ...
# This reference makes the function depend on the role,
# but the role isn't ready to use until the associated
# policy has been attached to it too.
role = aws_iam_role.for_lambda.arn
# ...so we need to explicitly declare this hidden dependency:
depends_on = [aws_iam_role_policy.for_lambda]
}