用于创建 Spot 实例的 Terraform 服务角色
Terraform service role for creating spot instances
我是 Terraform 的新手,我正在尝试创建用于创建 Spot 实例的服务角色,请告诉我我应该为 Spot 实例使用的服务名称是什么? Service: "ec2.amazonaws.com" 是否有助于创建 spot 实例?
我还注意到在 aws 控制台中,我们可以选择 select ec2 spot 实例的用例。 terraform 是否也可以选择 select 用例?
Terraform 版本:Terraform v0.11.0
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Principal": {"Service": "ec2.amazonaws.com"},
"Action": "sts:AssumeRole"
}
}
您所拥有的是为 EC2 实例创建实例配置文件以担任 IAM 角色的步骤的一部分(下面的第 3 步)。
- 为角色创建 IAM 策略。
- 创建 IAM 角色并附加策略。
- 授予 EC2 实例代入角色的权限。
resource "aws_iam_role_policy" "test_policy" {
name = "test_policy"
role = "${aws_iam_role.test_role.id}"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
EOF
}
resource "aws_iam_role" "test_role" {
name = "test_role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}
resource "aws_spot_fleet_request" "cheap_compute" {
iam_fleet_role = "arn:aws:iam::12345678:role/spot-fleet"
spot_price = "0.03"
allocation_strategy = "diversified"
target_capacity = 6
valid_until = "2019-11-04T20:44:20Z"
launch_specification {
instance_type = "m4.10xlarge"
ami = "ami-1234"
spot_price = "2.793"
placement_tenancy = "dedicated"
}
launch_specification {
instance_type = "m4.4xlarge"
iam_instance_profile = "${aws_iam_role.test_role.name}"
ami = "ami-5678"
key_name = "my-key"
spot_price = "1.117"
availability_zone = "us-west-1a"
subnet_id = "subnet-1234"
weighted_capacity = 35
root_block_device {
volume_size = "300"
volume_type = "gp2"
}
tags {
Name = "spot-fleet-example"
}
}
}
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html
https://www.terraform.io/docs/providers/aws/r/instance.html#iam_instance_profile
https://www.terraform.io/docs/providers/aws/r/iam_role_policy.html
https://www.terraform.io/docs/providers/aws/r/spot_fleet_request.html
我是 Terraform 的新手,我正在尝试创建用于创建 Spot 实例的服务角色,请告诉我我应该为 Spot 实例使用的服务名称是什么? Service: "ec2.amazonaws.com" 是否有助于创建 spot 实例?
我还注意到在 aws 控制台中,我们可以选择 select ec2 spot 实例的用例。 terraform 是否也可以选择 select 用例?
Terraform 版本:Terraform v0.11.0
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Allow",
"Principal": {"Service": "ec2.amazonaws.com"},
"Action": "sts:AssumeRole"
}
}
您所拥有的是为 EC2 实例创建实例配置文件以担任 IAM 角色的步骤的一部分(下面的第 3 步)。
- 为角色创建 IAM 策略。
- 创建 IAM 角色并附加策略。
- 授予 EC2 实例代入角色的权限。
resource "aws_iam_role_policy" "test_policy" {
name = "test_policy"
role = "${aws_iam_role.test_role.id}"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"ec2:Describe*"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
EOF
}
resource "aws_iam_role" "test_role" {
name = "test_role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}
resource "aws_spot_fleet_request" "cheap_compute" {
iam_fleet_role = "arn:aws:iam::12345678:role/spot-fleet"
spot_price = "0.03"
allocation_strategy = "diversified"
target_capacity = 6
valid_until = "2019-11-04T20:44:20Z"
launch_specification {
instance_type = "m4.10xlarge"
ami = "ami-1234"
spot_price = "2.793"
placement_tenancy = "dedicated"
}
launch_specification {
instance_type = "m4.4xlarge"
iam_instance_profile = "${aws_iam_role.test_role.name}"
ami = "ami-5678"
key_name = "my-key"
spot_price = "1.117"
availability_zone = "us-west-1a"
subnet_id = "subnet-1234"
weighted_capacity = 35
root_block_device {
volume_size = "300"
volume_type = "gp2"
}
tags {
Name = "spot-fleet-example"
}
}
}
https://docs.aws.amazon.com/IAM/latest/UserGuide/id_roles_use_switch-role-ec2.html
https://www.terraform.io/docs/providers/aws/r/instance.html#iam_instance_profile
https://www.terraform.io/docs/providers/aws/r/iam_role_policy.html
https://www.terraform.io/docs/providers/aws/r/spot_fleet_request.html