如何将资源输出(EC2 实例 ID)作为环境变量传递给 Terraform 中的 Lambda 函数?
How do I pass resource output (EC2 Instance ID) as an environment variable to a Lambda function in Terraform?
我有四个文件 ec2.tf、lambda.tf、variables.tf 和 outputs.tf。在 ec2.tf 中创建了一个 EC2 实例,我希望将实例 ID 作为环境变量传递给 Lambda 创建资源。我想通过 variables.tf.
传递实例 ID
# variables.tf
variable "runec2_lambda_env" {
type = map(string)
default = {
# I want to pass the output as environment variable here
instanceid = ""
email = "abc@xyz.com"
}
}
# master/lambda.tf
resource "aws_lambda_function" "runec2" {
filename = "runec2.zip"
function_name = "runec2"
role = aws_iam_role.runec2_exec_role.arn
handler = "runec2.lambda_handler"
source_code_hash = filebase64sha256("runec2.zip")
runtime = "python3.7"
environment {
variables = var.runec2_lambda_env
}
}
# master/outputs.tf
output "server_id" {
value = "${join(", ", aws_instance.automation_server.*.id)}"
}
# outputs.tf
output "public_instance_ids" {
value = "${module.master.server_id}"
}
# master/ec2.tf
resource "aws_instance" "automation_server" {
instance_type = var.instance_type
ami = var.image_id
iam_instance_profile = aws_iam_instance_profile.ec2_profile.name
tags = {
Name = "Automation Server"
}
user_data = data.template_file.user-init.rendered
}
Variables 是您希望能够使用 tfvars 文件或模块参数设置或覆盖的内容。另一个重要的部分是它们不支持插值。
如果你想使用插值那么你需要使用locals。您还可以使用局部变量来提供等价的常量,您可以多次引用但不能像变量一样被覆盖。
所以在这里您可能想重新做一些事情,以便您的 email 变量是可配置的,但您会自动将 EC2 实例 ID 插入到 Lambda 函数的环境变量中。
最简单的选项如下所示:
variable "email" {
default = "abc@xyz.com"
}
resource "aws_lambda_function" "runec2" {
filename = "runec2.zip"
function_name = "runec2"
role = aws_iam_role.runec2_exec_role.arn
handler = "runec2.lambda_handler"
source_code_hash = filebase64sha256("runec2.zip")
runtime = "python3.7"
environment {
variables = {
email = var.email
instanceid = aws_instance.automation_server.arn
}
}
}
如果你真的想将环境变量定义为一个块,那么你可以像这样使用局部变量:
variable "email" {
default = "abc@xyz.com"
}
locals {
runec2_lambda_env = {
email = var.email
instanceid = aws_instance.automation_server.arn
}
}
resource "aws_lambda_function" "runec2" {
filename = "runec2.zip"
function_name = "runec2"
role = aws_iam_role.runec2_exec_role.arn
handler = "runec2.lambda_handler"
source_code_hash = filebase64sha256("runec2.zip")
runtime = "python3.7"
environment {
variables = local.runec2_lambda_env
}
}
我有四个文件 ec2.tf、lambda.tf、variables.tf 和 outputs.tf。在 ec2.tf 中创建了一个 EC2 实例,我希望将实例 ID 作为环境变量传递给 Lambda 创建资源。我想通过 variables.tf.
传递实例 ID# variables.tf
variable "runec2_lambda_env" {
type = map(string)
default = {
# I want to pass the output as environment variable here
instanceid = ""
email = "abc@xyz.com"
}
}
# master/lambda.tf
resource "aws_lambda_function" "runec2" {
filename = "runec2.zip"
function_name = "runec2"
role = aws_iam_role.runec2_exec_role.arn
handler = "runec2.lambda_handler"
source_code_hash = filebase64sha256("runec2.zip")
runtime = "python3.7"
environment {
variables = var.runec2_lambda_env
}
}
# master/outputs.tf
output "server_id" {
value = "${join(", ", aws_instance.automation_server.*.id)}"
}
# outputs.tf
output "public_instance_ids" {
value = "${module.master.server_id}"
}
# master/ec2.tf
resource "aws_instance" "automation_server" {
instance_type = var.instance_type
ami = var.image_id
iam_instance_profile = aws_iam_instance_profile.ec2_profile.name
tags = {
Name = "Automation Server"
}
user_data = data.template_file.user-init.rendered
}
Variables 是您希望能够使用 tfvars 文件或模块参数设置或覆盖的内容。另一个重要的部分是它们不支持插值。
如果你想使用插值那么你需要使用locals。您还可以使用局部变量来提供等价的常量,您可以多次引用但不能像变量一样被覆盖。
所以在这里您可能想重新做一些事情,以便您的 email 变量是可配置的,但您会自动将 EC2 实例 ID 插入到 Lambda 函数的环境变量中。
最简单的选项如下所示:
variable "email" {
default = "abc@xyz.com"
}
resource "aws_lambda_function" "runec2" {
filename = "runec2.zip"
function_name = "runec2"
role = aws_iam_role.runec2_exec_role.arn
handler = "runec2.lambda_handler"
source_code_hash = filebase64sha256("runec2.zip")
runtime = "python3.7"
environment {
variables = {
email = var.email
instanceid = aws_instance.automation_server.arn
}
}
}
如果你真的想将环境变量定义为一个块,那么你可以像这样使用局部变量:
variable "email" {
default = "abc@xyz.com"
}
locals {
runec2_lambda_env = {
email = var.email
instanceid = aws_instance.automation_server.arn
}
}
resource "aws_lambda_function" "runec2" {
filename = "runec2.zip"
function_name = "runec2"
role = aws_iam_role.runec2_exec_role.arn
handler = "runec2.lambda_handler"
source_code_hash = filebase64sha256("runec2.zip")
runtime = "python3.7"
environment {
variables = local.runec2_lambda_env
}
}