variable \"test\" {\r\n type = string\r\n}\r\n<\/code><\/pre>\n\u5173\u4e8e\u6bcf\u4e2a\u533a\u5757<\/h1>\n\u2460terraform\u5757<\/h2>\n
Terraform\u7684\u5b9a\u4e49\u5757\u672c\u8eab<\/p>\n
terraform<\/span> {<\/span>\r\n required_version<\/span> =<\/span> \">=1.1\"<\/span>\r\n required_providers<\/span> {<\/span>\r\n aws<\/span> =<\/span> {<\/span>\r\n source<\/span> =<\/span> \"hashicorp\/aws\"<\/span>\r\n version<\/span> =<\/span> \"~>3.0\"<\/span>\r\n }<\/span>\r\n }<\/span>\r\n backend<\/span> \"s3\"<\/span> {<\/span>\r\n bucket<\/span> =<\/span> \"manage-bucket-sample\"<\/span>\r\n key<\/span> =<\/span> \"terraform.tfstate\"<\/span>\r\n region<\/span> =<\/span> \"ap-northeast-1\"<\/span>\r\n profile<\/span> =<\/span> \"terraform\"<\/span>\r\n }<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n\u6240\u9700\u7248\u672c\uff1a\u8bbe\u7f6eTerraform\u7684\u7248\u672c
\n\u6240\u9700\u63d0\u4f9b\u8005\uff1a\u8bbe\u7f6e\u6240\u9700\u63d0\u4f9b\u8005\uff08\u57fa\u7840\u8bbe\u65bd\u5e73\u53f0\uff09
\n\u203b\u6b64\u5757\u662f\u4e00\u4e2a\u7ea6\u5b9a\u4fd7\u6210\u7684\u6587\u672c\u3002<\/p>\n
\u2461 \u4f9b\u5e94\u5546\u533a\u5757<\/h2>\nprovider<\/span> \"aws\"<\/span> {<\/span>\r\n profile<\/span> =<\/span> \"terraform\"<\/span>\r\n region<\/span> =<\/span> var<\/span>.<\/span>region<\/span>\r\n access_key<\/span> =<\/span> var<\/span>.<\/span>access_key<\/span>\r\n secret_key<\/span> =<\/span> var<\/span>.<\/span>secret_key<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n\u8bf7\u5c06[terraform]\u5728\u201c$ vim ~\/.aws\/credential\u201d\u4e2d\u8fdb\u884c\u7684\u66f4\u6539\u4e0e\u4ee5\u4e0b\u914d\u7f6e\u76f8\u5339\u914d\u3002
\n* \u8f93\u5165\u76f8\u540c\u7684\u503c\u3002
\n\u533a\u57df\uff1aap-northeast-1\uff08*\u4e1c\u4eac\uff09
\n\u8bbf\u95ee\u5bc6\u94a5\uff1a\u81ea\u5df1\uff08IAM\u7528\u6237\uff09\u7684\u8bbf\u95ee\u5bc6\u94a5\uff08\u4f8b\u5982\uff1aAIUGW&78SA69AS\uff09
\n\u79d8\u5bc6\u5bc6\u94a5\uff1a\u81ea\u5df1\uff08IAM\u7528\u6237\uff09\u7684\u79d8\u5bc6\u5bc6\u94a5\uff08\u4f8b\u5982\uff1ajr232vvrkng323bfvt2tfw4\uff09<\/p>\n
\u203b \u4ec5\u63d0\u4f9b\u4e00\u79cd\u9009\u9879\uff0c\u4ee5\u4e0b\u662f\u4e2d\u6587\u672c\u5730\u5316\u7684\u91ca\u4e49\uff1a<\/p>\n
\u2462\u8d44\u6e90\u533a\u5757<\/h2>\n
\u57fa\u7840\u8bbe\u65bd\u670d\u52a1\u8d44\u6e90\u5b9a\u4e49\u5757 (j\u012b ch\u01d4 sh\u00e8 sh\u012b f\u00fa w\u00f9 z\u012b y\u00ec<\/p>\n
resource<\/span> \"aws_s3_bucket\"<\/span> \"s3-private-bucket\"<\/span> {<\/span>\r\n bucket<\/span> =<\/span> \"${var.project}-${var.enviroment}-private-bucket-328674\"<\/span>\r\n acl<\/span> =<\/span> \"private\"<\/span>\r\n # Manege version of S3 source<\/span>\r\n versioning<\/span> {<\/span>\r\n enabled<\/span> =<\/span> false<\/span>\r\n }<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\naws_s3_bucket\uff1a\u8d44\u6e90\u7c7b\u578b
\n\u6307\u5b9a\u4e86\u7279\u5b9a\u7684\u7c7b\u578b\uff0c\u9700\u8981\u5199\u660e\u6240\u8981\u5b9a\u4e49\u7684\u7c7b\u578b\u3002
\ns3-private-bucket\uff1a\u672c\u5730\u540d\u79f0
\n\u4e3a\u7c7b\u578b\u5206\u914d\u7279\u5b9a\u7684\u540d\u79f0\u3002\u81ea\u884c\u51b3\u5b9a\u540d\u79f0\u5e76\u5199\u660e\u3002
\nbucket\uff1aS3\u5b58\u50a8\u6876\u540d\u79f0
\n${var.project} \u662f\u4e00\u4e2a\u53d8\u91cf\u3002\u5b83\u53c2\u8003\u4e86 main.tf \u4e2d\u4f20\u9012\u7684 project\u3002
\n\u5b9e\u9645\u7684\u503c\uff08\u4f8b\u5982\uff1aterraform\uff09\u9700\u8981\u5728 terraform.tfvars \u4e2d\u5199\u660e\u3002
\nmain.tf \u5f15\u7528\u4e86 terraform.tfvars\uff0c\u5c06\u53d8\u91cf\u4f20\u9012\u7ed9 s3.tf\u3002<\/p>\n
\u203b\u4ec5\u63d0\u4f9b\u4e00\u79cd\u9009\u9879\uff0c
\n\u53c2\u8003<\/p>\n
\u2463\u6a21\u5757\u533a\u5757<\/h2>\n
\u5728\u4e3b\u8981\u7684main.tf\u6587\u4ef6\u4e2d\uff0c\u6211\u4eec\u8fdb\u884c\u5404\u4e2a\u6a21\u5757\uff08s3.tf\uff0cglue.tf\u7b49\uff09\u7684\u8c03\u7528\u3002<\/p>\n
module<\/span> \"S3\"<\/span> {<\/span>\r\n source<\/span> =<\/span> \".\/modules\/s3\"<\/span>\r\n project<\/span> =<\/span> var<\/span>.<\/span>project<\/span>\r\n enviroment<\/span> =<\/span> var<\/span>.<\/span>enviroment<\/span>\r\n region<\/span> =<\/span> var<\/span>.<\/span>region<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n\u6e90\uff1a\u6a21\u5757\u7684\u8def\u5f84\u914d\u7f6e
\n\u203b\u6587\u4ef6\u5939\u7ed3\u6784\u793a\u4f8b
\nterraform
\n\u2514main.tf
\n\u2514modules
\n\u2514s3
\n\u2514s3.tf<\/p>\n
\u7ffb\u8bd1\uff1a\u6e90\uff1a\u6a21\u5757\u7684\u8def\u5f84\u914d\u7f6e
\n\u203b\u6587\u4ef6\u5939\u7ed3\u6784\u793a\u4f8b
\nterraform
\n\u2514main.tf
\n\u2514modules
\n\u2514s3
\n\u2514s3.tf<\/p>\n
\u9879\u76ee\uff1a\u9879\u76ee\u540d\u79f0\uff08\u4f8b\u5982\uff1aterraform\uff09
\n\u73af\u5883\uff1a\u73af\u5883\u540d\u79f0\uff08\u4f8b\u5982\uff1a\u5f00\u53d1\u3001\u9636\u6bb5\u3001\u751f\u4ea7\uff09
\n\u5730\u533a\uff1a\u5730\u533a\u540d\u79f0\uff08\u4f8b\u5982\uff1aap-northeast-1\uff08\u4e1c\u4eac\uff09\uff09<\/p>\n
![\"image.png\"](\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d86a8913a08637a6bdbba\/26-0.png\" "\\"\\"")
<\/div>\n\u53c2\u7167<\/p>\n
\u2464\u53d8\u91cf\u6a21\u5757<\/h2>\n
\u8f93\u5165\u53d8\u91cf\u7684\u5b9a\u4e49\u5757
\n\u4e0e\u6bcf\u4e2a\u6a21\u5757\u4e00\u8d77\u4f7f\u7528\u3002\u8bf7\u5728variable.tf\u6587\u4ef6\u4e2d\u8fdb\u884c\u8bb0\u5f55\u3002
\n\u203b\u5c3d\u7ba1\u53ef\u4ee5\u5728s3.tf\u6587\u4ef6\u4e2d\u8fdb\u884c\u8bb0\u5f55\uff0c\u4f46\u5c06\u8f93\u5165\u53d8\u91cf\u7684\u5b9a\u4e49\u4ee3\u7801\u96c6\u4e2d\u5728variable.tf\u6587\u4ef6\u4e2d\u66f4\u6613\u4e8e\u7ba1\u7406\u3002<\/p>\n
variable<\/span> \"region\"<\/span> {<\/span>\r\n type<\/span> =<\/span> string<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\nvariable<\/span> \"enviroment\"<\/span> {<\/span>\r\n type<\/span> =<\/span> string<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n![\"image.png\"](\"https:\/\/cdn.silicloud.com\/blog-img\/blog\/img\/657d86a8913a08637a6bdbba\/33-0.png\" "\\"\\"")
<\/div>\n\u203b\u50c5\u63d0\u4f9b\u4e00\u7a2e\u9078\u64c7\uff1a<\/p>\n
\u8bf7\u53c2\u8003\u3002<\/p>\n
\u6570\u636e\u5757<\/h2>\n
\u5728tf\u6587\u4ef6\u4e2d\u5f15\u5165\u4e0d\u53d7Terraform\u7ba1\u7406\u7684\u8d44\u6e90\u5757\u3002<\/p>\n
\u203b<\/span>aws_iam_policy<\/span>\u30ea\u30bd\u30fc\u30b9\u306e\u8aad\u307f\u8fbc\u307f<\/span>\r\ndata<\/span> \"aws_iam_policy_document\"<\/span> \"lambda\"<\/span> {<\/span>\r\n statement<\/span> {<\/span>\r\n sid<\/span> =<\/span> \"LambdaAssumeRolePolicy\"<\/span>\r\n effect<\/span> =<\/span> \"Allow\"<\/span>\r\n actions<\/span> =<\/span> [<\/span>\"sts:AssumeRole\"<\/span>]<\/span>\r\n principals<\/span> {<\/span>\r\n type<\/span> =<\/span> \"Service\"<\/span>\r\n identifiers<\/span> =<\/span> [<\/span>\r\n \"logs.${var.region}.amazonaws.com\"<\/span>,<\/span>\r\n \"lambda.amazonaws.com\"<\/span>\r\n ]<\/span>\r\n }<\/span>\r\n }<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n\u8bf7\u7528\u4e2d\u6587\u7b80\u6d01\u5730\u8868\u8fbe\u4ee5\u4e0b\u5185\u5bb9\uff1a
\n\u2193<\/p>\n
resource<\/span> \"aws_iam_role\"<\/span> \"lambda\"<\/span> {<\/span>\r\n name<\/span> =<\/span> \"${var.enviroment}-lambda-role\"<\/span>\r\n assume_role_policy<\/span> =<\/span> \"${data.aws_iam_policy_document.lambda.json}\"<\/span> #\u53c2\u7167\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u308b<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n\u53ef\u4ee5\u4f7f\u7528”data.aws_iam_policy_document”\u5c06\u6570\u636e\u5757\u7684\u5b9a\u4e49\u4f5c\u4e3a\u5b9e\u4f8b\u63a5\u6536\uff0c\u8fd9\u6837\u5c31\u4e0d\u9700\u8981\u5728\u591a\u4e2a\u4f4d\u7f6e\u5199\u76f8\u540c\u7684\u4ee3\u7801\u4e86\u3002<\/p>\n
\u203b<\/span>archive_file<\/span>\u30ea\u30bd\u30fc\u30b9\uff08\u751f\u6210\u3057\u305f\u30a2\u30fc\u30ab\u30a4\u30d6\uff09\u3092\u53d6\u308a\u8fbc\u3080<\/span>\r\ndata<\/span> \"archive_file\"<\/span> \"initial_lambda_package\"<\/span> {<\/span>\r\n type<\/span> =<\/span> \"zip\"<\/span>\r\n output_path<\/span> =<\/span> \".\/src\/.temp_files\/lambda.zip\"<\/span>\r\n source<\/span> {<\/span>\r\n content<\/span> =<\/span> \"# empty\"<\/span>\r\n filename<\/span> =<\/span> \"main.py\"<\/span>\r\n }<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n\u53ef\u4ee5\u5f15\u7528\u5230AWS\u7684”archive_file”\u8d44\u6e90\u3002
\n\u5728\u8fd9\u4e2a\u533a\u5757\u4e2d\uff0c\u5f15\u7528\u4e86”archive_file”\u8d44\u6e90\uff0c\u5e76\u5728\u6307\u5b9a\u7684\u76ee\u5f55\u4e0b\u521b\u5efa\u4e86”main.py”\u6587\u4ef6\u3002<\/p>\n
\u203b\u4ec5\u63d0\u4f9b\u4e00\u79cd\u4e2d\u6587\u7ffb\u8bd1\u9009\u9879\uff1a
\n\u8bf7\u53c2\u8003\u4ee5\u4e0b\u5185\u5bb9\u3002<\/p>\n
\u7b2c\u4e03\u8f93\u51fa\u5757<\/h2>\n
\u5c06module\u5185\u7684\u8d44\u6e90\u4fe1\u606f\u5c01\u88c5\u6210block\u4ee5\u4fbf\u4e8e\u5bf9\u5916\u516c\u5f00\u3002<\/p>\n
resource<\/span> \"aws_s3_bucket\"<\/span> \"s3-private-bucket\"<\/span> {<\/span>\r\n bucket<\/span> =<\/span> \"${var.project}-${var.enviroment}-private-bucket-105\"<\/span>\r\n acl<\/span> =<\/span> \"private\"<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n\u8bf7\u5c06\u4ee5\u4e0b\u5185\u5bb9\u4ee5\u4e2d\u6587\u8fdb\u884c\u590d\u8ff0\uff1a<\/p>\n
\u2193
\n\u8bf7\u4ee5\u4e2d\u6587\u8fdb\u884c\u590d\u8ff0\u3002<\/p>\n
output<\/span> \"aws_s3_bucket\"<\/span> {<\/span>\r\n value<\/span> =<\/span> aws_s3_bucket<\/span>.<\/span>s3<\/span>-<\/span>private<\/span>-<\/span>bucket<\/span>.<\/span>id<\/span>\r\n sensitive<\/span> =<\/span> false<\/span> # not external output<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n\u8bf7\u5206\u522b\u4e3e\u51fa\u6bcf\u4e2a\u4eba\u4f5c\u98ce\u53cd\u6620\u51fa\u6765\u7684\u9738\u6c14\u3002
\n\u8bf7\u4ee5\u4ee5\u4e0b\u5f62\u5f0f\u4e3e\u4f8b\uff0c\u4e00\u4e2a\u4eba\uff0c\u4e00\u53e5\u8bdd\uff0c\u77ed\u65f6\u95f4\u5185\u505a\u51fa\u56de\u5e94\u3002
\n\u2193<\/p>\n
module<\/span> \"sfn\"<\/span> {<\/span>\r\n source<\/span> =<\/span> \".\/modules\/sfn\"<\/span>\r\n s3_private_bucket06<\/span> =<\/span> module<\/span>.<\/span>S3<\/span>.<\/span>aws_s3_bucket<\/span>\r\n}<\/span>\r\n<\/code><\/pre>\n