Использование модулей Terraform для нескольких региональных шлюзов API - PullRequest
0 голосов
/ 02 сентября 2018

Я использую terraform для создания инфраструктуры aws с 4 региональными шлюзами API с соответствующей динамической базой данных в этом регионе.

Я хочу создать один модуль, состоящий из (API + динамо) с настраиваемыми значениями, специфичными для региона. Это возможно с терраформ? Или мне нужно создать 4 отдельных API + 4 отдельных ресурса DynamodB.

Любые ссылки или документация также будут полезны.

В настоящее время работает для регионального API-шлюза и соответствующего DynamodB.

    variable "access_key" {}
variable "secret_key" {}

provider "aws" {
  access_key = "${var.access_key}"
  secret_key = "${var.secret_key}"
  alias  = "us-east-1"
  region = "us-east-1"
}

provider "aws" {
  access_key = "${var.access_key}"
  secret_key = "${var.secret_key}"
  alias  = "us-west-2"
  region = "us-west-2"
}

resource "aws_dynamodb_table" "us-east-1" {
  provider = "aws.us-east-1"

  hash_key         = "test_tf"
  name             = "test_tf"
  stream_enabled   = true
  stream_view_type = "NEW_AND_OLD_IMAGES"
  read_capacity    = 1
  write_capacity   = 1

  attribute {
    name = "test_tf"
    type = "S"
  }

}

resource "aws_dynamodb_table" "us-west-2" {
  provider = "aws.us-west-2"

  hash_key         = "test_tf"
  name             = "test_tf"
  stream_enabled   = true
  stream_view_type = "NEW_AND_OLD_IMAGES"
  read_capacity    = 1
  write_capacity   = 1

  attribute {
    name = "test_tf"
    type = "S"
  }
}

resource "aws_dynamodb_global_table" "test_tf" {
  depends_on = ["aws_dynamodb_table.us-east-1", "aws_dynamodb_table.us-west-2"]
  provider   = "aws.us-east-1"

  name = "test_tf"

  replica {
    region_name = "us-east-1"
  }

  replica {
    region_name = "us-west-2"
  }
}

resource "aws_api_gateway_rest_api" "test-us-east-1" {
  name        = "test-us-east-1"

  endpoint_configuration {
    types = ["REGIONAL"]
  }
}

resource "aws_api_gateway_resource" "sample_test" {
  rest_api_id = "${aws_api_gateway_rest_api.test-us-east-1.id}"
  parent_id   = "${aws_api_gateway_rest_api.test-us-east-1.root_resource_id}"
  path_part   = "{testid}"
}

resource "aws_api_gateway_method" "sample_get" {
  rest_api_id   = "${aws_api_gateway_rest_api.test-us-east-1.id}"
  resource_id   = "${aws_api_gateway_resource.sample_test.id}"
  http_method   = "GET"
  authorization = "NONE"
}

resource "aws_api_gateway_deployment" "Deployment" {
  depends_on  = ["aws_api_gateway_method.sample_get"]
  rest_api_id = "${aws_api_gateway_rest_api.test-us-east-1.id}"
  stage_name  = "test"
}

resource "aws_api_gateway_integration" "test" {
  rest_api_id = "${aws_api_gateway_rest_api.test-us-east-1.id}"
  resource_id = "${aws_api_gateway_resource.sample_test.id}"
  http_method = "${aws_api_gateway_method.sample_get.http_method}"
  integration_http_method = "POST"
  type        = "AWS"
  uri         = "arn:aws:apigateway:us-east-1:dynamodb:action/GetItem"
  credentials = "${aws_iam_role.apiGatewayDynamoDbAccessRole.arn}"
  passthrough_behavior = "WHEN_NO_TEMPLATES"

  request_templates = {
    "application/json" = <<EOF
    {     
      "TableName": "test_tf",     
      "Key": 
      {         
        "test_tf": 
          {             
            "S": "$input.params('testid')"         
            }     
        } 
    }
    EOF
  }
}


resource "aws_iam_policy" "api_dbaccess_policy" {
  name = "api_dbaccess_policy"
  policy = "${file("api-dynamodb-policy.json")}"

  depends_on = [ 
    "aws_dynamodb_table.us-east-1"
  ]
}
resource "aws_iam_role" "apiGatewayDynamoDbAccessRole" {
  name = "apiGatewayDynamoDbAccessRole"
  assume_role_policy = "${file("assume-role-policy.json")}"
  depends_on = [ 
    "aws_dynamodb_table.us-east-1"
  ]
}
resource "aws_iam_policy_attachment" "api-dbaccess-policy-attach" {
  name       = "api-dbaccess-policy-attachment"
  roles      = ["${aws_iam_role.apiGatewayDynamoDbAccessRole.name}"]
  policy_arn = "${aws_iam_policy.api_dbaccess_policy.arn}"
}

resource "aws_api_gateway_method_response" "200" {
  rest_api_id = "${aws_api_gateway_rest_api.test-us-east-1.id}"
  resource_id = "${aws_api_gateway_resource.sample_test.id}"
  http_method = "${aws_api_gateway_method.sample_get.http_method}"
  status_code = "200"
}

resource "aws_api_gateway_integration_response" "us-east-1-response" {
  rest_api_id = "${aws_api_gateway_rest_api.test-us-east-1.id}"
  resource_id = "${aws_api_gateway_resource.sample_test.id}"
  http_method = "${aws_api_gateway_method.sample_get.http_method}"
  status_code = "${aws_api_gateway_method_response.200.status_code}"

  response_templates = {
      "application/json" = <<EOF
      {     
        #set($sampletest = $input.path('Item.test_tf.S'))
        "test": #if ($sampletest && $sampletest != '')
                      true
                    #else
                      false
                    #end       
      }
      EOF
  }
}

1 Ответ

0 голосов
/ 03 сентября 2018

Да, это возможно с Terraform.

В корневом модуле вы определяете 4 провайдеров AWS, присваивая псевдоним каждому:

provider "aws" {
  alias  = "oregon"
  region = "us-west-2"
}

provider "aws" {
  alias  = "virginia"
  region = "us-east-1"
}

Затем, когда вы создаете экземпляры своих модулей, вместо того, чтобы полагаться на наследование провайдера, вы явно передаете провайдера псевдоним:

module "api_gateway" {
  source    = "./api_gateway"
  providers = {
    aws = "aws.oregon"
  }
}

Промыть и повторить 4 раза для каждого региона.

Вы можете найти документы здесь: https://www.terraform.io/docs/modules/usage.html

...