Я пытаюсь использовать terraform cloud и не хочу фиксировать ключ S SH внутри репозитория. Моя текущая конфигурация выглядит так:
resource "aws_key_pair" "project" {
key_name = "project"
public_key = file(".ssh/id_rsa.pub")
}
resource "aws_instance" "example" {
ami = "ami-08ee2516c7709ea48"
instance_type = "t2.micro"
security_groups = [
aws_security_group.ssh_allow.name,
aws_security_group.http_allow.name
]
key_name = aws_key_pair.project.key_name
connection {
type = "ssh"
user = "centos"
private_key = file(".ssh/id_rsa")
host = self.public_ip
}
provisioner "remote-exec" {
inline = [
"sudo yum -y install nginx",
"sudo systemctl start nginx"
]
}
lifecycle {
create_before_destroy = true
}
Можно ли ссылаться на файл из удаленного хранилища, например S3?
примерно так:
resource "aws_key_pair" "project" {
key_name = "project"
public_key = s3_file("bucket/ssh/id_rsa.pub")
}
Возможно ли это вообще?
Я пытался использовать данные провайдеры
data "aws_s3_bucket_object" "public_key" {
bucket = "com.project.infrastructure"
key = ".ssh/project.pub"
}
data "aws_s3_bucket_object" "private_key" {
bucket = "com.project.infrastructure"
key = ".ssh/project"
}
resource "aws_key_pair" "project" {
key_name = "project"
public_key = data.aws_s3_bucket_object.public_key.body
}
, но получаю эту ошибку:
Error: "public_key": required field is not set
on example.tf line 28, in resource "aws_key_pair" "project":
28: resource "aws_key_pair" "project" {
AWS учетные данные верны, и я могу загрузить файл из корзины с помощью
aws s3api get-object --bucket com.project.infrastructure --key .ssh/project private_key
Эксперимент с null_resource также не удался
resource "null_resource" "download_key" {
provisioner "local-exec" {
when = create
command = "aws s3api get-object --bucket com.project.infrastructure --key .ssh/project.pub project.pub"
}
provisioner "local-exec" {
when = create
command = "aws s3api get-object --bucket com.project.infrastructure --key .ssh/project project"
}
}
resource "aws_key_pair" "project" {
key_name = "project"
depends_on = [null_resource.download_key]
public_key = file("project.pub")
}
resource "aws_instance" "example" {
ami = "ami-08ee2516c7709ea48"
instance_type = "t2.micro"
security_groups = [
aws_security_group.ssh_allow.name,
aws_security_group.http_allow.name
]
key_name = aws_key_pair.project.key_name
connection {
type = "ssh"
user = "centos"
private_key = file("project")
host = self.public_ip
}
provisioner "local-exec" {
command = "echo ${aws_instance.example.public_ip} > ip_address.txt"
}
provisioner "remote-exec" {
inline = [
"sudo yum -y install nginx",
"sudo systemctl start nginx"
]
}
depends_on = [aws_s3_bucket.saritasa_bucket, aws_key_pair.project]
lifecycle {
create_before_destroy = true
}
tags = module.project_config.tags
}
, тогда я получаю следующую ошибку :
➜ terraform plan
Error: Error in function call
on example.tf line 42, in resource "aws_key_pair" "project":
42: public_key = file("proect.pub")
Call to function "file" failed: no file exists at project.pub.