![首頁 Logo Keith ]p !!](/themes/mytheme/logo.png){kind=logo}
防止 Project 使用錯 Login
provider "aws" {
region = "eu-west-1"
allowed_account_ids = var.allowed_account_ids
}allowed_account_ids
List of allowed AWS account IDs to prevent you from mistakenly using an incorrect one (and potentially end up destroying a live environment).
How-to output sensitive data
[方法1]
output "app_s3_user_secret" {
value = aws_iam_access_key.app_s3.secret
sensitive = true
}terraform output -raw app_s3_user_secret
[方法2]
output "token_value" {
value = nonsensitive(tfe_team_token.test.token)
}
Keep EIP after "terraform dstroy"
A) Create the EIP outside of terraform
B) Create it in terraform and then remove it from the state
A) Scenarios: EIPs are pre-existing
1. 用 CLI 獲得/查看 EIP 的 AllocationId (eipalloc-XXX)
2. main.tf
resource "aws_eip_association" "lab1_app_eip_assoc" {
network_interface_id = aws_network_interface.lab1_app_eni.id
allocation_id = "eipassoc-XXXX"
allow_reassociation = false
}說明
allow_reassociation (Default: true)
Whether to allow an Elastic IP to be re-associated
指定 EIP 去那裡
network_interface_id / instance_id
B)
Terraform will no longer be managing it, and thus won't try to destroy it.
terrafrom state rm ...
If you want to reattach it, you then have to import it.
Import
# EIP Assocations can be imported using their association ID.
terraform import aws_eip_association.test eipassoc-XXXX
Resource
建議
Use _ (underscore) instead of - (dash)
Do not repeat resource type in resource name
resource "aws_route_table" "public" {}Resource name should be named `this` if there is no more descriptive and general name available
Use "-" inside arguments values and in places where value will be exposed to a human
Include argument "count" / "for_each" inside resource as the first argument at the top and separate by newline after it.
