1. 首页
  2. 问答
  3. Terraform上的AWS Lambda VPC

Terraform上的AWS Lambda VPC

2017-04-24 147 views
6

使用terraform 0.9.3创建AWS Lambda函数时,我无法将其加入到我选择的VPC中。Terraform上的AWS Lambda VPC

这是我的函数看起来像:

resource "aws_lambda_function" "lambda_function" { 
    s3_bucket  = "${var.s3_bucket}" 
    s3_key   = "${var.s3_key}" 
    function_name = "${var.function_name}" 
    role    = "${var.role_arn}" 
    handler   = "${var.handler}" 

    runtime   = "${var.runtime}" 
    timeout   = "30" 
    memory_size  = 256 
    publish   = true 

    vpc_config { 
     subnet_ids = ["${var.subnet_ids}"] 
     security_group_ids = ["${var.security_group_ids}"] 
    } 
}

的政策我使用的角色是

data "aws_iam_policy_document" "lambda-policy_policy_document" { 
     statement { 
      effect = "Allow" 
      actions = [ 
      "ec2:DescribeSecurityGroups", 
      "ec2:DescribeSubnets", 
      "ec2:DescribeVpcs", 
      "logs:CreateLogGroup", 
      "logs:CreateLogStream", 
      "logs:PutLogEvents", 
      "ec2:CreateNetworkInterface", 
      "ec2:DescribeNetworkInterfaces", 
      "ec2:DeleteNetworkInterface" 
     ] 
     resources = ["*"] 
    } 
}

资源创建就好了,如果我尝试添加VPC并通过AWS控制台的子网,这一切都可以解决。

更新(创建计划):

module.******.aws_lambda_function.lambda_function 
arn:         "<computed>" 
environment.#:      "1" 
environment.0.variables.%:   "1" 
environment.0.variables.environment: "******" 
function_name:      "******" 
handler:        "******" 
last_modified:      "<computed>" 
memory_size:       "256" 
publish:        "true" 
qualified_arn:      "<computed>" 
role:        "******" 
runtime:        "******" 
s3_bucket:       "******" 
s3_key:        "******" 
source_code_hash:     "<computed>" 
timeout:        "30" 
version:        "<computed>" 
vpc_config.#:      "1" 
vpc_config.0.vpc_id:     "<computed>"

不过,如果我再次运行terraform计划,VPC配置总是改变。

vpc_config.#: "0" => "1" (forces new resource)

来源

2017-04-24 joaofs

+0

当您没有Lambda功能时,您可以显示计划输出吗? – ydaetskcoR

+0

@ydaetskcoR刚更新了创作计划 – joaofs

+1

这对我来说看起来不对。我刚刚计划了自己的Lambda函数中的一个,这些函数恰好位于VPC中,并且我在计划中看到了计划未显示的安全组ID和子网ID的额外行。例如:'vpc_config.0.subnet_ids.1220732747:“subnet-12345678”'。你有没有检查你的子网ID和安全组ID是否正确传入? – ydaetskcoR

回答

0

有一个映射丢失到lambda模块。修复它之后,该计划应该如何适用于VPC配置:

vpc_config.#:        "1" 
vpc_config.0.security_group_ids.#:   "1" 
vpc_config.0.security_group_ids.571116572: "******" 
vpc_config.0.subnet_ids.#:     "3" 
vpc_config.0.subnet_ids.1396457994:  "****" 
vpc_config.0.subnet_ids.1722519307:  "****" 
vpc_config.0.subnet_ids.830820656:   "****" 
vpc_config.0.vpc_id:      "<computed>"

来源

2017-04-25 08:38:02 joaofs

相关问题

 相关问题