我不熟悉地形,仍然在学习。我知道有一种方法可以将现有基础结构导入terraform并创建状态文件。但是,好像现在我有多个AWS帐户和那些具有多个VPC的帐户中的多个区域一样。我的任务是通过terraform创建vpc流日志。可能吗?如果是这样,请您帮我或指导我如何完成此任务。
有可能,尽管有点混乱。您将需要为您拥有的每个帐户/区域组合创建一个提供程序块(具有唯一的别名)(您可以使用配置文件,但我认为角色是最好的),并在资源中适当选择那些提供程序。
provider "aws" {
alias = "acct1uswest2"
region = "us-west-2"
assume_role {
role_arn = "arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME"
}
}
provider "aws" {
alias = "acct2useast1"
region = "us-east-1"
assume_role {
role_arn = "arn:aws:iam::ACCOUNT_ID:role/ROLE_NAME"
}
}
resource "aws_flow_log" "flow1" {
provider = aws.acct1uswest2
vpc_id = "vpc id in account 1" # you mentioned the vpc already exists, so you can either import the vpc and reference it's .name attribute here, or just put the id in as a string
...
}
resource "aws_flow_log" "flow2" {
provider = aws.acct2useast1
vpc_id = "vpc id in account 2"
...
}