我正在使用 terraform 创建任务定义,容器需要一些存储在 SSM 参数存储中的变量。我通过路径获取它们,但是当我将它们设置为任务定义时,我收到此错误:
创建 ECS 任务定义(超集):ClientException:环境变量名称不能为 null 或空白
我的代码
data "aws_ssm_parameters_by_path" "superset_prod" {
path = "/prod/superset/"
recursive = true
}
resource "aws_ecs_task_definition" "superset_task_definition" {
family = "superset"
execution_role_arn = aws_iam_role.ecs_task_execution_role.arn
task_role_arn = aws_iam_role.ecs_task_role.arn
requires_compatibilities = ["FARGATE"]
memory = 1024
cpu = 512
network_mode = "awsvpc"
container_definitions = jsonencode([
{
name = local.services.superset_app.service_name
image = local.superset_image
memory = 1024
user = "root"
command = ["/app/docker/docker-bootstrap.sh", "app-gunicorn"]
cpu = 512
essential = true
portMappings = [
{
containerPort = local.services.superset_app.port
hostPort = local.services.superset_app.port
protocol = "tcp"
}
],
environment = [
data.aws_ssm_parameters_by_path.superset_prod
]
secrets = []
logConfiguration = {
logDriver = "awsfirelens",
options = {
Name = "es"
Cloud_ID = var.elastic_cloud_id
Index = "filebeat-8.6.1"
tls = "On"
"tls.verify" = "Off"
Tag_Key = "tags"
Include_Tag_Key = "true"
Retry_Limit = "10"
Suppress_Type_Name = "On"
Trace_Output = "On" # DEBUG
Trace_Error = "On" # DEBUG
Replace_Dots = "On"
}
secretOptions = []
},
mountPoints = [],
volumesFrom = [],
dependsOn = []
},
tags = {
environment = local.environment
}
}
如何设置容器环境变量中的所有参数?
根据您的问题,我想说您想直接使用参数的 ARN,如下所示:
resource "aws_ecs_task_definition" "superset_task_definition" {
family = "superset"
execution_role_arn = aws_iam_role.ecs_task_execution_role.arn
task_role_arn = aws_iam_role.ecs_task_role.arn
requires_compatibilities = ["FARGATE"]
memory = 1024
cpu = 512
network_mode = "awsvpc"
container_definitions = jsonencode([
{
name = local.services.superset_app.service_name
image = local.superset_image
memory = 1024
user = "root"
command = ["/app/docker/docker-bootstrap.sh", "app-gunicorn"]
cpu = 512
essential = true
portMappings = [
{
containerPort = local.services.superset_app.port
hostPort = local.services.superset_app.port
protocol = "tcp"
}
],
secrets = [
{
name = "<environment_variable_name>"
valueFrom = "arn:aws:ssm:<region>:<aws_account_id>:parameter/<parameter_name>"
}
]
logConfiguration = {
logDriver = "awsfirelens",
options = {
Name = "es"
Cloud_ID = var.elastic_cloud_id
Index = "filebeat-8.6.1"
tls = "On"
"tls.verify" = "Off"
Tag_Key = "tags"
Include_Tag_Key = "true"
Retry_Limit = "10"
Suppress_Type_Name = "On"
Trace_Output = "On" # DEBUG
Trace_Error = "On" # DEBUG
Replace_Dots = "On"
}
secretOptions = []
},
mountPoints = [],
volumesFrom = [],
dependsOn = []
},
tags = {
environment = local.environment
}
}
请记住,任务角色需要具有正确定义的权限才能正常工作。