我正在嘗試在Terraform中創建一個解決方案,從而可以使用讓我們在S3存儲桶中進行加密或提供自己的TLS證書來創建TLS證書。我面臨的問題是我似乎無法有條件地運行Let's Encrypt證書生成和上傳步驟。terraform中的條件TLS證書管理
如何使最後兩個步驟有條件?我正在考慮將它們包裝在null_resource中,我如何根據外部數據製作觸發器?
任何提示非常感謝!多謝你們。
ň
resource "null_resource" "sync_certs" {
provisioner "local-exec" {
command = "mkdir -p ./tmp/certs"
}
provisioner "local-exec" {
command = "aws s3 sync s3://xxxxxx/${var.root_domain_name}/${var.env_name} ./tmp/certs/ && ls -l ./tmp/certs/"
}
}
resource "tls_private_key" "cert_private_key" {
count = "${var.bank_count}"
algorithm = "RSA"
}
resource "acme_registration" "reg" {
server_url = "${var.acme_url}"
account_key_pem = "${tls_private_key.generated_key.private_key_pem}"
email_address = "xxxxx"
}
resource "acme_certificate" "certificate" {
count = "${var.bank_count}"
server_url = "${var.acme_url}"
account_key_pem = "${tls_private_key.generated_key.private_key_pem}"
common_name = "${var.bank_names[count.index]}.${var.env_name}.${var.root_domain_name}"
dns_challenge {
provider = "route53"
}
registration_url = "${acme_registration.reg.id}"
}
resource "local_file" "privkey" {
count = "${var.bank_count}"
content = "${tls_private_key.generated_key.private_key_pem}"
filename = "./tmp/certs/${var.bank_names[count.index]}.privkey.pem"
}
resource "aws_s3_bucket_object" "tls_private_key_file" {
count = "${var.bank_count}"
bucket = "xxxx"
key = "${var.root_domain_name}/${var.env_name}/${var.bank_names[count.index]}.privkey.pem"
source = "./tmp/certs/${var.bank_names[count.index]}.privkey.pem"
content_type = "text/plain"
depends_on = ["local_file.privkey"]
}
}