3、aws-alb-controller子模块:默认集群是没有alb controller,如果发布服务使用ingress需要安装aws alb controller,该模块调用aws iam role和helm及k8s provider创建安装aws alb controller需要的 iam role及service account并用helm安装驱动; root模块 root目录下main.tf文件调用三个子模块相互合作,共通完成vpc、eks集群创...
description = "The desired capacity is the initial capacity of the Auto Scaling group at the time of its creation and the capacity it attempts to maintain. see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-desiredcapacitytype, The defa...
description = "The desired capacity is the initial capacity of the Auto Scaling group at the time of its creation and the capacity it attempts to maintain. see https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-as-group.html#cfn-as-group-desiredcapacitytype, The defa...
默认会创建名为 shardingsphere-proxy.log 的 log_group,CloudWatch 的具体配置见 [5]。 resource "aws_iam_role" "sts" { name = "shardingsphere-proxy-sts-role" assume_role_policy = <<EOF { "Version": "2012-10-17", "Statement": [ { "Action": "sts:AssumeRole", "Principal": { "Service...
provider"aws"{access_key="${var.access_key}"secret_key="${var.secret_key}"region="${var.region}"} 变量赋值 前面我们声明了变量,但是还没有给变量赋值,无法真正使用。给变量赋值,有以下几种方法,下面几种方法按照变量赋值的优先顺序排序。
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": [ "logs:CreateLogGroup", "logs:CreateLogStream", "logs:PutLogEvents" ], "Resource": "arn:aws:logs:*:*:*" }, { "Effect": "Allow", "Action": [ "ec2:Start*", "ec2:Stop*", "ec2:DescribeInstances...
security_acc_kms_key_alias– 用於加密 GuardDuty 調查結果之金鑰的 AWS KMS 別名。 s3_access_log_bucket_name– 預先存在的 S3 儲存貯體名稱,您要收集用於 GuardDuty 調查結果的 S3 儲存貯體的存取日誌。此儲存貯體應與 GuardDuty 調查結果儲存貯體位於相同的 AWS 區域...
bucket = aws_s3_bucket.iotdemo_s3_bucket.id block_public_acls = true block_public_policy = true ignore_public_acls = true restrict_public_buckets = true } 创建IoT规则以及IAM权限到Firehose 在Amazon IoT规则引擎中创建一个IoT规则操作,将原始数据路由到Kinesis Data Firehose,通过Firehose将这些...
zone_id =data.aws_route53_zone.zone.zone_id name ="zk-${count.index +1}"type ="A"ttl =60records = element(aws_network_interface.zk.*.private_ips, count.index) } 复制代码 定义输出 在成功运行terraform apply后会输出 ZooKeeper 服务实例的 IP 及对应的域名。
git clone https://github.com/build-on-aws/automating-amazon-guardduty-with-iac.git 2.4.切换至automating-amazon-guardduty-with-iac目录,依次执行terraform init、terraform plan和terraform apply命令。 Terraform 将在 US-WEST-2 区域应用配置,而 CloudFormation 模板是在 US-WEST-1 区域创建了 Cloud9 实例...