我正在关注这个文档
https://www.terraform.io/docs/providers/aws/d/kms_secrets.html
因为我想以加密格式存储 mysql 密码
看起来不错
$ aws kms encrypt --key-id arn:aws:kms:us-west-2:>id>:key/7e791977-123456 --plaintext fileb:///tmp/dbpass --output text --query CiphertextBlob
现在,当我尝试在我的代码中使用基于上述文档的代码时
data "aws_kms_secret" "rds" {
secret {
name = "db-password"
payload = "pay load here"
}
}
我的地形代码片段
resource "aws_db_instance" "my-test-sql" {
instance_class = "${var.db_instance}"
engine = "mysql"
engine_version = "5.7"
multi_az = true
storage_type = "gp2"
allocated_storage = 20
name = "mytestrds"
username = "admin"
password = "${data.aws_kms_secret.rds.db-password}"
由于此错误而失败
Error: Unsupported attribute
on rds/main.tf line 16, in resource "aws_db_instance" "my-test-sql":
16: password = "${data.aws_kms_secret.rds.db-password}"
This object has no argument, nested block, or exported attribute
named "db-password".
$ terraform version
Terraform v0.12.13
有人在使用 Terraform 0.12 版本时遇到过类似的问题/错误吗?
更新
我甚至尝试了文档中的建议
password = "${data.aws_kms_secret.rds.plaintext["db-password"]}"
但由于不同的错误而失败
Error: Unsupported attribute
on rds/main.tf line 14, in resource "aws_db_instance" "my-test-sql":
14: password = "${data.aws_kms_secret.rds.plaintext["db-password"]}"
This object has no argument, nested block, or exported attribute named "plaintext".
答案1
根据您链接到的相同文档,您应该使用它${data.aws_kms_secret.rds.plaintext["db-password"]}来访问秘密。