我有以下 YAML 配置文件:
AWSConfig:
conformance_pack_templates:
- Operational_Best_Practices_test1:
- excluded_accounts:
- "closed"
- "staging"
- Operational_Best_Practices_test2:
- excluded_accounts:
- "opened"
我想獲取我的所有“排除”帳戶ID,AWS organization其中包括列表中指定的名稱。
我使用data.aws_organizations_organization.org.accounts獲得下的所有賬戶的細節AWS organization。
的data source輸出是:
([{
"arn" = "arn:aws:organizations::example1:account/f-432145321/example"
"email" = "[email protected]"
"id" = "543632464532"
"name" = "closed"
"status" = "SUSPENDED"
},
{
"arn" = "arn:aws:organizations::example2:account/f-43214431/example"
"email" = "[email protected]"
"id" = "45321534214"
"name" = "closed"
"status" = "SUSPENDED"
},
])
我需要使用列表中指定的名稱過濾所有帳戶,並獲取以下對象格式輸出列表:
[
{ template = Operational_Best_Practices_test1,
excluded_accounts = [ 543632464532, 45321534214, 54325413421 ]},
{ template = Operational_Best_Practices_test2,
excluded_accounts = [ 65465554365, 654365436543 ]}
]
您可以使用帶有條件和contains函數的for來實現此目的。
鑑於:
variable "accounts" {
default = [{
"arn" = "arn:aws:organizations::example1:account/f-432145321/example"
"email" = "[email protected]"
"id" = "543632464532"
"name" = "closed"
"status" = "SUSPENDED"
},
{
"arn" = "arn:aws:organizations::example2:account/f-43214431/example"
"email" = "[email protected]"
"id" = "45321534214"
"name" = "closed"
"status" = "SUSPENDED"
},
{
"arn" = "arn:aws:organizations::example3:account/f-43214431/example"
"email" = "[email protected]"
"id" = "45321534215"
"name" = "opened"
"status" = "OPENED"
},
]
}
output "test" {
value = {
for rules in "${yamldecode(file("aws_config.yml")).AWSConfig.conformance_pack_templates}" :
keys(rules).0 => [
for account in var.accounts :
account.id
if contains(rules[keys(rules).0].0.excluded_accounts, account.name)
]
}
}
這產生:
test = {
"Operational_Best_Practices_test1" = [
"543632464532",
"45321534214",
]
"Operational_Best_Practices_test2" = [
"45321534215",
]
}
這就是說,如果您是 YAML 的所有者並且您可以稍微更改它的結構,將您的一些列表轉換為字典,如下所示:
AWSConfig:
conformance_pack_templates:
Operational_Best_Practices_test1:
excluded_accounts:
- "closed"
- "staging"
Operational_Best_Practices_test2:
excluded_accounts:
- "opened"
您可以通過刪除keys函數的需要來簡化 terraform 代碼:
output "test" {
value = {
for label, rule in "${yamldecode(file("aws_config.yml")).AWSConfig.conformance_pack_templates}" :
label => [
for account in var.accounts :
account.id
if contains(rule.excluded_accounts, account.name)
]
}
}
本文收集自互联网,转载请注明来源。
如有侵权,请联系 [email protected] 删除。
我来说两句