EC2 资源的 Terraform 动态标记失败，带有 `Blocks of type "标记“不在此处”

Question

➜ terraform -v  
Terraform v0.12.24
+ provider.aws v2.60.0

我的地形 example.tf:

locals {
  standard_tags = {
    team        = var.team
    project     = var.project
    component   = var.component
    environment = var.environment
  }
}

provider "aws" {
  profile = "profile"
  region  = var.region
}

resource "aws_key_pair" "security_key" {
  key_name   = "security_key"
  public_key = file(".ssh/key.pub")
}

# New resource for the S3 bucket our application will use.
resource "aws_s3_bucket" "project_bucket" {
  # NOTE: S3 bucket names must be unique across _all_ AWS accounts, so
  # this name must be changed before applying this example to avoid naming
  # conflicts.
  bucket = "project-bucket"
  acl    = "private"
}


resource "aws_security_group" "ssh_allow" {
  name = "allow-all-ssh"
  ingress {
    cidr_blocks = [
      "0.0.0.0/0"
    ]
    from_port = 22
    to_port   = 22
    protocol  = "tcp"
  }
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

resource "aws_security_group" "http_allow" {
  name = "allow-all-http"
  ingress {
    cidr_blocks = [
      "0.0.0.0/0"
    ]
    from_port = 80
    to_port   = 80
    protocol  = "tcp"
  }
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}


resource "aws_instance" "example" {
  ami             = "ami-08ee2516c7709ea48"
  instance_type   = "t2.micro"
  security_groups = [aws_security_group.ssh_allow.name, aws_security_group.http_allow.name]
  key_name        = aws_key_pair.security_key.key_name

  connection {
    type        = "ssh"
    user        = "centos"
    private_key = file(".ssh/key")
    host        = self.public_ip
  }


  provisioner "local-exec" {
    command = "echo ${aws_instance.example.public_ip} > ip_address.txt"
  }

  provisioner "remote-exec" {
    inline = [
      "sudo yum -y install nginx",
      "sudo systemctl start nginx"
    ]
  }

  depends_on = [aws_s3_bucket.project_bucket, aws_key_pair.security_key]

  dynamic "tag" {
    for_each = local.standard_tags

    content {
      key                 = tag.key
      value               = tag.value
      propagate_at_launch = true
    }
  }

}

当我运行 terraform plan

我收到以下错误:

➜ terraform plan

Error: Unsupported block type

  on example.tf line 94, in resource "aws_instance" "example":
  94:   dynamic "tag" {

Blocks of type "tag" are not expected here.

Answer 1

aws_instance 资源类型的架构中没有定义名为 tag 的 block 类型。 有一个名为 tags 的参数，我认为这是获得您在这里寻找的结果的方法:

  tags = local.standard_tags

我想你会想到 aws_autoscaling_group 中的 tag block ，这不同于 AWS 提供商资源中 tags 参数的通常设计，因为对于这种资源类型，每个标签都具有附加属性 propagate_at_launch。该属性仅适用于自动缩放组，因为它决定了从自动缩放组启动的实例是否会从该组本身继承特定标签。