我正在寻找一种将其导入aws_spot_instance_requestTerraform 的方法。
我已经在 AWS 控制台上发出了 Spot 请求,现在我想将此请求放在我的代码中。我怎样才能做到这一点?
在Terraform 文档中,没有提及如何导入它,但有关于如何针对aws_spot_fleet_request进行导入的说明。
我需要检查 Windows Server 实例上正在运行哪些进程,我正在寻找类似于top或 的内容ps -aux,但我只找到了将任务管理器与 GUI 结合使用的参考资料。
在 Windows Server 计算机中通过命令行检查正在运行的进程的最佳方法是什么?
只需使用 Ubuntu 启动一个 EC2 实例,如果它是一个新实例,内核不应该是最新的吗?
运行 a 后sudo apt update && sudo apt install <any-package>,我收到以下消息:
Package configuration
┌───────────────────────┤ Pending kernel upgrade ├───────────────────────┐
│ │
│ Newer kernel available │
│ │
│ The currently running kernel version is 5.15.0-1031-aws which is not │
│ the expected kernel version 5.19.0-1022-aws. │
│ │
│ Restarting the system to load the new kernel will not be handled │
│ automatically, so you should consider rebooting. │
│ │
│ <Ok> │
│ │
└────────────────────────────────────────────────────────────────────────┘
这是正常的吗?如果没有,我该如何避免呢?
我有两个 AWS 账户,每个账户中有一个角色:Account-A有RoleA和Account-B有RoleB。
RoleA 将假定 RoleB 能够通过 连接到 Account-B 中的 EC2 实例ssm start-session。
使用 RoleA,我能够承担 RoleB 并使用 aws cli 描述 Account-B 中的实例,但由于以下错误,我无法启动 ssm 会话:
An error occurred (AccessDeniedException) when calling the TerminateSession operation: User: arn:aws:sts::222222222222:assumed-role/RoleB/RoleB-SSM-test is not authorized to perform: ssm:TerminateSession on resource: arn:aws:ssm:us-east-1:222222222222:assumed-role/RoleB/RoleB-SSM-test-000000000000 because no identity-based policy allows the ssm:TerminateSession action
RoleA策略:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"sts:AssumeRole"
],
"Resource": [
"arn:aws:iam::222222222222:role/RoleB"
]
}
]
}
角色B政策:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Action": [
"ssm:DescribeSessions",
"ssm:GetConnectionStatus",
"ssm:DescribeInstanceProperties",
"ec2:DescribeInstances",
"ssm:StartSession"
],
"Resource": [
"arn:aws:ec2:us-east-1:222222222222:instance/i-123456abc789102de",
"arn:aws:ssm:us-east-1:222222222222:document/SSM-SessionManagerRunShell",
"arn:aws:ssm:us-east-1:222222222222:document/AWS-StartSSHSession"
]
},
{
"Sid":"",
"Effect":"Allow",
"Action": [
"ssm:TerminateSession"
],
"Resource": "*",
"Condition": {
"StringLike": {
"ssm:resourceTag/aws:ssmmessages:session-id": [
"AROAXXXXXXXXXXXXX"
]
}
}
}
]
}
最初,ssm:TerminateSessionin RoleB 策略没有条件并且与其他操作并存,我进行了此更改以尝试解决此错误,但没有成功,出现相同的错误消息。
我做错了什么?
我是 K8s 的新手,我需要检查集群中的 kubeconfig 文件。有没有办法使用 kubectl 来描述 kubeconfig 文件?
我正在寻找类似于kubectl describe kubeconfig.
我希望能够在计划中看到数据资源(如政策文档)的 JSON。目前,这些类型的资源仅在应用期间“呈现”。
我想知道在运行terraform apply.
这是我的代码:
data "aws_iam_policy_document" "my_policy" {
statement {
sid = "S3"
effect = "Allow"
actions = ["s3:*"]
resources = [
aws_s3_bucket.some-bucket.arn,
"arn:aws:s3:::another-bucket/*",
"arn:aws:s3:::another-bucket/"
]
}
statement {
sid = "CloudWatch"
effect = "Allow"
actions = ["logs:*"]
resources = [
aws_cloudwatch_log_group.some_lambda.arn,
"arn:aws:logs:us-east-1:123456789123:log-group:/some/log/group:*",
"arn:aws:logs:us-east-1:123456789123:log-group:/some/log/group"
]
}
}
我不明白为什么 Terraform 要删除 json 策略。在其他情况下,当在应用期间读取数据时,计划显示 json 策略被删除并添加到同一计划中,但它没有发生,Terraform 只是删除它。
这是政策:
data "aws_iam_policy_document" "my_policy" {
statement {
sid = "S3"
effect = "Allow"
actions = ["s3:*"]
resources = [
aws_s3_bucket.some-bucket.arn,
"arn:aws:s3:::another-bucket/*",
"arn:aws:s3:::another-bucket/"
]
}
statement {
sid = "CloudWatch"
effect = "Allow"
actions = ["logs:*"]
resources = [
aws_cloudwatch_log_group.some_lambda.arn,
"arn:aws:logs:us-east-1:123456789123:log-group:/some/log/group:*",
"arn:aws:logs:us-east-1:123456789123:log-group:/some/log/group"
]
}
}
这是计划:
# data.aws_iam_policy_document.my_policy will be read during apply
# (config refers to values not yet known)
<= data "aws_iam_policy_document" "my_policy" {
~ id = "123456789" -> (known after apply)
~ json = jsonencode(
{
- Statement = [
- {
- Action = "s3:*"
- Effect = "Allow"
- Resource = [
- "arn:aws:s3:::another-bucket/*",
- "arn:aws:s3:::another-bucket/",
]
- Sid = "S3"
},
- {
- Action = "logs:*"
- Effect = "Allow"
- Resource = [
- "arn:aws:logs:us-east-1:123456789123:log-group:/some/log/group:*",
- "arn:aws:logs:us-east-1:123456789123:log-group:/some/log/group",
]
- Sid = "CloudWatch"
},
]
- Version = "2012-10-17"
}
) -> (known after apply)
- version = "2012-10-17" -> null
~ statement {
- not_actions = [] -> null
- not_resources = [] -> null
~ resources = [
+ "arn:aws:s3:::some-bucket/",
# (2 unchanged elements hidden)
]
# (3 unchanged attributes hidden)
}
~ statement {
- not_actions = [] -> null
- not_resources = [] -> null
# (4 unchanged attributes hidden)
}
}
1 - 为什么 Terraform 想要消除这个 json 策略?
2 -not_actions和not_resources是可选的。我以为它不会出现在计划中。这是正常的吗?
对于菜鸟问题,我很抱歉。
有没有办法检查 kubernetes 所需的状态文件?
我正在寻找类似于terraform state listTerraform 中存在的东西。