

我对Terraform设置有问题.第一次运行terraform时,我使用的是AWS控制台中生成的SSH密钥.该密钥将添加到 ubuntu 用户(它是Ubuntu 16.04 AMI).然后,我运行 remote-exec 设置:

I have an issue with Terraform provisioning. When I run terraform first time I am using SSH key generated in AWS console. This key is being added to ubuntu user (it's Ubuntu 16.04 AMI). Then I run remote-exec provisioning:

provisioner "remote-exec" {
  inline = [
  "sudo apt -y update && sudo apt install -y python"
  connection {
    user = "ubuntu"
    private_key = "${file("${var.aws_default_key_name}.pem")}"

我需要安装python,以便以后可以使用Ansible.那是我唯一需要此密钥的地方,因为我用我的私钥创建了自己的用户.但是,当我稍后尝试运行terraform时,它将搜索文件 file("$ {var.aws_default_key_name} .pem" .现在我有一个问题,如何在以后的运行中跳过此设置?

I need python being installed so I can use Ansible later. That's the only place where I need this key, never more, because I create my own user with my private key. However, when I try to run terraform later it searches for a file file("${var.aws_default_key_name}.pem".Now I have a question how to skip this provisioning on subsequent runs?


I don't want to store SSH key in the repository.


I could create an empty file to "trick" terraform, but I don't like this solution.



与其在 aws_instance 块中进行配置,不如将其移至 null_resource 块,并带有适当的触发器.

Instead of doing provisioning in the aws_instance block, move it out to a null_resource block, with appropriate triggers.

resource "aws_instance" "cluster" {
  count = 3

  # ...

resource "null_resource" "cluster" {
  # Changes to any instance of the cluster requires re-provisioning
  triggers {
    cluster_instance_ids = "${join(",", aws_instance.cluster.*.id)}"

  connection {
    host = "${element(aws_instance.cluster.*.public_ip, 0)}"

  provisioner "remote-exec" {
    inline = [something]


If your triggers do not change the null_resource provisioning will not be triggered on subsequent runs.


07-30 20:37