admin管理员组

文章数量:1129438

I'm deploying resources to AWS via Terraform. My understanding is that Terraform uses the AWS SDK, meaning it connects over the various AWS Service Endpoints:

.html

For certain Services, AWS offers an alternate (ie. FIPS-enabled) endpoint. For example with EC2 (.html) in us-east-1 region those endpoints are:

default = ec2.us-east-1.amazonaws

fips = ec2-fips.us-east-1.amazonaws

I see TF details how to over-ride the default endpoint it connects to (.70.1/docs/guides/custom-service-endpoints) in the provider definition via:

provider "aws" {
  region  = "us-east-1"
  endpoints {
    ec2     = ";
  }
}

Does anyone know how to verify which endpoint was used during a given TF execution (apply)? Either on the Terraform logging side...or AWS side? I haven't figured out a way.

I'm deploying resources to AWS via Terraform. My understanding is that Terraform uses the AWS SDK, meaning it connects over the various AWS Service Endpoints:

https://docs.aws.amazon.com/general/latest/gr/rande.html

For certain Services, AWS offers an alternate (ie. FIPS-enabled) endpoint. For example with EC2 (https://docs.aws.amazon.com/general/latest/gr/ec2-service.html) in us-east-1 region those endpoints are:

default = ec2.us-east-1.amazonaws.com

fips = ec2-fips.us-east-1.amazonaws.com

I see TF details how to over-ride the default endpoint it connects to (https://registry.terraform.io/providers/hashicorp/aws/2.70.1/docs/guides/custom-service-endpoints) in the provider definition via:

provider "aws" {
  region  = "us-east-1"
  endpoints {
    ec2     = "https://ec2-fips.us-east-1.amazonaws.com"
  }
}

Does anyone know how to verify which endpoint was used during a given TF execution (apply)? Either on the Terraform logging side...or AWS side? I haven't figured out a way.

  • amazon-web-services
  • terraform
  • terraform-provider-aws
Share Improve this question edited Jan 9 at 9:00 Marko E 18k4 gold badges26 silver badges35 bronze badges asked Jan 8 at 22:28 MikeOMikeO 337 bronze badges 3
  • Can you elaborate a bit why do you need it? Because there might be other ways to get that information. – Marko E Commented Jan 9 at 9:00
  • As for the logging: if the AWS SDK Go is not logging this at i.e. debug level (unsure), then that is not a path forward. You could assign the TF_LOG env var to DEBUG which will display SDK logs also (otherwise not displayed), but probably not at its debug level. – Matthew Schuchard Commented Jan 9 at 11:48
  • @MarkoE - need to use FIPS endpoints...wanted a way to verify they are in fact being used. – MikeO Commented 2 days ago
Add a comment  | 

1 Answer 1

Reset to default 0

@MatthewSchuchard - thanks for the info, I tested with TF_LOG=DEBUG on the 'apply' and it does in fact log all service endpoints being used:

2025-01-09T05:46:15.8225045Z    http.url=https://ec2.***.amazonaws.com/
2025-01-09T05:47:45.0451008Z    http.url=https://elasticloadbalancing.***.amazonaws.com/ 
2025-01-09T05:48:47.0780261Z    http.url=https://rds-fips.***.amazonaws.com/

...in this example I had only changed certain providers over.

本文标签: tracking which AWS Service Endpoint is used by TerraformStack Overflow

版权声明:本文标题:tracking which AWS Service Endpoint is used by Terraform - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1736684346a1947583.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。