使用Terraform和AWS EC2 / S3 – 以下是“terraform init / apply”的错误示例
代码示例中的 main.tf
terraform {
# AWSプロバイダーのバージョン指定
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4.51.0"
}
}
# tfstateファイルをS3に配置する(配置先のS3は事前に作成済み)
backend s3 {
bucket = "terraform-yumainaura" # S3バケット名
region = "ap-northeast-1"
key = "tf-test.tfstate"
}
}
# AWSプロバイダーの定義
provider aws {
region = "ap-northeast-1"
}
# EC2の作成
resource aws_instance ec2 {
ami = "ami-0bba69335379e17f8" # Amazon マシンイメージ
instance_type = "t2.micro"
tags = {
Name = "tf-test"
}
}
如果无法识别 AWS_ACCESS_KEY_ID 和 AWS_SECRET_ACCESS_KEY(这是初始化时的情况)。
离线状态下也会发生错误。如果在 main.tf 文件中直接写入 KEY/SECRET 的方式,会导致出现此错误。
$ terraform init
Initializing the backend...
╷
│ Error: error configuring S3 Backend: no valid credential sources for S3 Backend found.
│
│ Please see https://www.terraform.io/docs/language/settings/backends/s3.html
│ for more information about providing credentials.
│
│ Error: NoCredentialProviders: no valid providers in chain. Deprecated.
│ For verbose messaging see aws.Config.CredentialsChainVerboseErrors
│
│
│
╵
如果在AWS S3中不存在指定的存储桶 (init)
AWS_ACCESS_KEY_ID=xxx AWS_SECRET_ACCESS_KEY=yyy AWS_DEFAULT_REGION=ap-northeast-1 terraform init --migrate-state
Initializing the backend...
Backend configuration changed!
Terraform has detected that the configuration specified for the backend
has changed. Terraform will now check for existing state in the backends.
╷
│ Error: Error inspecting states in the "s3" backend:
│ S3 bucket does not exist.
│
│ The referenced S3 bucket must have been previously created. If the S3 bucket
│ was created within the last minute, please wait for a minute or two and try
│ again.
│
│ Error: NoSuchBucket: The specified bucket does not exist
│ status code: 404, request id: XSR798EMBAG06B70, host id: 2Pq7S6nh04co2JuD5bvpQfAe6kNnOTcYxoyEDubL32iQfu6WTFxxS5LTv7qtQZe5kGZL8Qh/w/k=
│
│
│ Prior to changing backends, Terraform inspects the source and destination
│ states to determine what kind of migration steps need to be taken, if any.
│ Terraform failed to load the states. The data in both the source and the
│ destination remain unmodified. Please resolve the above error and try again.
│
│
╵
如果 AWS_ACCESS_KEY_ID 和 AWS_SECRET_ACCESS_KEY 的认证信息不正确的话(init)
AWS_ACCESS_KEY_ID=xxx AWS_SECRET_ACCESS_KEY=yyy AWS_DEFAULT_REGION=ap-northeast-1 terraform init
Initializing the backend...
╷
│ Error: error configuring S3 Backend: error validating provider credentials: error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid.
│ status code: 403, request id: 6997596f-6935-4323-b732-498833c01f0f
│
│
如果没有AWS的S3权限(init)。
AWS_ACCESS_KEY_ID=xxx AWS_SECRET_ACCESS_KEY=yyy AWS_DEFAULT_REGION=ap-northeast-1 terraform init
Initializing the backend...
Error refreshing state: AccessDenied: Access Denied
status code: 403, request id: QEFSBRJ21TZCYTYH, host id: 72Qe8Vfz8mwzaCPil9yBAwFSBgomqccKgs+e7kftuXYDcoZqzOmRlFv3HeowawLejCJbEXBcBIw=
如果在AWS上没有EC2权限的情况下(申请)
$ AWS_ACCESS_KEY_ID=xxxY AWS_SECRET_ACCESS_KEY=yyy AWS_DEFAULT_REGION=ap-northeast-1 terraform apply
aws_instance.ec2: Refreshing state... [id=i-07fa99fc63ad81002]
╷
│ Error: reading EC2 Instance (i-07fa99fc63ad81002): UnauthorizedOperation: You are not authorized to perform this operation.
│ status code: 403, request id: f8df261f-6205-49a3-8585-f6d74adbc4ef
│
│ with aws_instance.ec2,
│ on main.tf line 26, in resource "aws_instance" "ec2":
│ 26: resource aws_instance ec2 {
│
╵
环境
Terraform v1.3.7
on darwin_amd64
+ provider registry.terraform.io/hashicorp/aws v4.51.0
请参考。
在参考了tf文件的示例后进行了测试(实际上几乎完全是按照示例进行的测试)。
招募聊天成员
如果您有任何问题、烦恼或需要咨询,也可以使用LINE开放聊天室。
推特
