Terraform Provisioner“local-exec”未按预期工作| VPC对等连接接受问题

时间:2018-05-28 11:51:34

标签: networking automation aws-cli terraform amazon-vpc

我无法通过配置选项

链接(Why am I getting a permissions error when attempting to auto_accept vpc peering in Terraform?“]中提到的工作完成自动接受对等操作

见下面的Terraform代码。有人可以帮助我吗?

provider "aws" {
  region  = "us-east-1"
  profile = "default"
}

provider "aws" {
  region  = "us-east-1"
  profile = "peer"
  alias   = "peer"
}

data "aws_caller_identity" "peer" {
  provider = "aws.peer"
}



resource "aws_vpc_peering_connection" "service-peer" {
  vpc_id                            = "vpc-123a56789bc"

  peer_vpc_id                       = "vpc-YYYYYY"
  peer_owner_id                     = "012345678901"
  peer_region                       = "us-east-1"


  accepter {
    allow_remote_vpc_dns_resolution = true
  }

  requester {
    allow_remote_vpc_dns_resolution = true
  }


  provisioner "local-exec" {
    command = "aws ec2 accept-vpc-peering-connection --vpc-peering-connection-id=${aws_vpc_peering_connection.service-peer.id} --region=us-east-1 --profile=peer"
  }

}

我得到的输出:

Error: Error applying plan:

1 error(s) occurred:

* aws_vpc_peering_connection.servicehub-peer: 1 error(s) occurred:

* aws_vpc_peering_connection.servicehub-peer: Unable to modify peering options. The VPC Peering Connection "pcx-08ebd316c82acacd9" is not active. Please set `auto_accept` attribute to `true`, or activate VPC Peering Connection manually.

Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure

我可以通过linux shell在terraform模板之外成功运行aws cli命令。如果我错过了terraform脚本中的某些内容,请告诉我。

1 个答案:

答案 0 :(得分:0)

尝试移出“local-exec”并添加取决于与您的VPC对等的链接。

resource "null_resource" "peering-provision" {
  depends_on = ["aws_vpc_peering_connection.service-peer"]

  provisioner "local-exec" {
    command = "aws ec2 accept-vpc-peering-connection --vpc-peering-connection-id=${aws_vpc_peering_connection.service-peer.id} --region=us-east-1 --profile=peer"
  }
}

正如Koe所说,使用auto_accept选项可能会更好。