我正在尝试使用terraform用户数据从S3复制文件。所有其他命令都在运行,但无法从S3复制。从控制台创建一个新的角色和策略时,它可以在相同的权限下正常工作。
fatal error: HTTPSConnectionPool(host='s3.amazonaws.com', port=443): Max retries exceeded with url: /somebucket/index.html (Caused by ConnectTimeoutError(<botocore.awsrequest.AWSHTTPSConnection object at 0x7fac02dfe550>, 'Connection to s3.amazonaws.com timed out. (connect timeout=60)'))
我的代码如下: -
resource "aws_iam_role" "CF2TF-IAM-Role" {
name = "CF2TF-IAM-Role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
EOF
}
resource "aws_iam_policy" "CF2TF-IAM-Policy" {
name = "CF2TF-IAM-Policy"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "s3:*",
"Effect": "Allow",
"Resource": "*"
}
]
}
EOF
}
resource "aws_iam_role_policy_attachment" "CF2TF-IAM-PA" {
depends_on = ["aws_iam_role.CF2TF-IAM-Role", "aws_iam_policy.CF2TF-IAM-Policy"]
role = "${aws_iam_role.CF2TF-IAM-Role.name}"
policy_arn = "${aws_iam_policy.CF2TF-IAM-Policy.arn}"
}
resource "aws_iam_instance_profile" "CF2TF-IAM-IP" {
name = "CF2TF-IAM-IP"
depends_on = ["aws_iam_role.CF2TF-IAM-Role"]
role = "${aws_iam_role.CF2TF-IAM-Role.id}"
}
用户数据文件如下: -
#!/bin/bash
yum update -y
yum install httpd -y
aws s3 cp s3://somebucket/index.html /var/www/html/index.html
service httpd start