我正在尝试通过策略创建以下IAM角色。该角色已附加到Lambda。
resource "aws_lambda_function" "lambda" {
function_name = "test"
s3_bucket = "${aws_s3_bucket.deployment_bucket.id}"
s3_key = "${var.deployment_key}"
handler = "${var.function_handler}"
runtime = "${var.lambda_runtimes[var.desired_runtime]}"
role = "${aws_iam_role.lambda_role.arn}"
}
resource "aws_iam_role" "lambda_role" {
name = "test-role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Principal": {
"Service": "lambda.amazonaws.com"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}
resource "aws_iam_role_policy" "lambda_policy" {
name = test-policy"
role = "${aws_iam_role.lambda_role.id}"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": [
"xray:PutTelemetryRecords",
"xray:PutTraceSegments",
"logs:CreateLogGroup",
"logs:PutLogEvents"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
EOF
}
我从附加了IAM角色的EC2实例运行terraform apply。 IAM角色具有AdministratorAccess,可以毫无问题地使用Terraform部署VPC和EC2。当我尝试创建上述IAM角色和策略时,尽管失败并出现InvalidClientTokenId错误。
- aws_iam_role.lambda_role:创建IAM角色时出错角色测试角色:InvalidClientTokenId:请求中包含的安全令牌无效
然后,我生成了一组访问密钥凭据,并对它们进行了硬编码,但仍然失败。创建IAM角色时,我需要做些特别的事情吗?在需要创建IAM角色之前,我在此计算机上运行的所有其他terraform apply命令都可以正常工作。