在本地,我发现我可以使用AWS_PROFILE,并且terraform可以正常工作。但是在客户端环境上,甚至在我导出AWS_PROFILE时,它似乎仍然不正确:(我遇到了一些权限问题)
AWS_PROFILE=xxx terraform import aws_api_gateway_rest_api.api 00000000
我得到:
+ AWS_PROFILE=xxx
+ terraform import aws_api_gateway_rest_api.api 00000000
[0m[1maws_api_gateway_rest_api.api: Importing from ID "00000000"...[0m
[0m[1m[32maws_api_gateway_rest_api.api: Import complete![0m
[0m[32m Imported aws_api_gateway_rest_api (ID: 00000000)[0m
[0m[1maws_api_gateway_rest_api.api: Refreshing state... (ID: 00000000)[0m
[31m
[1m[31mError: [0m[0m[1maws_api_gateway_rest_api.api (import id: 00000000): 1 error(s) occurred:
* import aws_api_gateway_rest_api.api result: 00000000: aws_api_gateway_rest_api.api: error reading API Gateway REST API (i76an3mk88): AccessDeniedException: User: arn:aws:sts::0000000000:assumed-role/XXX/i-00000000 is not authorized to perform: apigateway:GET on resource: arn:aws:apigateway:ap-southeast-1::/restapis/00000000
status code: 403, request id: 00000[0m
客户开发人员建议使用一些代码,例如:
provider "aws" {
alias = "Production"
version = "~> 1.28"
region = "${var.region}"
assume_role {
role_arn = "arn:aws:iam::<redacted>:role/TerraformProductionRole"
}
}
terraform {
backend "s3" {
encrypt = true
}
}
terraform import -provider=aws.Production aws_key_pair.prod_ssh_key aws_cccs_prod
但是我试图理解为什么需要它?我怀疑它是否有效,因为我什至没有资源aws_key_pair.prod_ssh_key?