在Terraform中覆盖STS API端点时,SignatureDoesNotMatch

时间:2019-07-02 19:52:42

标签: amazon-web-services terraform terraform-provider-aws aws-sts

我正在私有VPC中的AWS区域us-west-2(俄勒冈)中运行Terraform。因此,我正在使用VPC endpoints公开STS API并按如下所示在Terraform中覆盖此端点:

provider "aws" {
  endpoints {
    sts = "https://sts.us-west-2.amazonaws.com/"
  }
}

不幸的是,这给出了以下错误:

provider.aws: error validating provider credentials: error calling sts:GetCallerIdentity: SignatureDoesNotMatch: The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.

什么可能导致此问题?在公共VPC中应用相同的Terraform代码但不覆盖端点的情况符合预期。

我检查过的东西:

  • 正在运行的Terraform实例显示正确的时间(UTC)
  • AWS_REGION和AWS_DEFAULT_REGION环境变量设置为us-west-2
  • 我用来进行身份验证的AWS_SECRET_ACCESS_KEY env var(与AWS_ACCESS_KEY_ID一起)仅包含alphanumeric characters

版本:

  • terraform version:Terraform v0.11.13
  • terraform-provider-aws:v2.17.0

1 个答案:

答案 0 :(得分:1)

terraform似乎没有在将URL发送到AWS之前对其进行清理:

provider "aws" {
  endpoints {
    sts = "https://sts.us-west-2.amazonaws.com" # No trailing slash
  }
}

对我来说一切正常,反斜杠会导致您的错误

相关问题
最新问题