我正在尝试将us-east-1区域中的存储桶导入到ap-south-1区域中的父模块中。我现在不希望将存储桶迁移到ap-south-1区域,但我希望其状态在具有提供者区域ap-south-1的父模块中。我这样做时遇到错误。
命令:
terraform import aws_s3_bucket.cdn staging.domain.com
错误:
terraform import aws_s3_bucket.cdn staging.domain.com [15:02:27]
aws_s3_bucket.cdn: Importing from ID "staging.domain.com"...
Error: aws_s3_bucket.cdn (import id: staging.domain.com): import aws_s3_bucket.cdn (id: staging.domain.com): Error importing AWS S3 bucket policy: BucketRegionError: incorrect region, the bucket is not in 'ap-south-1' region at endpoint ''
status code: 301, request id: , host id:
现在甚至有可能吗?
答案 0 :(得分:0)
我认为存储桶的区域(us-east-1)与父模块的区域(ap-south-1)不匹配。
因此,我建议使用多个提供程序。 https://www.terraform.io/docs/configuration/providers.html#alias-multiple-provider-instances
1.为us-east-1地区创建aws提供程序
// default aws provider for parent module
provider "aws" {
...
region = "ap-south-1"
...
}
// add for us-east-1
provider "aws" {
...
region = "us-east-1"
alias = "us-east-1"
...
}
resource "aws_s3_bucket" "cdn" {
...
provider = "aws.us-east-1"
...
}
terraform import -provider=aws.us-east-1 aws_s3_bucket.cdn staging.domain.com
答案 1 :(得分:0)
这对我来说有点困难,最终的答案是“使用正确的区域”。所以我在 us-west-2 中有一个桶,但我的其他东西在 us-east-1 中。我需要使用:
provider "aws" {
alias = "oregon"
region = "us-west-2"
}
resource "aws_s3_bucket" "tf_logs" {
provider = aws.oregon
bucket = "my-bucket-name"
}
然后就成功了。
我发现这一点的方法是运行带有更多日志记录的 terraform:
TF_LOG=DEBUG terraform import aws_s3_bucket.tf_logs my-bucket-name
然后它给了我一个神秘的“错误请求”,我把它放入邮递员,这给了我这条有用的信息:
HTTP 400 Bad Request
<Message>The authorization header is malformed; the region 'us-east-1' is wrong; expecting 'us-west-2'</Message>