我正在尝试通过pulumi导入现有的vpc。
const stackName = pulumi.getStack()
var vpcName = stackName + "-defaultvpc"
console.log("CIDR Block is" + config.cidrBlock)
const envVpc = new aws.ec2.Vpc(vpcName, {
cidrBlock: config.cidrBlock,
}, {import: config.vpcId});
module.exports = {
appVpc: envVpc
}
然后我正在执行pulumi up --stack test。
据我了解,该命令仅应将现有的vpc导入此测试堆栈中。
但是在执行过程中,我收到以下错误消息。
错误:预览失败:刷新urn:pulumi:test :: identity :: aws:ec2 / vpc:Vpc :: test-defaultvpc:UnauthorizedOperation:您无权执行此操作。
我已经确认我已经在aws帐户中拥有对VPC的所有读取权限。但是无法找出pulumi进行此操作所需的确切权限。
答案 0 :(得分:0)
这表明您没有AWS的授权。从运行pulumi的命令行中,运行AWSTemplateFormatVersion: 2010-09-09
Transform: 'AWS::Serverless-2016-10-31'
Description: Api Template Stack
Parameters:
VpcId:
Type: String
Default: "vpc-xxxxxx"
Resources:
PrivateGateway:
Type: 'AWS::ApiGateway::RestApi'
Properties:
Name: 'private-gw'
EndpointConfiguration:
Types:
- PRIVATE
Policy: !Sub |
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Deny",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": "arn:aws:execute-api:us-east-1:${AWS::AccountId}:*/*/*/*",
"Condition": {
"StringNotEquals": {
"aws:sourceVpc": "${VpcId}"
}
}
},
{
"Effect": "Allow",
"Principal": "*",
"Action": "execute-api:Invoke",
"Resource": "arn:aws:execute-api:us-east-1:${AWS::AccountId}:*/*/*/*"
}
]
}
时是否在结果中获得所需的vpc?
如果不这样做,则必须确保您具有该VPC的DescribeVPC权限策略。