我正在尝试让Terraform在两个帐户(主帐户和成员帐户)上启用AWS GuardDuty。在会员帐户上启用GD似乎是一个问题:
resource "aws_guardduty_detector" "member" {
provider = aws.member
enable = true
}
========== 错误输出
错误:提供者配置不存在
要与module.guardduty-multi.aws_guardduty_detector.member一起使用其原始版本 提供商配置位于 module.guardduty-multi.provider [“ registry.terraform.io/hashicorp/aws”]。member 是必需的,但已被删除。当提供者发生这种情况 由该提供程序创建的对象仍然存在于配置中时,将删除配置 状态。重新添加提供者配置以销毁 module.guardduty-multi.aws_guardduty_detector.member,之后您就可以 再次删除提供程序配置。
=============
module "guardduty-multi" {
source = "./modules/guardduty"
}
provider "aws" {
alias = "master"
region = "us-east-1"
profile = var.master_profile
}
provider "aws" {
alias = "member"
region = "us-east-1"
profile = var.member_profile
}
variable "member_profile" {
type = string
default = "member"
}
variable "master_profile" {
type = string
default = "default"
}
resource "aws_guardduty_detector" "master" {
enable = true
}
resource "aws_guardduty_detector" "member" {
provider = aws.member
enable = true
}
resource "aws_guardduty_member" "member" {
account_id = aws_guardduty_detector.member.account_id
detector_id = aws_guardduty_detector.master.id
email = "emailid@acme.com"
invite = true
invitation_message = "please accept Guardduty invitation from Master Account"
}
v0.13.2 hashicorp / aws:版本=“〜> 3.5.0”