无法将S3后端与Terraform一起使用-缺少凭据

Question

我是Terraform样本中行人最多的地方：

#  Configure AWS provider
provider "aws" {
    region     = "us-east-1"
    access_key = "xxxxxxxxx"
    secret_key = "yyyyyyyyyyy"
}

#  Terraform configuration
terraform {
  backend "s3" {
    bucket = "terraform.example.com"
    key    = "85/182/terraform.tfstate"
    region = "us-east-1"
  }
}

当我运行terraform init时，我收到以下（跟踪的）响应：

2018/08/14 14:19:13 [INFO] Terraform version: 0.11.7  41e50bd32a8825a84535e353c3674af8ce799161
2018/08/14 14:19:13 [INFO] Go runtime version: go1.10.1
2018/08/14 14:19:13 [INFO] CLI args: []string{"C:\\cygwin64\\usr\\local\\bin\\terraform.exe", "init"}
2018/08/14 14:19:13 [DEBUG] Attempting to open CLI config file: C:\Users\judall\AppData\Roaming\terraform.rc
2018/08/14 14:19:13 [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2018/08/14 14:19:13 [INFO] CLI command args: []string{"init"}
2018/08/14 14:19:13 [DEBUG] command: loading backend config file: C:\cygwin64\home\judall\t2

2018/08/14 14:19:13 [DEBUG] command: no data state file found for backend config
Initializing the backend...
2018/08/14 14:19:13 [DEBUG] New state was assigned lineage "5113646b-318f-9612-5057-bc4803292c3a"
2018/08/14 14:19:13 [INFO] Building AWS region structure
2018/08/14 14:19:13 [INFO] Building AWS auth structure
2018/08/14 14:19:13 [INFO] Setting AWS metadata API timeout to 100ms
2018/08/14 14:19:13 [INFO] Ignoring AWS metadata API endpoint at default location as it doesn't return any instance-id

2018/08/14 14:19:13 [DEBUG] plugin: waiting for all plugin processes to complete...
Error configuring the backend "s3": No valid credential sources found for AWS Provider.
  Please see https://terraform.io/docs/providers/aws/index.html for more information on
  providing credentials for the AWS Provider

Please update the configuration in your Terraform files to fix this error
then run this command again.

我已经为此搜索了几个小时。我尝试使用'profile'属性-产生的跟踪日志略有不同，但最终结果相同。我尝试设置AWS_环境变量-结果相同。

我正在运行terraform版本0.11.7。有什么建议么？

Answer 1

该provider配置独立于您的backend配置。

您在provider区块中配置的凭证用于创建与AWS相关的资源。为了访问S3存储桶作为远程状态的存储，您还需要提供凭据。这可以与您的配置中的相同，provider也可以完全不同（出于安全原因，仅对此特定存储区具有权限）。

您可以通过在backend块中添加凭据来修复它：

#  Terraform configuration
terraform {
  backend "s3" {
    bucket     = "terraform.example.com"
    key        = "85/182/terraform.tfstate"
    region     = "us-east-1"
    access_key = "xxxxxxxxx"
    secret_key = "yyyyyyyyyyy"
  }
}

或者，您可以在主目录（AWS Doku）中创建一个AWS（默认）配置文件，并在terraform代码中删除您的凭证（将配置存储在版本控制系统中时，这是首选选项）。