小编Mar*_*o E的帖子
使用 Terraform 创建 S3 存储桶 ACL 和 S3 策略时访问被拒绝
我正在尝试使用 Terraform 创建 S3 存储桶,但不断收到“访问被拒绝”错误。
\n我有以下 Terraform 代码:
\nresource "aws_s3_bucket" "prod_media" {\n bucket = var.prod_media_bucket\n acl = "public-read"\n}\n\nresource "aws_s3_bucket_cors_configuration" "prod_media" {\n bucket = aws_s3_bucket.prod_media.id \n\n cors_rule {\n allowed_headers = ["*"]\n allowed_methods = ["GET", "HEAD"]\n allowed_origins = ["*"]\n expose_headers = ["ETag"]\n max_age_seconds = 3000\n } \n}\n\nresource "aws_s3_bucket_acl" "prod_media" {\n bucket = aws_s3_bucket.prod_media.id\n acl = "public-read"\n}\n\n\nresource "aws_iam_user" "prod_media_bucket" {\n name = "prod-media-bucket"\n}\n\nresource "aws_s3_bucket_policy" "prod_media_bucket" {\n bucket = aws_s3_bucket.prod_media.id\n policy = jsonencode({\n Version = "2012-10-17"\n Statement = [\n {\n Principal = …amazon-s3 amazon-web-services terraform terraform-provider-aws
推荐指数
解决办法
查看次数
AWS 地形:?错误:配置 Terraform AWS 提供商时出错:验证提供商凭证时出错:调用 sts:GetCallerIdentity 时出错:
错误:配置 Terraform AWS 提供商时出错:
验证提供程序凭据时出错:调用 sts:GetCallerIdentity 时出错:操作错误 STS:GetCallerIdentity,https 响应错误 StatusCode:403,RequestID:95e52463-8cd7-038-b924-3a5d4ad6ef03,api 错误 InvalidClientTokenId:请求中包含的安全令牌无效。与提供者[“registry.terraform.io/hashicorp/aws”],在provider.tf第1行,在提供者“aws”中:1:提供者“aws”{
我只有两个文件。
- 实例.tf
resource "aws_instance" "web" {
ami = "ami-068257025f72f470d"
instance_type = "t2.micro"
tags = {
Name = "instance_using_terraform"
}
}
- 提供商.tf
provider "aws" {
region = "ap-east-1"
access_key = "xxxx"
secret_key = "xxxx/xxx+xxx"
}
amazon-ec2 amazon-web-services terraform terraform-provider-aws
推荐指数
解决办法
查看次数
S3 存储桶 ACL 的 MissingSecurityHeader 错误
我定义了以下 s3 存储桶:
module "bucket" {
source = "terraform-aws-modules/s3-bucket/aws"
version = "3.1.0"
bucket = local.test-bucket-name
acl = null
grant = [{
type = "CanonicalUser"
permission = "FULL_CONTROL"
id = data.aws_canonical_user_id.current.id
}, {
type = "CanonicalUser"
permission = "FULL_CONTROL"
id = data.aws_cloudfront_log_delivery_canonical_user_id.cloudfront.id
}
]
object_ownership = "BucketOwnerPreferred"
}
但是当我尝试terraform apply这样做时,我收到错误:
错误:更新 S3 存储桶 ACL(日志、私有)时出错:MissingSecurityHeader:您的请求缺少必需的标头状态代码:400
该错误消息不是很具体。我是否缺少某种类型的标题?
amazon-s3 amazon-web-services terraform terraform-provider-aws
推荐指数
解决办法
查看次数
如何将值从terraform传递到Helm图表values.yaml文件?
我正在使用 Terraform 中的 Helm 图表创建 ingress-nginx 控制器。我确实有一个values.yaml 文件,可以在其中添加自定义信息,但我需要从 Terraform 资源传递 SSL 证书值,那么我该怎么做呢?我正在使用下面的代码,但出现错误。
\nresource "aws_acm_certificate" "ui_cert" {\n domain_name = var.DOMAIN_NAME\n validation_method = "DNS"\n\n tags = {\n Environment = var.ENVIRONMENT \n }\n\n lifecycle {\n create_before_destroy = true\n }\n\n}\n\nresource "helm_release" "nginix_ingress" {\n\n depends_on = [module.eks, kubernetes_namespace.nginix_ingress,aws_acm_certificate.ui_cert]\n\n name = "ingress-nginx"\n repository = "https://kubernetes.github.io/ingress-nginx"\n chart = "ingress-nginx"\n namespace = var.NGINX_INGRESS_NAMESPACE\n \n values = [templatefile("values.yaml", {\n controller.service.beta.kubernetes.io/aws-load-balancer-internal = aws_acm_certificate.ui_cert.name,\n })]\n}\n我收到以下错误:
\n Error: Reference to undeclared resource\n\xe2\x94\x82\n\xe2\x94\x82 on ui.tf line 27, in …amazon-web-services terraform kubernetes-helm terraform-provider-aws terraform-provider-helm
推荐指数
解决办法
查看次数
如何设置 AWS EKS 节点以使用 gp3
我正在尝试将 EKS 节点设置为使用 gp3 作为卷。它使用默认的 gp2,但我想将其更改为 gp3。我正在使用 terraform 来构建基础设施和aws_eks_cluster资源(我没有使用module "eks")。这是一个简单的片段:
resource "aws_eks_cluster" "cluster" {
name = var.name
role_arn = aws_iam_role.cluster.arn
version = var.k8s_version
}
resource "aws_eks_node_group" "cluster" {
capacity_type = var.node_capacity_type
cluster_name = aws_eks_cluster.cluster.name
disk_size = random_id.node_group.keepers.node_disk
instance_types = split(",", random_id.node_group.keepers.node_type)
node_group_name = "${var.name}-${local.availability_zones[count.index]}-${random_id.node_group.hex}"
node_role_arn = random_id.node_group.keepers.role_arn
subnet_ids = [var.private ? aws_subnet.private[count.index].id : aws_subnet.public[count.index].id]
version = var.k8s_version
}
我尝试设置kubernetes_storage_class资源,但它仅针对 Pod 使用的卷 (PV/PVC) 进行更改。我想将节点卷更改为 gp3。
我没有在文档和 github 中找到如何做到这一点。有人能做到吗?
谢谢。
amazon-web-services terraform terraform-provider-aws amazon-eks
推荐指数
解决办法
查看次数
用变量替换 terraform 块
如何用变量替换 terraform 脚本的整个块?例如,
resource "azurerm_data_factory_trigger_schedule" "sfa-data-project-agg-pipeline-trigger" {
name = "aggregations_pipeline_trigger"
data_factory_id = var.data_factory_resource_id
pipeline_name = "my-pipeline"
frequency = var.frequency
schedule {
hours = [var.adf_pipeline_schedule_hour]
minutes = [var.adf_pipeline_schedule_minute]
}
}
在上面的示例中,如何schedule使用 terraform 变量使整个块可配置?
我尝试过这个,但它不起作用。
schedule = var.schedule
推荐指数
解决办法
查看次数
Terraform 1.1.7 - 错误:后端配置已更改
当我尝试针对 Azure 运行 Terraform v1.1.7 时遇到问题。\n这是第一次运行,并且“artifactory”后端中不存在状态文件。
\n当我使用 Terraform 0.13 运行时,它会运行,最后,脚本会将状态文件放入 Nexus 中,管道的下一次运行会获取状态文件并使用它,更新它,然后将其放回 Nexus。
\n所以这在 terraform 0.13 下工作。\n我现在做错了什么?
\n主要.tf:
\nprovider "azurerm" {\n subscription_id = var.credentials.subscription_id\n tenant_id = var.credentials.tenant_id\n client_id = var.credentials.client_id\n client_secret = var.credentials.client_secret\n features {\n key_vault {\n purge_soft_delete_on_destroy = true\n }\n }\n}\n\n...\n状态保存在 Nexus 中,状态文件如下所示:
\nterraform {\n backend "artifactory" {\n url = "https://nexusbox/nexus/repository/"\n repo = "terraform"\n subpath = "component/vault"\n username = "theusername"\n password = "somegiberrish"\n }\n}\n\n\n#>/usr/bin/terraform version\nTerraform v1.1.7\non linux_amd64\n+ provider registry.terraform.io/hashicorp/azurerm v2.99.0\n+ provider registry.terraform.io/hashicorp/random …推荐指数
解决办法
查看次数
获取使用 for_each 创建的子网 ID 列表
我如何获取使用 for_each 创建的子网 ID 列表(需要在我的脚本底部):
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 4.0"
}
}
}
provider "aws" {
region = "eu-west-1"
}
data "aws_availability_zones" "azs" {
state = "available"
}
locals {
az_names = data.aws_availability_zones.azs.names
}
variable "vpc_cidr" {
default = "10.0.0.0/16"
}
resource "aws_vpc" "main" {
cidr_block = var.vpc_cidr
}
resource "aws_subnet" "private" {
for_each = {for idx, az_name in local.az_names: idx => az_name}
vpc_id = aws_vpc.main.id
cidr_block = cidrsubnet(var.vpc_cidr, 8, each.key) …推荐指数
解决办法
查看次数
Terraform AWS S3 - 拒绝除特定用户之外的所有人
我有一个需要限制为特定用户的存储桶,我编写了以下脚本,但它似乎仍然允许所有用户对该存储桶进行操作。
resource "aws_s3_bucket" "vulnerability-scans" {
bucket = "vulnerability-scans"
}
resource "aws_s3_bucket_policy" "vulnerability-scans" {
bucket = aws_s3_bucket.vulnerability-scans.id
policy = data.aws_iam_policy_document.vulnerability-scans.json
}
data "aws_iam_policy_document" "vulnerability-scans" {
statement {
principals {
type = "AWS"
identifiers = [
aws_iam_user.circleci.arn,
]
}
actions = [
"s3:PutObject",
"s3:GetObject",
"s3:ListBucket",
]
resources = [
aws_s3_bucket.vulnerability-scans.arn,
"${aws_s3_bucket.vulnerability-scans.arn}/*",
]
}
}
amazon-s3 amazon-web-services terraform terraform-provider-aws
推荐指数
解决办法
查看次数
错误:收集实例设置时出错:运行 terraform apply 时结果为空(terraform plan 工作正常)
我不太明白 terraform 目录是如何设置的,但我的目录似乎非常基本。尽管设置了空值,但它一直抱怨空值。有人可以看一下并告诉我可能是什么问题吗?
\n.tf 的片段:
\nprovider "aws" {\n region = var.region\n\n default_tags {\n tags = {\n source = "/home/ubuntu/bootcamp-terraform-master"\n owner_name = var.owner-name\n owner_email = var.owner-email\n purpose = var.purpose\n }\n }\n}\n\n\n// Resources\n\nresource "aws_instance" "zookeepers" {\n count = var.zk-count\n ami = var.aws-ami-id\n instance_type = var.zk-instance-type\n key_name = var.key-name\n\n root_block_device {\n volume_size = 100\n }\n\n tags = {\n Name = "${var.owner-name}-zookeeper-${count.index}"\n"bootcamp2.tf" 269L, 7806C 14,0-1 Top\nprovider "aws" {\n region = var.region\n\n default_tags {\n tags = {\n source = "/home/ubuntu/bootcamp-terraform-master"\n owner_name = var.owner-name\n …推荐指数
解决办法
查看次数