3

我有一个下面的 terraform 脚本,在终端上使用它时可以正常工作。

provider "aws" {
  region = "${var.aws_region}"
}

resource "aws_instance" "jenkins-poc" {
  count = "2"
  ami           = "${var.aws_ami}"
  instance_type = "${var.instance_type}"
  key_name      = "${var.key_name}"
  availability_zone = "${var.aws_region}${element(split(",",var.zones),count.index)}"
  vpc_security_group_ids = ["${aws_security_group.jenkins-poc.id}"]
  subnet_id = "${element(split(",",var.subnet_id),count.index)}"
  user_data = "${file("userdata.sh")}"
  tags {
    Name = "jenkins-poc${count.index + 1}"
    Owner = "Shailesh"
  }
}

resource "aws_security_group" "jenkins-poc" {
  vpc_id = "${var.vpc_id}"
  name = "${var.security_group_name}"
  description = "Allow http,httpd and SSH"

  ingress {
      from_port = 443
      to_port = 443
      protocol = "tcp"
      cidr_blocks = ["10.0.0.0/8"]
  }
  ingress {
      from_port = 22
      to_port = 22
      protocol = "tcp"
      cidr_blocks = ["0.0.0.0/0"]
  }
 ingress {
      from_port = 80
      to_port = 80
      protocol = "tcp"
      cidr_blocks = ["10.0.0.0/8"]
 }
  egress {
      from_port = "0"
      to_port = "0"
      protocol = "-1"
      cidr_blocks = ["0.0.0.0/0"]
  }
}

resource "aws_elb" "jenkins-poc-elb" {
    name = "jenkins-poc-elb"
    subnets = ["subnet-","subnet-"]
listener {
    instance_port = 80
    instance_protocol = "http"
    lb_port = "80"
    lb_protocol = "http"
}

  health_check {
    healthy_threshold = "2"
    unhealthy_threshold = "3"
    timeout = "3"
    target = "tcp:80"
    interval = 30
  }
    instances = ["${aws_instance.jenkins-poc.*.id}"]
}

和变量文件如下所示。

variable "aws_ami" {
  default = "ami-"
}

variable "zones"{
  default = "a,b"
}

variable "aws_region" {
    default = "us-east-1"
}

variable "key_name" {
    default = "test-key"
}

variable "instance_type" {
    default = "t2.micro"
}

variable "count" {
    default = "2"
}
variable "security_group_name" {
    default = "jenkins-poc"
}
variable "vpc_id" {
    default = "vpc-"
}
variable "subnet_id" {
    default = "subnet-,subnet"
}

当我使用 terraform apply 通过终端运行时,一切正常。但是当我通过詹金斯运行它时,同样的代码给了我下面的错误。 

aws_security_group.jenkins-poc: Error creating Security Group: UnauthorizedOperation: You are not authorized to perform this operation

注意 :: 这是我在其中执行此操作的非默认 vpc。

我将非常感谢任何评论。我没有提到敏感值。

4

1 回答 1

1

只要确保您在正确的 aws 配置文件中,并且defaultaws 配置文件可能会限制您创建实例

provider "aws" {
  region = "${var.aws_region}"
  shared_credentials_file = "~/.aws/credentials"
  profile = "xxxxxxx"
}
于 2020-03-03T12:52:50.710 回答