8

Terraform 找不到在引用所在的同一文件中声明的资源。

这条线似乎造成了麻烦:role_arn = "${aws_iam_role.newsapi_lambda_codepipeline.arn}". 它找不到newsapi_lambda_codepipeline哪个被声明为resource "aws_iam_role" "newsapi_lambda_codepipeline" { ... }.

这是我的 main.tf:

resource "aws_s3_bucket" "newsapi_lambda_builds" {
  bucket = "newsapi-lambda-builds"
  acl    = "private"
}

resource "aws_iam_role" "newsapi_lambda_codebuild" {
  name = "newsapi-lambda-codebuild"

  assume_role_policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Action": [
        "s3:GetObject",
        "s3:GetObjectVersion",
        "s3:GetBucketVersioning"
      ],
      "Resource": "arn:aws:s3:::newsapi_lambda_builds",
      "Effect": "Allow"
    },
    {
      "Action": [
        "s3:PutObject"
      ],
      "Resource": [
        "arn:aws:s3:::newsapi_lambda_builds"
      ],
      "Effect": "Allow"
    },
    {
      "Action": [
        "lambda:invokefunction",
        "lambda:listfunctions"
      ],
      "Resource": "*",
      "Effect": "Allow"
    },
    {
      "Effect": "Allow",
      "Resource": [
        "*"
      ],
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ]
    }
  ]
}
EOF
}
resource "aws_iam_role" "newsapi_lambda_codepipeline" {
  name = "newsapi-lambda-codepipeline"

  assume_role_policy = <<EOF
{
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "codepipeline.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    },
    {
      "Action": [
        "s3:GetObject",
        "s3:GetObjectVersion",
        "s3:GetBucketVersioning"
      ],
      "Resource": "${aws_s3_bucket.newsapi_lambda_builds.arn}",
      "Resource": "${aws_s3_bucket.newsapi_lambda_builds.arn}/*"
      "Effect": "Allow"
    },
    {
      "Action": [
        "s3:PutObject"
      ],
      "Resource": [
        "arn:aws:s3:::newsapi_lambda_builds"
      ],
      "Effect": "Allow"
    },
    {
      "Effect": "Allow",
      "Action": [
        "codebuild:BatchGetBuilds",
        "codebuild:StartBuild"
      ],
      "Resource": "*"
    }
  ],
  "Version": "2012-10-17"
}
EOF
}


resource "aws_codepipeline" "newsapi_lambda" {
  name     = "newsapi-lambda"
  role_arn = "${aws_iam_role.newsapi_lambda_codepipeline.arn}"

  artifact_store {
    location = "${aws_s3_bucket.newsapi_lambda_builds.bucket}"
    type     = "S3"
  }

  stage {
    name = "Source"

    action {
      name             = "Source"
      category         = "Source"
      owner            = "ThirdParty"
      provider         = "GitHub"
      version          = "1"
      output_artifacts = ["newsapi_lambda"]

      configuration {
        Owner      = "Defozo"
        Repo       = "traceitfor.me_newsapi_lambda"
        Branch     = "master"
      }
    }
  }

  stage {
    name = "Build"

    action {
      name            = "Build"
      category        = "Build"
      owner           = "AWS"
      provider        = "CodeBuild"
      input_artifacts = ["newsapi_lambda"]
      version         = "1"
      role_arn = "${aws_iam_role.newsapi_lambda_codebuild.arn}"

      configuration {
        ProjectName = "newsapi-lambda"
      }
    }
  }
}

执行后terraform apply我得到:

Error: Error running plan: 1 error(s) occurred:

* aws_codepipeline.newsapi_lambda: 1 error(s) occurred:

* aws_codepipeline.newsapi_lambda: Resource 'aws_iam_role.newsapi_lambda_codepipeline' not found for variable 'aws_iam_role.newsapi_lambda_codepipeline.arn'

我不明白为什么会这样。我已经aws_iam_role.newsapi_lambda_codepipeline声明了,不是吗?

4

4 回答 4

9

对于那些遇到aws_ecs_task_definition找不到变量的问题的aws_ecs_task_definition.XXX.arn人,您的 JSON 很可能出现格式错误。这是我为解决我的问题所做的事情

  • 将您的行替换为task_definition = "[]"
  • terraform plan

此时你应该得到一个错误。例如,我得到了

module.tf.aws_ecs_task_definition.sandbox:ECS 任务定义 container_definitions 无效:解码 JSON 时出错:json:无法将字符串解组为 int64 类型的 Go struct 字段 ContainerDefinition.MemoryReservation

memSize在这种情况下,我在 my中引用了template_file它并没有隐式转换为 int64,因此出现了错误。

我改为"memoryReservation": "${mem_size}""memoryReservation": ${mem_size}删除了 task_definition 占位符,一切顺利。

于 2019-04-02T23:34:20.620 回答
7

我相信你的角色声明可能有点错误。并且 terraform 无法为此生成 arn,因此没有找到。

看起来您还需要创建resource "aws_iam_role_policy". 请参阅https://www.terraform.io/docs/providers/aws/r/codepipeline.html 有点不清楚为什么需要拆分。

如果不是这种情况,请告诉我,我会尝试自己运行代码进行测试。

于 2018-03-21T16:00:11.763 回答
3

为了帮助调查此类问题,您可以运行有针对性terraform plan的 . 在我的情况下(从自定义 AWS VPC 模块对 CIDR 块的错误配置引用),运行后

terraform plan --target aws_security_group.something-or-other

Terraform 实际上提供了明确的错误消息,说明我这次到底做错了什么。希望能帮助到你 :)

于 2019-10-30T11:49:54.273 回答
0

由于问题的标题很笼统,我登陆了这个链接。

鉴于存在的事实,我能够找到问题something wrong with the resource which was not found and hence it is not getting created

aws_cloudwatch_event_rule在我的情况下,它是一个变量在“event_pattern”键中没有被正确引用

    event_pattern = <<PATTERN
{
  "source": [
    "aws.ecs"
  ],
  "detail-type": [
    "ECS Task State Change"
  ],
  "detail": {
    "lastStatus": [
        "STOPPED"
    ],
    "desiredStatus": [
        "RUNNING"
    ],
    "clusterArn": [
      ${aws_ecs_cluster.main.arn}
    ]
  }
}
PATTERN
于 2019-04-22T09:04:36.940 回答