1

我无法让 terraform AWS 提供商与localstack 交谈。无论我尝试什么,我都会得到同样的错误:

Error: error configuring Terraform AWS Provider: error validating provider credentials: error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid.
    status code: 403, request id: dc96c65d-84a7-4e64-947d-833195464538

此错误表明提供程序正在与 HTTP 服务器联系,但凭据被拒绝(根据任何403)。您可能会想象问题是我输入了错误的凭据(通过环境变量)。

但是主机名local-aws存在于我的/etc/hosts文件中,但blahblahblah不存在。如果我将端点交换为指向http://blahblahblah:4566我仍然得到相同的 403。所以我认为问题在于提供者没有使用我的本地端点。我不知道为什么。

resource "aws_secretsmanager_secret_version" "foo" {
  secret_id = aws_secretsmanager_secret.foo.id
  secret_string = "bar"
}

resource "aws_secretsmanager_secret" "foo" {
    name = "rabbitmq_battery_emulator"
}

provider "aws" {
  region = "eu-west-2"
  endpoints {
    secretsmanager = "http://local-aws:4566"
  }
}
4

1 回答 1

2

首先检查 localstack 是否配置为运行sts。在 docker-compose 中,这只是 SERVICES 环境变量:

services:
  local-aws:
    image: localstack/localstack
    environment:
      EDGE_PORT: 4566
      SERVICES: secretsmanager, sts

然后确保设置sts端点以及所需的服务:

provider "aws" {
  region = "eu-west-2"
  endpoints {
    sts = "http://local-aws:4566"
    secretsmanager = "http://local-aws:4566"
  }
}
于 2020-10-28T15:42:01.053 回答