0

terraform 在规划 terraform 时,在调试模式下的日志中会引发以下错误。我在 Windows 机器上使用 aws cli 2.0。该错误仅出现在 aws west 区域部署中。东部工作正常。我尝试在 python 文件夹路径 C:\Program Files (x86)\Microsoft Visual Studio\Shared\Python37_64\Lib\site-packages\certifi 中更新证书链。仍然出现错误。没运气

2021/06/07 19:30:58 [DEBUG] [aws-sdk-go] DEBUG: Send Request ec2/DescribeAccountAttributes failed, attempt 8/25, error RequestError: send request failed
2021-06-07T19:30:58.801+0530 [DEBUG] plugin.terraform-provider-aws_v2.70.0_x4.exe: caused by: Post https://ec2.us-west-2.amazonaws.com/: x509: certificate signed by unknown authority
4

1 回答 1

0

Terraform providers are written in go and it should grab CA certificates from the default OS trust store.

There are a couple of things that can cause given error:

1. AWS CA update

During the last couple of years AWS was migrating to their own Certificate Authority, so this might be related. You can see their announcement blogs here.

For Windows installing latest OS updates should be enough to pull new CA certs.

You can also check AWS docs on how to install their CAs manually here

2. Outdated terraform provider

From provided logs looks like you are using aws provider version 2.70.0. It was build with older version of go that since had some fixes related to certificate validation on Windows. Try updating your provider to latest version

于 2021-09-01T07:39:09.520 回答