0

我尝试在 2 个不同 AWS 账户的新加坡地区的 2 个 VPC 之间建立 vpc 对等连接。我按照官网上的“vpc_peering_connection”和“vpc_peering_connection_accepter”的terraform文档。所以这是我的代码和失败:

请求者

resource "aws_vpc_peering_connection" "requester" {
   provider = aws.anhvq
   vpc_id = module.vpc.vpc_id
   peer_owner_id = "aws account id of accepter"
   # peer_region = "ap-southeast-1"
   peer_vpc_id = "vpc id of accepter"
   auto_accept = false

   tags = local.tags
   accepter {
   allow_remote_vpc_dns_resolution = true
 }
   requester {
   allow_remote_vpc_dns_resolution = true
 }
}

当我运行时,terraform plan什么都没有失败。运行时terraform apply,我收到此失败:

│ Error: Unable to modify peering options. The VPC Peering Connection "pcx-0e625f0fd4ef93696" is not active. 
Please set `auto_accept` attribute to `true`, or activate VPC Peering Connection manually. 
│
│   with aws_vpc_peering_connection.requester,
│   on vpc.tf line 49, in resource "aws_vpc_peering_connection" "requester":
│   49: resource "aws_vpc_peering_connection" "requester" {
│
╵

但是仍然创建了 VPC 对等连接,并且我获得了 VPC 对等 ID

接受者

resource "aws_vpc_peering_connection_accepter" "accepter" {
    provider = aws.lamnx
    vpc_peering_connection_id = "pcx-0e625f0fd4ef93696"
    auto_accept = true
    accepter {
    allow_remote_vpc_dns_resolution = true
  }

结果:terraform plan完成terraform apply

  • 两个账户中 VPC 对等互连的状态为活动。但是当我terraform apply再次在Requester中运行时,VPC 对等互连被破坏并被替换。
4

1 回答 1

0

我自己解决。我在 GitHub 上阅读了与我的问题相同的问题。所以我想和大家分享如何解决它。原因是:

  • Terraform 不支持通过 vpc 对等不同帐户启用 DNS 解析。它仅支持在一个帐户中使用 vpc 对等互连。
  • 我通过使用修复它resource "aws_vpc_peering_connection_options"。这是我的工作代码:
resource "aws_vpc_peering_connection" "requester" {
    provider = aws.anhvq
    vpc_id = module.vpc.vpc_id
    peer_owner_id = "aws account id of accepter"
    # peer_region = "ap-southeast-1"
    peer_vpc_id = "vpc id of accepter"
    auto_accept = false

    tags = local.tags

}
resource "aws_vpc_peering_connection_accepter" "accepter" {
    provider = aws.lamnx
    vpc_peering_connection_id = "${aws_vpc_peering_connection.requester.id}"
    auto_accept = true

    tags = local.tags
}
resource "aws_vpc_peering_connection_options" "requester" {
    provider = aws.anhvq
  vpc_peering_connection_id = "${aws_vpc_peering_connection.requester.id}"

  requester {
    allow_remote_vpc_dns_resolution = true
  }
}
resource "aws_vpc_peering_connection_options" "accepter" {
  provider = aws.lamnx
  vpc_peering_connection_id = "${aws_vpc_peering_connection.requester.id}"

  accepter {
    allow_remote_vpc_dns_resolution = true
  }
}
于 2022-01-12T08:52:43.807 回答