我正在尝试在帐户之间创建VPC对等并自动接受它,但它失败并显示权限错误。为什么在尝试在Terraform中auto_accept vpc对等时收到权限错误?
这里是提供商在main.tf
provider "aws" {
region = "${var.region}"
shared_credentials_file = "/Users/<username>/.aws/credentials"
profile = "sandbox"
}
data "aws_caller_identity" "current" { }
这里是vpc_peer模块:
resource "aws_vpc_peering_connection" "peer" {
peer_owner_id = "${var.peer_owner_id}"
peer_vpc_id = "${var.peer_vpc_id}"
vpc_id = "${var.vpc_id}"
auto_accept = "${var.auto_accept}"
accepter {
allow_remote_vpc_dns_resolution = true
}
requester {
allow_remote_vpc_dns_resolution = true
}
tags {
Name = "VPC Peering between ${var.peer_vpc_id} and ${var.vpc_id}"
}
}
这里在maint.ft
模块执行module "peering" {
source = "../modules/vpc_peer"
region = "${var.region}"
peer_owner_id = "<management account number>"
peer_vpc_id = "<vpc-********>"
vpc_id = "${module.network.vpc_id}"
auto_accept = "true"
}
现在,我从“沙盒”提供商使用的IAM用户具有管理帐户中的VPC中的VPC对等的权限。
我使用AWS以下步骤:http://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html
不幸的是我一直用下面的错误而失败:
1 error(s) occurred:
* aws_vpc_peering_connection.peer: Unable to accept VPC Peering Connection: OperationNotPermitted: User 651267440910 cannot accept peering pcx-f9c55290
status code: 400, request id: cfbe1163-241e-413b-a8de-d2bca19726e5
任何想法?
谢谢安东尼,我找到了解决这个问题的方法。 通过运行local_exec和aws cli命令来接受远程帐户上的同位体。 –
太棒了!很高兴你解决了你的问题。 –