使用Terraform 0.7.7。Terraform无法将密钥对导入Amazon EC2
我有以下简单的Terraform文件:
provider "aws" {
access_key = "${var.access_key}"
secret_key = "${var.secret_key}"
region = "${var.region}"
}
resource "aws_instance" "personal" {
ami = "${lookup(var.amis, var.region)}"
instance_type = "t2.micro"
}
resource "aws_eip" "ip" {
instance = "${aws_instance.personal.id}"
}
resource "aws_key_pair" "personal" {
key_name = "mschuchard-us-east"
public_key = "${var.public_key}"
}
Terraform apply
产生以下错误:
aws_key_pair.personal: Creating...
fingerprint: "" => "<computed>"
key_name: "" => "mschuchard-us-east"
public_key: "" => "ssh-rsa pubkey hash mschuchard-us-east"
aws_instance.personal: Creating...
ami: "" => "ami-c481fad3"
availability_zone: "" => "<computed>"
ebs_block_device.#: "" => "<computed>"
ephemeral_block_device.#: "" => "<computed>"
instance_state: "" => "<computed>"
instance_type: "" => "t2.micro"
key_name: "" => "<computed>"
network_interface_id: "" => "<computed>"
placement_group: "" => "<computed>"
private_dns: "" => "<computed>"
private_ip: "" => "<computed>"
public_dns: "" => "<computed>"
public_ip: "" => "<computed>"
root_block_device.#: "" => "<computed>"
security_groups.#: "" => "<computed>"
source_dest_check: "" => "true"
subnet_id: "" => "<computed>"
tenancy: "" => "<computed>"
vpc_security_group_ids.#: "" => "<computed>"
aws_instance.personal: Creation complete
aws_eip.ip: Creating...
allocation_id: "" => "<computed>"
association_id: "" => "<computed>"
domain: "" => "<computed>"
instance: "" => "i-0ab94b58b0089697d"
network_interface: "" => "<computed>"
private_ip: "" => "<computed>"
public_ip: "" => "<computed>"
vpc: "" => "<computed>"
aws_eip.ip: Creation complete
Error applying plan:
1 error(s) occurred:
* aws_key_pair.personal: Error import KeyPair: InvalidKeyPair.Duplicate: The keypair 'mschuchard-us-east' already exists.
status code: 400, request id: 51950b9a-55e8-4901-bf35-4d2be234abbf
我发现谷歌搜索的唯一帮助是吹走*.tfstate
文件,这些文件我试过了,但没有帮助。我可以用这个密钥对启动一个带有gui的EC2实例,并且可以很容易地进入它,但是Terraform在尝试使用相同的全功能密钥对时出错。
在我的情况下,它将是'aws_key_pair.personal'的导入。无论如何,在与证书战斗一段时间后,放弃让Terraform使用凭证文件后,我成功导入并运行了'terraform apply'。然后我意识到资源实际上在做什么以及如何将'key_name'与实例相关联。 Terraform对用户非常不友好,确实需要更高级的教程。进行编辑导入命令,我会接受这个答案。 –
也盯着EC2实例仪表板让我意识到我也需要'vpc_security_group_ids'。现在我实际上可以成功地将ssh写入由Terraform创建的EC2实例中,但是'$ {aws_instance.personal.public_dns}'的输出是完全不准确的,所以我在我面前再有一次爆炸头对话会话。 –