1. 首页
  2. 问答
  3. Terraform无法将密钥对导入Amazon EC2

Terraform无法将密钥对导入Amazon EC2

2016-10-19 36 views
2

使用Terraform 0.7.7。Terraform无法将密钥对导入Amazon EC2

我有以下简单的Terraform文件:

provider "aws" { 
    access_key = "${var.access_key}" 
    secret_key = "${var.secret_key}" 
    region  = "${var.region}" 
} 

resource "aws_instance" "personal" { 
    ami   = "${lookup(var.amis, var.region)}" 
    instance_type = "t2.micro" 
} 

resource "aws_eip" "ip" { 
    instance = "${aws_instance.personal.id}" 
} 

resource "aws_key_pair" "personal" { 
    key_name = "mschuchard-us-east" 
    public_key = "${var.public_key}" 
}

Terraform apply产生以下错误:

aws_key_pair.personal: Creating... 
    fingerprint: "" => "<computed>" 
    key_name: "" => "mschuchard-us-east" 
    public_key: "" => "ssh-rsa pubkey hash mschuchard-us-east" 
aws_instance.personal: Creating... 
    ami:      "" => "ami-c481fad3" 
    availability_zone:  "" => "<computed>" 
    ebs_block_device.#:  "" => "<computed>" 
    ephemeral_block_device.#: "" => "<computed>" 
    instance_state:   "" => "<computed>" 
    instance_type:   "" => "t2.micro" 
    key_name:     "" => "<computed>" 
    network_interface_id:  "" => "<computed>" 
    placement_group:   "" => "<computed>" 
    private_dns:    "" => "<computed>" 
    private_ip:    "" => "<computed>" 
    public_dns:    "" => "<computed>" 
    public_ip:    "" => "<computed>" 
    root_block_device.#:  "" => "<computed>" 
    security_groups.#:  "" => "<computed>" 
    source_dest_check:  "" => "true" 
    subnet_id:    "" => "<computed>" 
    tenancy:     "" => "<computed>" 
    vpc_security_group_ids.#: "" => "<computed>" 
aws_instance.personal: Creation complete 
aws_eip.ip: Creating... 
    allocation_id:  "" => "<computed>" 
    association_id: "" => "<computed>" 
    domain:   "" => "<computed>" 
    instance:   "" => "i-0ab94b58b0089697d" 
    network_interface: "" => "<computed>" 
    private_ip:  "" => "<computed>" 
    public_ip:   "" => "<computed>" 
    vpc:    "" => "<computed>" 
aws_eip.ip: Creation complete 
Error applying plan: 

1 error(s) occurred: 

* aws_key_pair.personal: Error import KeyPair: InvalidKeyPair.Duplicate: The keypair 'mschuchard-us-east' already exists. 
status code: 400, request id: 51950b9a-55e8-4901-bf35-4d2be234abbf

我发现谷歌搜索的唯一帮助是吹走*.tfstate文件,这些文件我试过了,但没有帮助。我可以用这个密钥对启动一个带有gui的EC2实例,并且可以很容易地进入它,但是Terraform在尝试使用相同的全功能密钥对时出错。

来源

2016-10-19 Matt Schuchard

回答

5

错误是告诉您密钥对已经存在于您的AWS账户中,但Terraform在其状态文件中不知道它,所以每次都试图创建它。

您在这里有两种选择。首先,您可以简单地从AWS账户中删除它,并允许Terraform上传它,从而允许它由Terraform进行管理并处于其状态文件中。

另外,您可以使用Terraform import命令导入预先存在的资源到你的状态文件:

terraform import aws_key_pair.personal mschuchard-us-east

来源

2016-10-19 13:53:41 ydaetskcoR

+1

在我的情况下,它将是'aws_key_pair.personal'的导入。无论如何,在与证书战斗一段时间后,放弃让Terraform使用凭证文件后,我成功导入并运行了'terraform apply'。然后我意识到资源实际上在做什么以及如何将'key_name'与实例相关联。 Terraform对用户非常不友好,确实需要更高级的教程。进行编辑导入命令,我会接受这个答案。 –

+0

也盯着EC2实例仪表板让我意识到我也需要'vpc_security_group_ids'。现在我实际上可以成功地将ssh写入由Terraform创建的EC2实例中,但是'$ {aws_instance.personal.public_dns}'的输出是完全不准确的,所以我在我面前再有一次爆炸头对话会话。 –

2

错误表示密钥对已经存在于AWS中,并且没有说明它是使用Terraform还是使用控制台创建的。

您应该在AWS控制台EC2 -> Key Pairs中看到正确的区域。在重试使用Terraform导入之前,应该使用控制台将其删除。

来源

2016-10-19 13:33:28

+0

等待,根据本https://www.terraform.io/docs/providers/aws /r/key_pair.html我无法使用Terraform创建密钥对。另外,如果我从控制台中删除密钥对,我如何知道公钥在Terraform中指定它? –

+0

正确的是,您不能使用Terraform创建EC2密钥对,但您可以在本地创建它(隐藏)并从中获取公钥('ssh-keygen -y -f myssh.key> myssh.pub')你可以把它放到资源'aws_key_pair'中。 –

相关问题

 相关问题