如何创建有权放置terraform.tfstate文件的S3存储桶?如何将tfstate放入存储桶?正确的方法是什么?
How do I create an S3 bucket that has access to put a terraform.tfstate file? How do I get the tfstate into the bucket? What is the proper way to do this?
首先,我花了6个多小时试图弄清楚这一点.我看到了类似帖子,其中包含由MFA引起的问题.那不是我的问题.
To preface, I have spent over 6 hours trying to figure this out. I saw the similar post with a problem caused by MFA. That's not my issue.
我正在使用相同的代码来创建EC2实例,VPC和其他资源.
I'm using the same code to create EC2 instances, VPC and other resources just fine.
---[ REQUEST POST-SIGN ]----------------------------- GET /?prefix=env%3A%2F HTTP/1.1 Host: tfstate-neonaluminum.s3.us-east-2.amazonaws User-Agent: aws-sdk-go/1.10.36 (go1.9.2; darwin; amd64) APN/1.0 HashiCorp/1.0 Terraform/0.11.1 Authorization: AWS4-HMAC-SHA256 Credential=<CUT>/20171215/us-east-2/s3/aws4_request, SignedHeaders=host;x-amz-content-sha256;x-amz-date, Signature=<CUT> X-Amz-Content-Sha256: <CUT> X-Amz-Date: 20171215T103755Z Accept-Encoding: gzip ----------------------------------------------------- 2017/12/15 04:37:55 [DEBUG] [aws-sdk-go] DEBUG: Response s3/ListObjects Details: ---[ RESPONSE ]-------------------------------------- HTTP/1.1 403 Forbidden Connection: close Transfer-Encoding: chunked Content-Type: application/xml Date: Fri, 15 Dec 2017 10:37:55 GMT Server: AmazonS3 X-Amz-Bucket-Region: us-east-2 X-Amz-Id-2: UwWJlCAtabKny2Ncam+D7/s9Rozjw43ozsVNdtZgQqPSXoSvZbO3JnuPz3B9cmLcgYea6x8xPqQ= X-Amz-Request-Id: 470C02B96A60090B这是.tf代码:
provider "aws" { access_key = "${var.aws_access_key}" secret_key = "${var.aws_secret_key}" region = "${var.region}" } terraform { backend "s3" { bucket = "tfstate-neonaluminum" key = "terraform.tfstate" region = "us-east-2" } } resource "aws_s3_bucket" "terraform_state_bucket" { bucket = "tfstate-neonaluminum" acl = "private" tags { management = "terraform" } }希望我没有遗漏任何必要的细节-在stackoverflow上提问的新手.
Hope I didn't leave out any necessary details - new to asking questions on stackoverflow.
推荐答案不幸的是,这是使用S3作为Terraform后端的一个警告.您需要手动创建存储分区.有时-一种常见的模式是一个组织将拥有多个AWS账户(由于多种原因-不仅是Terraform状态)-这可能是一个选择,可以在该账户中创建S3存储桶,这样您就可以保留所有由Terraform定义的其他帐户的基础结构-但就我个人而言,我只是在自己的帐户中手动创建了该基础结构.
Unfortunately that's the one caveat for using S3 as your backend to Terraform; you'll need to create the bucket manually. At times - a common pattern is that an organization will have multiple AWS accounts (For a variety of reasons - not just Terraform state) - this could be a possible option, to throw create your S3 bucket in that account, that way you can keep all of your other account's infrastructure defined by Terraform - but personally, I just create it by hand in my own account.
您可以做的一件事是,如果要使用Terraform对其进行管理,请在terraform import之后导入存储桶,当然,仍然存在鸡肉和鸡蛋问题.或者-在创建存储桶时首先使用本地状态,然后再定义它;但是,无论哪种方式,您都无法通过资源对象动态引用存储桶.
One thing you can do, is import the bucket after the fact with terraform import if you wanted to manage it with Terraform, just of course there's the chicken and the egg problem still. Or - use a local state initially while creating the bucket, and then define it later; however either way you would not be able to dynamically reference the bucket via the resource object.
但是,不能-您不能同时使用Terraform创建存储桶并将其设置为您的状态.
But no - you cannot simultaneously create the bucket with Terraform while also setting it to your state.
更多推荐
terraform后端s3存储桶创建返回403,带Terraform 0.11.1
发布评论