amazon-web-services - Terraform无法创建角色并为AWS现货车队资源分配角色 - Thinbug

Terraform无法创建角色并为AWS现货车队资源分配角色

时间：2018-06-04 03:30:44

标签： amazon-web-services terraform

使用terraform示例here启动现场车队时，我需要提供所需的值。

iam_fleet_role      = "arn:aws:iam::12345678:role/spot-fleet"

但是，我不想提供帐号，所以我想创建一个角色并附加“AmazonEC2SpotFleetTaggingRole”政策，所以我写了下面的代码，但是我收到了错误：

* aws_spot_fleet_request.cheap_compute: "iam_fleet_role" doesn't look like a valid ARN ("^arn:[\\w-]+:([a-zA-Z0-9\\-])+:([a-z]{2}-(gov-)?[a-z]+-\\d{1})?:(\\d{12})?:(.*)$"): "test_role"

我做错了什么或者我应该以其他方式做错？

 resource "aws_iam_role" "test_role" {
      name = "test_role"

      assume_role_policy = <<EOF
    {
      "Version": "2012-10-17",
      "Statement": [
        {
          "Action": "sts:AssumeRole",
          "Principal": {
            "Service": "ec2.amazonaws.com"
          },
          "Effect": "Allow",
          "Sid": ""
        }
      ]
    }
    EOF
    }
    resource "aws_iam_role_policy_attachment" "AmazonEC2SpotFleetTaggingRole-policy-attachment" {
        role = "${aws_iam_role.test_role.name}"
        policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetTaggingRole"
    }


# Request a Spot fleet
resource "a`enter code here`ws_spot_fleet_request" "cheap_compute" {
  iam_fleet_role      = "${aws_iam_role_policy_attachment.AmazonEC2SpotFleetTaggingRole-policy-attachment.role}"
  spot_price          = "0.77"
  allocation_strategy = "diversified"
  target_capacity     = 2
  valid_until         = "2018-06-11T20:44:20Z"

  launch_specification {
    instance_type     = "t2.micro"
    ami               = "ami-1853ac65"
    spot_price        = "0.777"
    availability_zone = "us-east-1a"

    tags {
    Name = "spot-fleet-example"
    }
  } 
}

1 个答案:

答案 0 :(得分：2)

这里有几个问题：

Spot Fleet role要求您为spotfleet.amazonaws.com
您错误地引用了创建的角色，您需要引用arn资源的aws_iam_role属性

实施例

如上所述创建您的Spot Fleet角色：

resource "aws_iam_role" "example" {
  name = "example-fleet-role"
  policy = <<EOF
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Sid": "",
      "Effect": "Allow",
      "Principal": {
        "Service": "spotfleet.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
EOF
}

将AWS托管策略附加到角色

resource "aws_iam_role_policy_attachment" "AmazonEC2SpotFleetTaggingRole-policy-attachment" {
  role = "${aws_iam_role.example.name}"
  policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2SpotFleetTaggingRole"
}

使用`arn`

中的aws_iam_role属性，将角色用于现货船队请求

resource "aws_spot_fleet_request" "cheap_compute" {
  iam_fleet_role      = "${aws_iam_role.example.arn}"
  spot_price          = "0.77"
  allocation_strategy = "diversified"
  target_capacity     = 2
  valid_until         = "2018-06-11T20:44:20Z"

  launch_specification {
    instance_type     = "t2.micro"
    ami               = "ami-1853ac65"
    spot_price        = "0.777"
    availability_zone = "us-east-1a"

    tags {
    Name = "spot-fleet-example"
    }
  } 
}