无法将 S3 后端与 Terraform 一起使用 - 缺少凭据 [英] Can't use S3 backend with Terraform - missing credentials
问题描述
我有一个 Terraform 样本中最普通的:
I have the most pedestrian of a Terraform sample:
# Configure AWS provider
provider "aws" {
region = "us-east-1"
access_key = "xxxxxxxxx"
secret_key = "yyyyyyyyyyy"
}
# Terraform configuration
terraform {
backend "s3" {
bucket = "terraform.example.com"
key = "85/182/terraform.tfstate"
region = "us-east-1"
}
}
当我运行 terraform init 时,我收到以下(跟踪)响应:
When I run terraform init I receive the following (traced) response:
2018/08/14 14:19:13 [INFO] Terraform version: 0.11.7 41e50bd32a8825a84535e353c3674af8ce799161
2018/08/14 14:19:13 [INFO] Go runtime version: go1.10.1
2018/08/14 14:19:13 [INFO] CLI args: []string{"C:\\cygwin64\\usr\\local\\bin\\terraform.exe", "init"}
2018/08/14 14:19:13 [DEBUG] Attempting to open CLI config file: C:\Users\judall\AppData\Roaming\terraform.rc
2018/08/14 14:19:13 [DEBUG] File doesn't exist, but doesn't need to. Ignoring.
2018/08/14 14:19:13 [INFO] CLI command args: []string{"init"}
2018/08/14 14:19:13 [DEBUG] command: loading backend config file: C:\cygwin64\home\judall\t2
2018/08/14 14:19:13 [DEBUG] command: no data state file found for backend config
Initializing the backend...
2018/08/14 14:19:13 [DEBUG] New state was assigned lineage "5113646b-318f-9612-5057-bc4803292c3a"
2018/08/14 14:19:13 [INFO] Building AWS region structure
2018/08/14 14:19:13 [INFO] Building AWS auth structure
2018/08/14 14:19:13 [INFO] Setting AWS metadata API timeout to 100ms
2018/08/14 14:19:13 [INFO] Ignoring AWS metadata API endpoint at default location as it doesn't return any instance-id
2018/08/14 14:19:13 [DEBUG] plugin: waiting for all plugin processes to complete...
Error configuring the backend "s3": No valid credential sources found for AWS Provider.
Please see https://terraform.io/docs/providers/aws/index.html for more information on
providing credentials for the AWS Provider
Please update the configuration in your Terraform files to fix this error
then run this command again.
我已经在谷歌上搜索了几个小时.我尝试使用 'profile' 属性 - 它产生的跟踪日志略有不同,但最终结果相同.我试过设置 AWS_ 环境变量 - 结果相同.
I've been googling for hours on this. I've tried to use the 'profile' property - which yields slightly different trace logs, but the same end result. I've tried setting the AWS_ environment variables - with the same result.
我正在运行 terraform 版本 0.11.7.有什么建议吗?
I'm running terraform version 0.11.7. Any suggestions?
推荐答案
provider
配置独立于您的 backend
配置.
The provider
configuration is independent from your backend
configuration.
您在 provider
块中配置的凭证用于创建您的 AWS 相关资源.要访问 S3 存储桶作为远程状态的存储,您还需要提供凭据.这可以与您的 provider
的配置相同,也可以完全不同(出于安全原因,仅在此特定存储桶上具有权限).
The credentials, you have configured in the provider
block, are used to create your AWS related resources. For accessing S3 bucket as a storage for your remote state, you also need to provide credentials. This can be the same like in the config for your provider
or can be completely different (with permissions only on this specific bucket for security reasons).
您可以通过在 backend
块中添加凭据来修复它:
You can fix it by adding the credentials in the backend
block:
# Terraform configuration
terraform {
backend "s3" {
bucket = "terraform.example.com"
key = "85/182/terraform.tfstate"
region = "us-east-1"
access_key = "xxxxxxxxx"
secret_key = "yyyyyyyyyyy"
}
}
或者您可以在您的主目录中创建一个 AWS(默认)配置文件 (文档)并删除您的 terraform 代码中的凭据(首选选项,当您将配置存储在版本控制系统中时).
Or you can create an AWS (default) profile in your home directory (Docs) and remove your credentials in your terraform code (preferred option, when you store your config in a version control system).
这篇关于无法将 S3 后端与 Terraform 一起使用 - 缺少凭据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!