Termination Reason: Client.InternalError: Client error on launch
Termination Reason: Client.InternalError: Client error on launch
请帮忙
如何确保 EC2 使用自定义 KMS 密钥;我们正在使用 terraform 部署 EC2 实例,每次在自动缩放组中启动 EC2 实例时,它都会崩溃并出现以下错误。似乎 EC2 实例无法访问 KMS 密钥
错误: 终止原因:Client.InternalError:启动时客户端错误
resource "aws_autoscaling_group" "autoscaling-group" {
name = var.name
availability_zones = var.availability_zones
min_size = var.min_size
desired_capacity = var.desired_capacity
max_size = var.max_size
health_check_type = "EC2"
launch_configuration = aws_launch_configuration.launch_configuration.name
vpc_zone_identifier = local.subnet_id
termination_policies = ["OldestInstance"]
}
resource "aws_launch_configuration" "launch_configuration" {
name = var.name
image_id = var.ami
instance_type = var.instance_type
iam_instance_profile = var.iam_instance_profile_name
security_groups = [aws_security_group.security_group.id]
associate_public_ip_address = true
}
resource "aws_autoscaling_policy" "autoscaling-policy" {
name = var.name
policy_type = "TargetTrackingScaling"
estimated_instance_warmup = "90"
adjustment_type = "ChangeInCapacity"
autoscaling_group_name = aws_autoscaling_group.autoscaling-group.name
}
--
谢谢
您可以使用 TF_LOG=DEBUG 执行计划以获取有关缺少内容的更多详细信息。您主要需要 Service-Linked role 才能通过权限问题
谢谢大家的支持,我才得以解决;问题在于 ec2 自动缩放服务的 kms 密钥授予
我们使用了以下模块,问题得到解决
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_grant
resource "aws_kms_grant" "a" {
name = "my-grant"
key_id = aws_kms_key.a.key_id
grantee_principal = aws_iam_role.a.arn
operations = ["Encrypt", "Decrypt", "GenerateDataKey"]
}
请帮忙
如何确保 EC2 使用自定义 KMS 密钥;我们正在使用 terraform 部署 EC2 实例,每次在自动缩放组中启动 EC2 实例时,它都会崩溃并出现以下错误。似乎 EC2 实例无法访问 KMS 密钥
错误: 终止原因:Client.InternalError:启动时客户端错误
resource "aws_autoscaling_group" "autoscaling-group" {
name = var.name
availability_zones = var.availability_zones
min_size = var.min_size
desired_capacity = var.desired_capacity
max_size = var.max_size
health_check_type = "EC2"
launch_configuration = aws_launch_configuration.launch_configuration.name
vpc_zone_identifier = local.subnet_id
termination_policies = ["OldestInstance"]
}
resource "aws_launch_configuration" "launch_configuration" {
name = var.name
image_id = var.ami
instance_type = var.instance_type
iam_instance_profile = var.iam_instance_profile_name
security_groups = [aws_security_group.security_group.id]
associate_public_ip_address = true
}
resource "aws_autoscaling_policy" "autoscaling-policy" {
name = var.name
policy_type = "TargetTrackingScaling"
estimated_instance_warmup = "90"
adjustment_type = "ChangeInCapacity"
autoscaling_group_name = aws_autoscaling_group.autoscaling-group.name
}
-- 谢谢
您可以使用 TF_LOG=DEBUG 执行计划以获取有关缺少内容的更多详细信息。您主要需要 Service-Linked role 才能通过权限问题
谢谢大家的支持,我才得以解决;问题在于 ec2 自动缩放服务的 kms 密钥授予 我们使用了以下模块,问题得到解决
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_grant
resource "aws_kms_grant" "a" {
name = "my-grant"
key_id = aws_kms_key.a.key_id
grantee_principal = aws_iam_role.a.arn
operations = ["Encrypt", "Decrypt", "GenerateDataKey"]
}