使用 Terraform 创建的 S3 存储桶未在控制台中列出
S3 bucket created with Terraform is not being listed in the console
我从 Terraform 开始。我尝试使用这个简单的代码创建一个 S3 存储桶(变量存在但未在此处发布):
resource "aws_s3_bucket" "bucket" {
bucket = "${var.main_prefix}-${var.resource_prefix}-${var.bucket_prefix}-${substr(var.environment_tag,0,3)}-${var.domains[0]}"
acl = "public-read"
tags = local.common_tags
}
问题是 Terraform 说它创建正常,更新了状态,一切似乎都运行良好:
λ terraform apply
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_s3_bucket.bucket will be created
+ resource "aws_s3_bucket" "bucket" {
+ acceleration_status = (known after apply)
+ acl = "public-read"
+ arn = (known after apply)
+ bucket = "*****************************"
+ bucket_domain_name = (known after apply)
+ bucket_regional_domain_name = (known after apply)
+ force_destroy = false
+ hosted_zone_id = (known after apply)
+ id = (known after apply)
+ region = (known after apply)
+ request_payer = (known after apply)
+ tags = {
+ "environment" = "***********"
+ "project" = "***********"
}
+ website_domain = (known after apply)
+ website_endpoint = (known after apply)
+ versioning {
+ enabled = (known after apply)
+ mfa_delete = (known after apply)
}
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_s3_bucket.bucket: Creating...
aws_s3_bucket.bucket: Creation complete after 4s [id=**********************************]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
但存储桶未在 S3 控制台中列出。
之后我无法使用控制台创建相同的存储桶,所以它似乎是 Terraform 创建的:
“同名的桶已经存在”
我可能忘记或做错了什么?
正如 Matt 所建议的那样,存储桶是在不同的帐户中创建的。我解释一下原因,这样大家遇到同样的问题就可以按照步骤操作了。
- 我按照 their documentation 中的说明启用了 Terraform 日志记录。
- 分析日志我发现使用了另一个帐户,而不是我想的那个。
- 正在使用的帐户是在环境变量中配置的,而不是在 AWS credentials file as I supposed. Those environment variables where set many months ago for another project. AWS provider for Terraform has a priority order for getting credentials, specified here. That is why.
- 我确认存储桶是在另一个 AWS 账户上创建的,因此我调用
terraform destroy 删除存储桶以撤消更改。
- 我删除了环境变量并确认了这次使用的凭据文件配置文件中的凭据。
- 使用新凭据调用
terraform plan 和 terraform apply(一段时间后,存储桶名称再次可用于创建)以在正确的帐户中创建存储桶。
我从 Terraform 开始。我尝试使用这个简单的代码创建一个 S3 存储桶(变量存在但未在此处发布):
resource "aws_s3_bucket" "bucket" {
bucket = "${var.main_prefix}-${var.resource_prefix}-${var.bucket_prefix}-${substr(var.environment_tag,0,3)}-${var.domains[0]}"
acl = "public-read"
tags = local.common_tags
}
问题是 Terraform 说它创建正常,更新了状态,一切似乎都运行良好:
λ terraform apply
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_s3_bucket.bucket will be created
+ resource "aws_s3_bucket" "bucket" {
+ acceleration_status = (known after apply)
+ acl = "public-read"
+ arn = (known after apply)
+ bucket = "*****************************"
+ bucket_domain_name = (known after apply)
+ bucket_regional_domain_name = (known after apply)
+ force_destroy = false
+ hosted_zone_id = (known after apply)
+ id = (known after apply)
+ region = (known after apply)
+ request_payer = (known after apply)
+ tags = {
+ "environment" = "***********"
+ "project" = "***********"
}
+ website_domain = (known after apply)
+ website_endpoint = (known after apply)
+ versioning {
+ enabled = (known after apply)
+ mfa_delete = (known after apply)
}
}
Plan: 1 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_s3_bucket.bucket: Creating...
aws_s3_bucket.bucket: Creation complete after 4s [id=**********************************]
Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
但存储桶未在 S3 控制台中列出。 之后我无法使用控制台创建相同的存储桶,所以它似乎是 Terraform 创建的:
“同名的桶已经存在”
我可能忘记或做错了什么?
正如 Matt 所建议的那样,存储桶是在不同的帐户中创建的。我解释一下原因,这样大家遇到同样的问题就可以按照步骤操作了。
- 我按照 their documentation 中的说明启用了 Terraform 日志记录。
- 分析日志我发现使用了另一个帐户,而不是我想的那个。
- 正在使用的帐户是在环境变量中配置的,而不是在 AWS credentials file as I supposed. Those environment variables where set many months ago for another project. AWS provider for Terraform has a priority order for getting credentials, specified here. That is why.
- 我确认存储桶是在另一个 AWS 账户上创建的,因此我调用
terraform destroy删除存储桶以撤消更改。 - 我删除了环境变量并确认了这次使用的凭据文件配置文件中的凭据。
- 使用新凭据调用
terraform plan和terraform apply(一段时间后,存储桶名称再次可用于创建)以在正确的帐户中创建存储桶。