使用 Terraform 创建 AWS 资源时无法解决依赖冲突
not able to resolve dependancy conflict while creating aws resources using terraform
我试图在 AWS 资源下创建,主要是我想做的是,创建一个 ec2 实例、EIP,并将一个 EIP 附加到 AWS 实例,然后使用配置器我想执行一些命令使用 ssh 连接的实例
这里的挑战是,terraform 脚本失败并出现如下错误
$ terraform apply -auto-approve
Error: Invalid expression
on ec2-resource.tf line 16, in resource "aws_instance" "iac-ec2":
16: depends_on = aws_eip_association.eip_assoc.allocation_id
A static list expression is required.
我尝试了 5-6 种不同的方法,在另一种方法中,为了确保 epi 连接到 ec2 实例。
但是由于我们有一个依赖要求,在我们使用 public IP(来自 eip)ssh 之前将 eip 附加到 ec2,连接失败并在部分创建资源后出现超时错误,这意味着它创建了 ec2 但在将 eip 附加到之前ec2,它正在尝试与 ec2 连接,但超时失败
错误:
aws_subnet.iac-subnet1: Creating...
aws_security_group.iac_security_group: Creating...
aws_subnet.iac-subnet1: Creation complete after 1s [id=subnet-0b3e3bb02f60e2993]
aws_instance.iac-ec2: Creating...
aws_internet_gateway.iac_igw: Creation complete after 2s [id=igw-06a40dd6622632c07]
aws_route_table.iac_route_table: Creating...
aws_route_table.iac_route_table: Creation complete after 1s [id=rtb-03051d67fbd61af2c]
aws_main_route_table_association.iac_aws_main_route_table_association: Creating...
aws_route_table_association.iac_subnet_route_table_association: Creating...
aws_security_group.iac_security_group: Creation complete after 3s [id=sg-09a243e7b3247a257]
aws_route_table_association.iac_subnet_route_table_association: Creation complete after 0s [id=rtbassoc-0e8d77a6cb8e36855]
aws_main_route_table_association.iac_aws_main_route_table_association: Creation complete after 1s [id=rtbassoc-06a32196916bc6b55]
time_sleep.wait_300_seconds: Still creating... [10s elapsed]
aws_instance.iac-ec2: Still creating... [10s elapsed]
time_sleep.wait_300_seconds: Still creating... [20s elapsed]
aws_instance.iac-ec2: Still creating... [20s elapsed]
time_sleep.wait_300_seconds: Still creating... [30s elapsed]
aws_instance.iac-ec2: Still creating... [30s elapsed]
time_sleep.wait_300_seconds: Still creating... [40s elapsed]
aws_instance.iac-ec2: Provisioning with 'remote-exec'...
.
.
.
.
aws_instance.iac-ec2 (remote-exec): Connecting to remote host via SSH...
aws_instance.iac-ec2 (remote-exec): Host: <public-ip>
aws_instance.iac-ec2 (remote-exec): User: ec2_user
aws_instance.iac-ec2 (remote-exec): Password: false
aws_instance.iac-ec2 (remote-exec): Private key: true
aws_instance.iac-ec2 (remote-exec): Certificate: false
aws_instance.iac-ec2 (remote-exec): SSH Agent: false
aws_instance.iac-ec2 (remote-exec): Checking Host Key: false
aws_instance.iac-ec2 (remote-exec): Target Platform: unix
aws_instance.iac-ec2: Still creating... [7m1s elapsed]
aws_instance.iac-ec2: Still creating... [7m11s elapsed]
aws_instance.iac-ec2: Still creating... [7m21s elapsed]
aws_instance.iac-ec2: Still creating... [7m31s elapsed]
Error: timeout - last error: dial tcp <public-ip>:22: i/o timeout
下面是代码块
resource "aws_instance" "iac-ec2" {
ami = var.var_ami # ap-south-1
instance_type = var.var_instance_type[0]
key_name = "terraform-singapore"
subnet_id = aws_subnet.iac-subnet1.id
#depends_on = aws_eip_association.eip_assoc-eip.association_id
tags = {
Name = "Iac-EC2"
}
provisioner "remote-exec" {
inline = [
"sudo amazon-linux-extras install -y nginx1.12",
"sudo systemctl start nginx"
]
connection {
type = "ssh"
user = "ec2_user"
private_key = file("./terraform-singapore.pem")
host = aws_eip.iac-eip.public_ip
}
}
}
resource "aws_eip" "iac-eip" {
vpc = true
#instance = aws_instance.iac-ec2.id
tags = {
Name = "IaC-EIP"
}
}
resource "aws_eip_association" "eip_assoc" {
instance_id = aws_instance.iac-ec2.id
allocation_id = aws_eip.iac-eip.id
}
resource "aws_vpc" "iac-vpc" {
cidr_block = var.vpc_cidr
tags = {
Name = "IaC-VPC"
}
}
resource "aws_subnet" "iac-subnet1" {
vpc_id = aws_vpc.iac-vpc.id
cidr_block = var.subnet1_cidr
depends_on = [aws_vpc.iac-vpc]
tags = {
Name = "IaC-Subnet1"
}
}
resource "aws_security_group" "iac_security_group" {
name = "iac_security_group"
description = "Allow HTTP and SSH traffic"
vpc_id = aws_vpc.iac-vpc.id
ingress {
description = "ALLOW SSH TRAFFIC"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "ALLOW HTTP TRAFFIC"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "iac_security_group"
}
}
resource "aws_internet_gateway" "iac_igw" {
vpc_id = aws_vpc.iac-vpc.id
tags = {
Name = "IaC-IGW"
}
}
resource "aws_route_table" "iac_route_table" {
vpc_id = aws_vpc.iac-vpc.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.iac_igw.id
}
tags = {
Name = "IaC_RouteTable"
}
}
resource "aws_route_table_association" "iac_subnet_route_table_association" {
subnet_id = aws_subnet.iac-subnet1.id
route_table_id = aws_route_table.iac_route_table.id
}
resource "aws_network_interface_sg_attachment" "iac_sg_attachment" {
security_group_id = aws_security_group.iac_security_group.id
network_interface_id = aws_instance.iac-ec2.primary_network_interface_id
}
resource "aws_main_route_table_association" "iac_aws_main_route_table_association" {
vpc_id = aws_vpc.iac-vpc.id
route_table_id = aws_route_table.iac_route_table.id
}
我的目标是创建一个 ec2 实例,附加 eip,并使用供应商阻止 运行 实例上的命令。
您的代码中有两个明显的问题:
- 用户名错误。应该是
ec2-user,不是ec2_user.
- 你的配置器放错地方了。在你的情况下,你应该使用
user_data,但为了它,如果你真的想使用供应商,那么它必须是外部的(从实例中删除)到实例并使用 null_resource:
resource "aws_instance" "iac-ec2" {
ami = var.var_ami # ap-south-1
instance_type = var.var_instance_type[0]
key_name = "terraform-singapore"
subnet_id = aws_subnet.iac-subnet1.id
tags = {
Name = "Iac-EC2"
}
}
resource "null_resource" "myprovisioner" {
provisioner "remote-exec" {
inline = [
"sudo amazon-linux-extras install -y nginx1.12",
"sudo systemctl start nginx"
]
connection {
type = "ssh"
user = "ec2-user"
private_key = file("./terraform-singapore.pem")
host = aws_eip.iac-eip.public_ip
}
}
depends_on = [aws_network_interface_sg_attachment.iac_sg_attachment]
}
我试图在 AWS 资源下创建,主要是我想做的是,创建一个 ec2 实例、EIP,并将一个 EIP 附加到 AWS 实例,然后使用配置器我想执行一些命令使用 ssh 连接的实例
这里的挑战是,terraform 脚本失败并出现如下错误
$ terraform apply -auto-approve
Error: Invalid expression
on ec2-resource.tf line 16, in resource "aws_instance" "iac-ec2":
16: depends_on = aws_eip_association.eip_assoc.allocation_id
A static list expression is required.
我尝试了 5-6 种不同的方法,在另一种方法中,为了确保 epi 连接到 ec2 实例。 但是由于我们有一个依赖要求,在我们使用 public IP(来自 eip)ssh 之前将 eip 附加到 ec2,连接失败并在部分创建资源后出现超时错误,这意味着它创建了 ec2 但在将 eip 附加到之前ec2,它正在尝试与 ec2 连接,但超时失败
错误:
aws_subnet.iac-subnet1: Creating...
aws_security_group.iac_security_group: Creating...
aws_subnet.iac-subnet1: Creation complete after 1s [id=subnet-0b3e3bb02f60e2993]
aws_instance.iac-ec2: Creating...
aws_internet_gateway.iac_igw: Creation complete after 2s [id=igw-06a40dd6622632c07]
aws_route_table.iac_route_table: Creating...
aws_route_table.iac_route_table: Creation complete after 1s [id=rtb-03051d67fbd61af2c]
aws_main_route_table_association.iac_aws_main_route_table_association: Creating...
aws_route_table_association.iac_subnet_route_table_association: Creating...
aws_security_group.iac_security_group: Creation complete after 3s [id=sg-09a243e7b3247a257]
aws_route_table_association.iac_subnet_route_table_association: Creation complete after 0s [id=rtbassoc-0e8d77a6cb8e36855]
aws_main_route_table_association.iac_aws_main_route_table_association: Creation complete after 1s [id=rtbassoc-06a32196916bc6b55]
time_sleep.wait_300_seconds: Still creating... [10s elapsed]
aws_instance.iac-ec2: Still creating... [10s elapsed]
time_sleep.wait_300_seconds: Still creating... [20s elapsed]
aws_instance.iac-ec2: Still creating... [20s elapsed]
time_sleep.wait_300_seconds: Still creating... [30s elapsed]
aws_instance.iac-ec2: Still creating... [30s elapsed]
time_sleep.wait_300_seconds: Still creating... [40s elapsed]
aws_instance.iac-ec2: Provisioning with 'remote-exec'...
.
.
.
.
aws_instance.iac-ec2 (remote-exec): Connecting to remote host via SSH...
aws_instance.iac-ec2 (remote-exec): Host: <public-ip>
aws_instance.iac-ec2 (remote-exec): User: ec2_user
aws_instance.iac-ec2 (remote-exec): Password: false
aws_instance.iac-ec2 (remote-exec): Private key: true
aws_instance.iac-ec2 (remote-exec): Certificate: false
aws_instance.iac-ec2 (remote-exec): SSH Agent: false
aws_instance.iac-ec2 (remote-exec): Checking Host Key: false
aws_instance.iac-ec2 (remote-exec): Target Platform: unix
aws_instance.iac-ec2: Still creating... [7m1s elapsed]
aws_instance.iac-ec2: Still creating... [7m11s elapsed]
aws_instance.iac-ec2: Still creating... [7m21s elapsed]
aws_instance.iac-ec2: Still creating... [7m31s elapsed]
Error: timeout - last error: dial tcp <public-ip>:22: i/o timeout
下面是代码块
resource "aws_instance" "iac-ec2" {
ami = var.var_ami # ap-south-1
instance_type = var.var_instance_type[0]
key_name = "terraform-singapore"
subnet_id = aws_subnet.iac-subnet1.id
#depends_on = aws_eip_association.eip_assoc-eip.association_id
tags = {
Name = "Iac-EC2"
}
provisioner "remote-exec" {
inline = [
"sudo amazon-linux-extras install -y nginx1.12",
"sudo systemctl start nginx"
]
connection {
type = "ssh"
user = "ec2_user"
private_key = file("./terraform-singapore.pem")
host = aws_eip.iac-eip.public_ip
}
}
}
resource "aws_eip" "iac-eip" {
vpc = true
#instance = aws_instance.iac-ec2.id
tags = {
Name = "IaC-EIP"
}
}
resource "aws_eip_association" "eip_assoc" {
instance_id = aws_instance.iac-ec2.id
allocation_id = aws_eip.iac-eip.id
}
resource "aws_vpc" "iac-vpc" {
cidr_block = var.vpc_cidr
tags = {
Name = "IaC-VPC"
}
}
resource "aws_subnet" "iac-subnet1" {
vpc_id = aws_vpc.iac-vpc.id
cidr_block = var.subnet1_cidr
depends_on = [aws_vpc.iac-vpc]
tags = {
Name = "IaC-Subnet1"
}
}
resource "aws_security_group" "iac_security_group" {
name = "iac_security_group"
description = "Allow HTTP and SSH traffic"
vpc_id = aws_vpc.iac-vpc.id
ingress {
description = "ALLOW SSH TRAFFIC"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "ALLOW HTTP TRAFFIC"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "iac_security_group"
}
}
resource "aws_internet_gateway" "iac_igw" {
vpc_id = aws_vpc.iac-vpc.id
tags = {
Name = "IaC-IGW"
}
}
resource "aws_route_table" "iac_route_table" {
vpc_id = aws_vpc.iac-vpc.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.iac_igw.id
}
tags = {
Name = "IaC_RouteTable"
}
}
resource "aws_route_table_association" "iac_subnet_route_table_association" {
subnet_id = aws_subnet.iac-subnet1.id
route_table_id = aws_route_table.iac_route_table.id
}
resource "aws_network_interface_sg_attachment" "iac_sg_attachment" {
security_group_id = aws_security_group.iac_security_group.id
network_interface_id = aws_instance.iac-ec2.primary_network_interface_id
}
resource "aws_main_route_table_association" "iac_aws_main_route_table_association" {
vpc_id = aws_vpc.iac-vpc.id
route_table_id = aws_route_table.iac_route_table.id
}
我的目标是创建一个 ec2 实例,附加 eip,并使用供应商阻止 运行 实例上的命令。
您的代码中有两个明显的问题:
- 用户名错误。应该是
ec2-user,不是ec2_user. - 你的配置器放错地方了。在你的情况下,你应该使用
user_data,但为了它,如果你真的想使用供应商,那么它必须是外部的(从实例中删除)到实例并使用null_resource:
resource "aws_instance" "iac-ec2" {
ami = var.var_ami # ap-south-1
instance_type = var.var_instance_type[0]
key_name = "terraform-singapore"
subnet_id = aws_subnet.iac-subnet1.id
tags = {
Name = "Iac-EC2"
}
}
resource "null_resource" "myprovisioner" {
provisioner "remote-exec" {
inline = [
"sudo amazon-linux-extras install -y nginx1.12",
"sudo systemctl start nginx"
]
connection {
type = "ssh"
user = "ec2-user"
private_key = file("./terraform-singapore.pem")
host = aws_eip.iac-eip.public_ip
}
}
depends_on = [aws_network_interface_sg_attachment.iac_sg_attachment]
}