我尝试在新加坡地区的两个vpc之间的两个不同AWS帐户中建立vpc对等连接。我在";vpc_peering_connection";以及";vpc_peering_connection_accepter";在官方网站上。这就是我的代码和失败:
请求者
resource "aws_vpc_peering_connection" "requester" {
provider = aws.anhvq
vpc_id = module.vpc.vpc_id
peer_owner_id = "aws account id of accepter"
# peer_region = "ap-southeast-1"
peer_vpc_id = "vpc id of accepter"
auto_accept = false
tags = local.tags
accepter {
allow_remote_vpc_dns_resolution = true
}
requester {
allow_remote_vpc_dns_resolution = true
}
}
当我运行terraform plan
时,没有任何失败。当运行terraform apply
时,我收到这个失败:
│ Error: Unable to modify peering options. The VPC Peering Connection "pcx-0e625f0fd4ef93696" is not active.
Please set `auto_accept` attribute to `true`, or activate VPC Peering Connection manually.
│
│ with aws_vpc_peering_connection.requester,
│ on vpc.tf line 49, in resource "aws_vpc_peering_connection" "requester":
│ 49: resource "aws_vpc_peering_connection" "requester" {
│
╵
但是VPC对等连接仍然创建,我得到了VPC对等ID
接受者
resource "aws_vpc_peering_connection_accepter" "accepter" {
provider = aws.lamnx
vpc_peering_connection_id = "pcx-0e625f0fd4ef93696"
auto_accept = true
accepter {
allow_remote_vpc_dns_resolution = true
}
结果:CCD_ 3和CCD_。
- 两个帐户中VPC对等的状态都是活动的。但当我在Requester中再次运行
terraform apply
时,VPC对等被破坏并替换
我下定决心。我在GitHub上读到一期和我的一期一样的文章。所以我想和大家分享一下如何修复它。原因是:
- Terraform不支持使用vpc对等不同帐户启用DNS解析。它只支持在一个帐户中使用vpc对等
- 我用
resource "aws_vpc_peering_connection_options"
修复了它。这是我的工作代码:
resource "aws_vpc_peering_connection" "requester" {
provider = aws.anhvq
vpc_id = module.vpc.vpc_id
peer_owner_id = "aws account id of accepter"
# peer_region = "ap-southeast-1"
peer_vpc_id = "vpc id of accepter"
auto_accept = false
tags = local.tags
}
resource "aws_vpc_peering_connection_accepter" "accepter" {
provider = aws.lamnx
vpc_peering_connection_id = "${aws_vpc_peering_connection.requester.id}"
auto_accept = true
tags = local.tags
}
resource "aws_vpc_peering_connection_options" "requester" {
provider = aws.anhvq
vpc_peering_connection_id = "${aws_vpc_peering_connection.requester.id}"
requester {
allow_remote_vpc_dns_resolution = true
}
}
resource "aws_vpc_peering_connection_options" "accepter" {
provider = aws.lamnx
vpc_peering_connection_id = "${aws_vpc_peering_connection.requester.id}"
accepter {
allow_remote_vpc_dns_resolution = true
}
}