VPC通过Terraform在2个不同的帐户中进行对等



我尝试在新加坡地区的两个vpc之间的两个不同AWS帐户中建立vpc对等连接。我在";vpc_peering_connection";以及";vpc_peering_connection_accepter";在官方网站上。这就是我的代码和失败:

请求者

resource "aws_vpc_peering_connection" "requester" {
provider = aws.anhvq
vpc_id = module.vpc.vpc_id
peer_owner_id = "aws account id of accepter"
# peer_region = "ap-southeast-1"
peer_vpc_id = "vpc id of accepter"
auto_accept = false
tags = local.tags
accepter {
allow_remote_vpc_dns_resolution = true
}
requester {
allow_remote_vpc_dns_resolution = true
}
}

当我运行terraform plan时,没有任何失败。当运行terraform apply时,我收到这个失败:

│ Error: Unable to modify peering options. The VPC Peering Connection "pcx-0e625f0fd4ef93696" is not active. 
Please set `auto_accept` attribute to `true`, or activate VPC Peering Connection manually. 
│
│   with aws_vpc_peering_connection.requester,
│   on vpc.tf line 49, in resource "aws_vpc_peering_connection" "requester":
│   49: resource "aws_vpc_peering_connection" "requester" {
│
╵

但是VPC对等连接仍然创建,我得到了VPC对等ID

接受者

resource "aws_vpc_peering_connection_accepter" "accepter" {
provider = aws.lamnx
vpc_peering_connection_id = "pcx-0e625f0fd4ef93696"
auto_accept = true
accepter {
allow_remote_vpc_dns_resolution = true
}

结果:CCD_ 3和CCD_。

  • 两个帐户中VPC对等的状态都是活动的。但当我在Requester中再次运行terraform apply时,VPC对等被破坏并替换

我下定决心。我在GitHub上读到一期和我的一期一样的文章。所以我想和大家分享一下如何修复它。原因是:

  • Terraform不支持使用vpc对等不同帐户启用DNS解析。它只支持在一个帐户中使用vpc对等
  • 我用resource "aws_vpc_peering_connection_options"修复了它。这是我的工作代码:
resource "aws_vpc_peering_connection" "requester" {
provider = aws.anhvq
vpc_id = module.vpc.vpc_id
peer_owner_id = "aws account id of accepter"
# peer_region = "ap-southeast-1"
peer_vpc_id = "vpc id of accepter"
auto_accept = false
tags = local.tags
}
resource "aws_vpc_peering_connection_accepter" "accepter" {
provider = aws.lamnx
vpc_peering_connection_id = "${aws_vpc_peering_connection.requester.id}"
auto_accept = true
tags = local.tags
}
resource "aws_vpc_peering_connection_options" "requester" {
provider = aws.anhvq
vpc_peering_connection_id = "${aws_vpc_peering_connection.requester.id}"
requester {
allow_remote_vpc_dns_resolution = true
}
}
resource "aws_vpc_peering_connection_options" "accepter" {
provider = aws.lamnx
vpc_peering_connection_id = "${aws_vpc_peering_connection.requester.id}"
accepter {
allow_remote_vpc_dns_resolution = true
}
}

相关内容

  • 没有找到相关文章

最新更新