这有效:
resource "aws_launch_template" "instances" {
...
block_device_mappings {
device_name = "/dev/xvdb"
ebs {
volume_type = "gp2"
volume_size = 250
delete_on_termination = true
}
}
但是,当我尝试添加此信息时:
block_device_mappings {
device_name = "/dev/xvdb"
ebs {
volume_type = "gp2"
volume_size = 250
delete_on_termination = true
encrypted = true
kms_key_id = "${data.aws_kms_key.instances.id}"
}
}
所以,我无法添加加密件。密钥存在,已启用并具有访问它的权限。当我删除加密线时,计划运行到完成,因此显然会适用。
Terraform计划显示:
Error: Error running plan: 1 error(s) occurred:
* module.asg_instances.aws_autoscaling_group.instances_asg: 1 error(s) occurred:
* module.asg_instances.aws_autoscaling_group.instances_asg: Resource 'aws_launch_template.instances_lt' not found for variable 'aws_launch_template.instances_lt.id'
ASG的代码为:
resource "aws_autoscaling_group" "instances_asg" {
max_size = 5
min_size = 2
min_elb_capacity = 2
health_check_grace_period = 300
health_check_type = "ELB"
desired_capacity = 3
force_delete = false
vpc_zone_identifier = ["${data.aws_subnet_ids.instances_subnets.*.id}"]
load_balancers = ["${aws_elb.instances_elb.name}"]
launch_template {
id = "${aws_launch_template.instances_lt.id}"
version = "$$Latest"
}
lifecycle {
create_before_destroy = true
}
}
显然,当我拥有加密线路导致ASG中引用其失败时,启动模板甚至不会创建。它在启动模板上没有出错,甚至无法创建它。
意图是基于此启动模板创建ASG,该模板使用加密的非根卷创建实例
有什么想法我做错了什么?
两个人如何编写相似的代码并犯同样的错误?大声笑
我遇到了这篇文章,我的代码非常相似。我设法调试并修复它。问题是此代码是错误的。
blockquote
kms_key_id = "${data.aws_kms_key.instances.id}"
应该是:
blockquote
kms_key_id = "${data.aws_kms_key.instances.arn}"
它可能会派上用场。因此,发布它。