variable "server_port" {
description = "web server port"
default = 8080
}
resource "aws_launch_configuration" "example" {
image_id = "ami-0bea7fd38fabe821a"
instance_type = "t2.micro"
security_groups = ["${aws_security_group.instance.id}"]
user_data = <<-EOF
#!/bin/bash
echo "Hello, World" > index.html
nohup busynox httpd -f -p "${var.server_port}" &
EOF
lifecycle {
create_before_destroy = true
}
}
resource "aws_autoscaling_group" "example" {
launch_configuration = "${aws_launch_configuration.example.id}"
load_balancers = ["${aws_elb.example.name}"]
health_check_type = "ELB"
min_size = 2
max_size = 10
tag {
key = "Name"
value = "terraform-asg-example"
propagate_at_launch = true
}
}
resource "aws_security_group" "instance" {
name = "terraform-example-instance"
ingress {
from_port = "${var.server_port}"
to_port = "${var.server_port}"
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
lifecycle {
create_before_destroy = true
}
}
resource "aws_elb" "example" {
name = "terraform-asg-example"
security_groups = ["${aws_security_group.elb.id}"]
listener {
lb_port = 80
lb_protocol = "http"
instance_port = "${var.server_port}"
instance_protocol = "http"
}
health_check {
healthy_threshold = 2
unhealthy_threshold = 2
timeout = 3
interval = 30
target = "HTTP:${var.server_port}/"
}
}
resource "aws_security_group" "elb" {
name = "terraform-example-elb"
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
[错误:创建安全组时出错:未授权操作:您无权执行此操作。 状态代码:403,请求 ID:C2E34351-7FA9-4F7E-845A-77458485BFE9
在 web_infra.tf 第 37 行,在资源"aws_security_group"实例"中: 37:资源"aws_security_group"实例"{
错误:创建安全组时出错:未授权操作:您无权执行此操作。 状态代码:403,请求 ID:4229E1AE-A46D-42FC-8BAB-4BB0B7CCD656
在 web_infra.tf 第 73 行,在资源"aws_security_group"ELB"中: 73:资源"aws_security_group"ELB"{]
我的 IAM 权限是管理员访问权限。
我找到了答案。
1. aws sts get-session-token --profile default --serial-number arn:aws:iam::3423412:mfa/test@test.com --token-code 509939
2. credentials file
[mfa]
aws_arn_mfa =
aws_access_key_id =
aws_secret_access_key =
aws_session_token =
region =
3. terraform provier file
provider "aws" {
region = " "
shared_credentials_file = "credentials file"
profile = "mfa"
}