如何解决 Terraform 资源错误 UnauthorizedOperation:此操作不支持共享 VPC
How to work through Terraform resource error UnauthorizedOperation: This operation does not support shared VPCs
我是 运行 一个要创建的 terraform .tf 脚本 aws_vpc_endpoint
这里是示例代码
resource "aws_vpc_endpoint" "NewVPCEndpoint" {..}
但是,在调用 terraform apply 时,出现错误
Error creating VPC Endpoint: UnauthorizedOperation: This operation does not support shared VPCs.
status code: 403
我收到此错误的确切原因是什么?
我在不同的 VPC 中尝试了完全相同的 .tf 脚本,它运行良好。
这是 VPC 本身的设置吗?这可能是什么设置?
关于 VPC 和子网,为了
VPC/Subnets 的先决条件 attributes/settings 是什么
resource "aws_vpc_endpoint" "NewVPCEndpoint"
要成功吗?
VPC 可以是 Shared VPC,此时它不支持部署 VPC 端点服务:
VPC sharing allows multiple AWS accounts to create their application resources, such as Amazon EC2 instances, Amazon Relational Database Service (RDS) databases, Amazon Redshift clusters, and AWS Lambda functions, into shared, centrally-managed Amazon Virtual Private Clouds (VPCs). In this model, the account that owns the VPC (owner) shares one or more subnets with other accounts (participants) that belong to the same organization from AWS Organizations. After a subnet is shared, the participants can view, create, modify, and delete their application resources in the subnets shared with them. Participants cannot view, modify, or delete resources that belong to other participants or the VPC owner.
解决方法是部署单独的 VPC(非共享)并设置 VPC 与共享 VPC 的对等。然后,您可以在非共享对等 VPC 中部署 VPC 端点服务,并从所有参与账户的共享 VPC 访问它。
我是 运行 一个要创建的 terraform .tf 脚本 aws_vpc_endpoint
这里是示例代码
resource "aws_vpc_endpoint" "NewVPCEndpoint" {..}
但是,在调用 terraform apply 时,出现错误
Error creating VPC Endpoint: UnauthorizedOperation: This operation does not support shared VPCs.
status code: 403
我收到此错误的确切原因是什么?
我在不同的 VPC 中尝试了完全相同的 .tf 脚本,它运行良好。 这是 VPC 本身的设置吗?这可能是什么设置?
关于 VPC 和子网,为了
VPC/Subnets 的先决条件 attributes/settings 是什么resource "aws_vpc_endpoint" "NewVPCEndpoint"
要成功吗?
VPC 可以是 Shared VPC,此时它不支持部署 VPC 端点服务:
VPC sharing allows multiple AWS accounts to create their application resources, such as Amazon EC2 instances, Amazon Relational Database Service (RDS) databases, Amazon Redshift clusters, and AWS Lambda functions, into shared, centrally-managed Amazon Virtual Private Clouds (VPCs). In this model, the account that owns the VPC (owner) shares one or more subnets with other accounts (participants) that belong to the same organization from AWS Organizations. After a subnet is shared, the participants can view, create, modify, and delete their application resources in the subnets shared with them. Participants cannot view, modify, or delete resources that belong to other participants or the VPC owner.
解决方法是部署单独的 VPC(非共享)并设置 VPC 与共享 VPC 的对等。然后,您可以在非共享对等 VPC 中部署 VPC 端点服务,并从所有参与账户的共享 VPC 访问它。