Terraform 在创建 AWS RDS 实例时出现子网错误
Terraform giving subnet error while creating AWS RDS instance
我正在通过 Terraform 创建 AWS RDS 只读副本,运行正在应用时出现错误:
Error: Error creating DB Subnet Group: InvalidParameterValue: Some input subnets in :[subnet-0****a, subnet-0****d] are invalid.
status code: 400, request id: 6c*****
on .terraform/modules/rds_replica/main.tf line 140, in resource "aws_db_subnet_group" "db_subnet_group":
140: resource "aws_db_subnet_group" "db_subnet_group" {
这两个子网是我的 vpc 中的 public 个子网。他们在 2 个不同的可用区 1a 和 1b
这就是我 运行 terraform 计划的结果:
# module.rds_replica.aws_db_subnet_group.db_subnet_group[0] will be created
+ resource "aws_db_subnet_group" "db_subnet_group" {
+ arn = (known after apply)
+ description = "Database subnet group for app-replica"
+ id = (known after apply)
+ name = (known after apply)
+ name_prefix = "app-replica-"
+ subnet_ids = [
+ "subnet-0****a",
+ "subnet-0****d",
]
}
这是我的 rds.tf 代码的一部分:
module "rds_replica" {
source = "git@github.com:*****"
providers = {
aws = aws.west
}
read_replica = "true"
# point to the main instance's ARN
source_db = "arn****"
name = var.rds_name_app_replica
engine = var.rds_engine_app_replica
engine_version = var.rds_engine_version_app_replica
family = var.rds_family_app_replica
instance_class = var.rds_instance_class_app_replica
# NOTE: Using same password as primary 'rds_app' instance generated above
password = ""
port = var.rds_port_app_replica
security_groups = [aws_security_group.rds_app.id]
subnets = [module.vpc.public_subnets]
auto_minor_version_upgrade = var.rds_auto_minor_version_upgrade_app_replica
backup_retention_period = var.rds_backup_retention_period_app_replica
这是使用的模块的一部分:
resource "aws_db_subnet_group" "db_subnet_group" {
count = var.create_subnet_group ? 1 : 0
description = "Database subnet group for ${var.name}"
name_prefix = "${var.name}-"
subnet_ids = var.subnets[0]
tags = merge(var.tags, local.tags)
lifecycle {
create_before_destroy = true
}
}
这是 vpc 模块的一部分:
################
# Public subnet
################
resource "aws_subnet" "public" {
count = var.create_vpc && length(var.public_subnets) > 0 && (false == var.one_nat_gateway_per_az || length(var.public_subnets) >= length(var.azs)) ? length(var.public_subnets) : 0
vpc_id = local.vpc_id
cidr_block = element(concat(var.public_subnets, [""]), count.index)
availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null
availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null
map_public_ip_on_launch = var.map_public_ip_on_launch
assign_ipv6_address_on_creation = var.public_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.public_subnet_assign_ipv6_address_on_creation
ipv6_cidr_block = var.enable_ipv6 && length(var.public_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.public_subnet_ipv6_prefixes[count.index]) : null
tags = merge(
{
"Name" = format(
"%s-${var.public_subnet_suffix}-%s",
var.name,
element(var.azs, count.index),
)
},
var.tags,
var.public_subnet_tags,
)
}
这些
我已验证子网有效并且在我的 AWS 控制台中并且还与主数据库相关联!我不明白为什么?
解决问题:
- 我必须在 us-west-1 中使用新子网创建一个新 VPC.. 然后将它们引用到我想在 us-west-1 中创建的新只读副本。
我正在通过 Terraform 创建 AWS RDS 只读副本,运行正在应用时出现错误:
Error: Error creating DB Subnet Group: InvalidParameterValue: Some input subnets in :[subnet-0****a, subnet-0****d] are invalid.
status code: 400, request id: 6c*****
on .terraform/modules/rds_replica/main.tf line 140, in resource "aws_db_subnet_group" "db_subnet_group":
140: resource "aws_db_subnet_group" "db_subnet_group" {
这两个子网是我的 vpc 中的 public 个子网。他们在 2 个不同的可用区 1a 和 1b
这就是我 运行 terraform 计划的结果:
# module.rds_replica.aws_db_subnet_group.db_subnet_group[0] will be created
+ resource "aws_db_subnet_group" "db_subnet_group" {
+ arn = (known after apply)
+ description = "Database subnet group for app-replica"
+ id = (known after apply)
+ name = (known after apply)
+ name_prefix = "app-replica-"
+ subnet_ids = [
+ "subnet-0****a",
+ "subnet-0****d",
]
}
这是我的 rds.tf 代码的一部分:
module "rds_replica" {
source = "git@github.com:*****"
providers = {
aws = aws.west
}
read_replica = "true"
# point to the main instance's ARN
source_db = "arn****"
name = var.rds_name_app_replica
engine = var.rds_engine_app_replica
engine_version = var.rds_engine_version_app_replica
family = var.rds_family_app_replica
instance_class = var.rds_instance_class_app_replica
# NOTE: Using same password as primary 'rds_app' instance generated above
password = ""
port = var.rds_port_app_replica
security_groups = [aws_security_group.rds_app.id]
subnets = [module.vpc.public_subnets]
auto_minor_version_upgrade = var.rds_auto_minor_version_upgrade_app_replica
backup_retention_period = var.rds_backup_retention_period_app_replica
这是使用的模块的一部分:
resource "aws_db_subnet_group" "db_subnet_group" {
count = var.create_subnet_group ? 1 : 0
description = "Database subnet group for ${var.name}"
name_prefix = "${var.name}-"
subnet_ids = var.subnets[0]
tags = merge(var.tags, local.tags)
lifecycle {
create_before_destroy = true
}
}
这是 vpc 模块的一部分:
################
# Public subnet
################
resource "aws_subnet" "public" {
count = var.create_vpc && length(var.public_subnets) > 0 && (false == var.one_nat_gateway_per_az || length(var.public_subnets) >= length(var.azs)) ? length(var.public_subnets) : 0
vpc_id = local.vpc_id
cidr_block = element(concat(var.public_subnets, [""]), count.index)
availability_zone = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) > 0 ? element(var.azs, count.index) : null
availability_zone_id = length(regexall("^[a-z]{2}-", element(var.azs, count.index))) == 0 ? element(var.azs, count.index) : null
map_public_ip_on_launch = var.map_public_ip_on_launch
assign_ipv6_address_on_creation = var.public_subnet_assign_ipv6_address_on_creation == null ? var.assign_ipv6_address_on_creation : var.public_subnet_assign_ipv6_address_on_creation
ipv6_cidr_block = var.enable_ipv6 && length(var.public_subnet_ipv6_prefixes) > 0 ? cidrsubnet(aws_vpc.this[0].ipv6_cidr_block, 8, var.public_subnet_ipv6_prefixes[count.index]) : null
tags = merge(
{
"Name" = format(
"%s-${var.public_subnet_suffix}-%s",
var.name,
element(var.azs, count.index),
)
},
var.tags,
var.public_subnet_tags,
)
}
这些 我已验证子网有效并且在我的 AWS 控制台中并且还与主数据库相关联!我不明白为什么?
解决问题:
- 我必须在 us-west-1 中使用新子网创建一个新 VPC.. 然后将它们引用到我想在 us-west-1 中创建的新只读副本。