通过 Terraform 在 2 个不同帐户中进行 VPC 对等
VPC Peering in 2 different account via Terraform
我尝试在 2 个不同的 AWS 账户中的新加坡地区的 2 个 VPC 之间建立 vpc 对等连接。我在官方网站上关注了关于“vpc_peering_connection”和“vpc_peering_connection_accepter”的terraform文档。所以这是我的代码和失败:
请求者
resource "aws_vpc_peering_connection" "requester" {
provider = aws.anhvq
vpc_id = module.vpc.vpc_id
peer_owner_id = "aws account id of accepter"
# peer_region = "ap-southeast-1"
peer_vpc_id = "vpc id of accepter"
auto_accept = false
tags = local.tags
accepter {
allow_remote_vpc_dns_resolution = true
}
requester {
allow_remote_vpc_dns_resolution = true
}
}
当我 运行 terraform plan 没有失败。当 运行 terraform apply 时,我收到此故障:
│ Error: Unable to modify peering options. The VPC Peering Connection "pcx-0e625f0fd4ef93696" is not active.
Please set `auto_accept` attribute to `true`, or activate VPC Peering Connection manually.
│
│ with aws_vpc_peering_connection.requester,
│ on vpc.tf line 49, in resource "aws_vpc_peering_connection" "requester":
│ 49: resource "aws_vpc_peering_connection" "requester" {
│
╵
但是仍然创建了 VPC 对等连接并且我获得了 VPC 对等 ID
接受者
resource "aws_vpc_peering_connection_accepter" "accepter" {
provider = aws.lamnx
vpc_peering_connection_id = "pcx-0e625f0fd4ef93696"
auto_accept = true
accepter {
allow_remote_vpc_dns_resolution = true
}
结果:terraform plan 并且 terraform apply 完成。
- 两个帐户中的 VPC 对等状态都处于活动状态。但是当我在 Requester 中再次 运行
terraform apply 时,VPC peering 被破坏并被替换。
我下定决心。我在 GitHub 上阅读了一个与我的问题相同的问题。所以我想和大家分享一下如何修复它。
原因是:
- Terraform 不支持使用对等不同帐户的 vpc 启用 DNS 解析。它仅支持一个帐户中的 vpc 对等。
- 我使用
resource "aws_vpc_peering_connection_options" 修复了它。这是我的工作代码:
resource "aws_vpc_peering_connection" "requester" {
provider = aws.anhvq
vpc_id = module.vpc.vpc_id
peer_owner_id = "aws account id of accepter"
# peer_region = "ap-southeast-1"
peer_vpc_id = "vpc id of accepter"
auto_accept = false
tags = local.tags
}
resource "aws_vpc_peering_connection_accepter" "accepter" {
provider = aws.lamnx
vpc_peering_connection_id = "${aws_vpc_peering_connection.requester.id}"
auto_accept = true
tags = local.tags
}
resource "aws_vpc_peering_connection_options" "requester" {
provider = aws.anhvq
vpc_peering_connection_id = "${aws_vpc_peering_connection.requester.id}"
requester {
allow_remote_vpc_dns_resolution = true
}
}
resource "aws_vpc_peering_connection_options" "accepter" {
provider = aws.lamnx
vpc_peering_connection_id = "${aws_vpc_peering_connection.requester.id}"
accepter {
allow_remote_vpc_dns_resolution = true
}
}
我尝试在 2 个不同的 AWS 账户中的新加坡地区的 2 个 VPC 之间建立 vpc 对等连接。我在官方网站上关注了关于“vpc_peering_connection”和“vpc_peering_connection_accepter”的terraform文档。所以这是我的代码和失败:
请求者
resource "aws_vpc_peering_connection" "requester" {
provider = aws.anhvq
vpc_id = module.vpc.vpc_id
peer_owner_id = "aws account id of accepter"
# peer_region = "ap-southeast-1"
peer_vpc_id = "vpc id of accepter"
auto_accept = false
tags = local.tags
accepter {
allow_remote_vpc_dns_resolution = true
}
requester {
allow_remote_vpc_dns_resolution = true
}
}
当我 运行 terraform plan 没有失败。当 运行 terraform apply 时,我收到此故障:
│ Error: Unable to modify peering options. The VPC Peering Connection "pcx-0e625f0fd4ef93696" is not active.
Please set `auto_accept` attribute to `true`, or activate VPC Peering Connection manually.
│
│ with aws_vpc_peering_connection.requester,
│ on vpc.tf line 49, in resource "aws_vpc_peering_connection" "requester":
│ 49: resource "aws_vpc_peering_connection" "requester" {
│
╵
但是仍然创建了 VPC 对等连接并且我获得了 VPC 对等 ID
接受者
resource "aws_vpc_peering_connection_accepter" "accepter" {
provider = aws.lamnx
vpc_peering_connection_id = "pcx-0e625f0fd4ef93696"
auto_accept = true
accepter {
allow_remote_vpc_dns_resolution = true
}
结果:terraform plan 并且 terraform apply 完成。
- 两个帐户中的 VPC 对等状态都处于活动状态。但是当我在 Requester 中再次 运行
terraform apply时,VPC peering 被破坏并被替换。
我下定决心。我在 GitHub 上阅读了一个与我的问题相同的问题。所以我想和大家分享一下如何修复它。 原因是:
- Terraform 不支持使用对等不同帐户的 vpc 启用 DNS 解析。它仅支持一个帐户中的 vpc 对等。
- 我使用
resource "aws_vpc_peering_connection_options"修复了它。这是我的工作代码:
resource "aws_vpc_peering_connection" "requester" {
provider = aws.anhvq
vpc_id = module.vpc.vpc_id
peer_owner_id = "aws account id of accepter"
# peer_region = "ap-southeast-1"
peer_vpc_id = "vpc id of accepter"
auto_accept = false
tags = local.tags
}
resource "aws_vpc_peering_connection_accepter" "accepter" {
provider = aws.lamnx
vpc_peering_connection_id = "${aws_vpc_peering_connection.requester.id}"
auto_accept = true
tags = local.tags
}
resource "aws_vpc_peering_connection_options" "requester" {
provider = aws.anhvq
vpc_peering_connection_id = "${aws_vpc_peering_connection.requester.id}"
requester {
allow_remote_vpc_dns_resolution = true
}
}
resource "aws_vpc_peering_connection_options" "accepter" {
provider = aws.lamnx
vpc_peering_connection_id = "${aws_vpc_peering_connection.requester.id}"
accepter {
allow_remote_vpc_dns_resolution = true
}
}