logo标签列表

找不到 Terraform AWS Provider 的有效凭证来源。

amazon-web-servicesterraformcredentials
4

我正在使用shared_cred_file做aws提供商的认证。例如,当我使用aws提供商版本3.63时,terraform plan可以正常工作。

但是,当我使用aws提供商4.0时,它提示我使用更改后的设置来共享凭据文件。在更改后,没有错误,但第二个错误仍然存在。

可能出现了什么问题?

Warning: Argument is deprecated
│
│   with provider[“registry.terraform.io/hashicorp/aws”],
│   on main.tf line 15, in provider “aws”:
│   15:   shared_credentials_file = “~/.aws/credentials”
│
│ Use shared_credentials_files instead.
│
│ (and one more similar warning elsewhere)
╵
╷
│ Error: error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found.
│
│ Please see https://registry.terraform.io/providers/hashicorp/aws
│ for more information about providing credentials.
│
│ Error: no EC2 IMDS role found, operation error ec2imds: GetMetadata, canceled, context deadline exceeded
│
│
│   with provider[“registry.terraform.io/hashicorp/aws”],
│   on main.tf line 13, in provider “aws”:
│   13: provider “aws” {
│


///////////////////////////////
// Infrastructure init
terraform {
  backend "s3" {
    bucket                  = "monitoring-********-infrastructure"
    key                     = "tfstates/********-non-prod-rds-info.tfstate"
    profile                 = "test-prof"
    region                  = "eu-west-2"
    shared_credentials_file = "~/.aws/credentials"
  }
}

    provider "aws" {
      profile                 = "test-prof"
      shared_credentials_files = ["~/.aws/credentials"]
      region                  = "eu-west-2"
    }


    Error: error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found.
        
         Please see https://registry.terraform.io/providers/hashicorp/aws
         for more information about providing credentials.
        
         Error: no EC2 IMDS role found, operation error ec2imds: GetMetadata, canceled, context deadline exceeded
        
        
           with provider["registry.terraform.io/hashicorp/aws"],
           on main.tf line 13, in provider "aws":
           13: provider "aws" {

查看配置文件

[test-prof]
output = json
region = eu-west-2

凭证文件

[test-prof]
aws_access_key_id = ****************
aws_secret_access_key = ******************
你没有在任何地方添加 required_providers 块吗? - Marko E
是的,我有它。我想在我的新模块中使用 AWS 提供程序的 4.0.0 版本。 - ti_key
我有一种感觉,这与AWS SDK for Go v2有关:https://aws.github.io/aws-sdk-go-v2/docs/migrating/. - Marko E
1
你不需要,但 Terraform 需要。 :) - Marko E
1
@PaulRdt:是的,我也这么认为。我正在使用v3.74.2,并在一个EC2实例中的docker容器上运行它,该容器只附加了一个角色,并且在v4.0.0版本中出现了故障。请参见https://github.com/hashicorp/terraform-provider-aws/issues/23110和https://github.com/hashicorp/terraform-provider-aws/issues/23131。 - mfbieber
显示剩余5条评论
4个回答
4
根据最新的Terraform文档,它将按照以下方式工作:
provider "aws" {
  region                    = "us-east-1"
  shared_credentials_files  = ["%USERPROFILE%/.aws/credentials"]
  profile                   = "customprofile"
}

我也遇到了同样的问题,这个方法对我有用。

对我而言,有效的是使用shared_credentials_file而不是shared_credentials_files,并且该值需要是一个字符串,而不是一个列表。 - Luis Felipe
@LuisFelipe:根据文档,它是基于shared_credentials_files - capdragon
3

我们在将AWS提供程序从版本3迁移到版本4后,在管道中遇到了这个问题。

因此,对于使用Azure DevOps或任何其他CI工具的用户来说,修复方法应该很容易,只需在管道中添加一个新步骤并创建共享凭据文件即可:

mkdir $HOME/.aws

echo [default] >> $HOME/.aws/credentials
echo aws_access_key_id = ${AWS_ACCESS_KEY_ID} >> $HOME/.aws/credentials
echo aws_secret_access_key = ${AWS_SECRET_ACCESS_KEY} >> $HOME/.aws/credentials

AWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEY应该在您的管道中定义为变量或密码。

azure pipeline

这对我也起作用了。我的terraform提供程序定义指定了profile =“something”,只设置AWS_ACCESS_KEY_IDAWS_SECRET_ACCESS_KEY环境变量就可以正常工作,但在将Terraform AWS Provider从3更新到4之后,它就出现了问题。我尝试设置AWS_PROFILE,但仍然无法解决。所以我不得不在~/.aws/credentials中定义[something]配置文件,并且它再次正常工作了。 - fletchowns
1
更改
provider "aws" {
  shared_credentials_file = "$HOME/.aws/credentials"
  profile                 = "default"
  region                  = "us-east-1"
}


provider "aws" {
  shared_credentials_file = "/Users/me/.aws/credentials"
  profile                 = "default"
  region                  = "us-east-1"
}

对我有用。

0

当你在使用时

provider "aws" {
  region                  = "your region"
  shared_credentials_file = "path_file_credentials like C:\Users\terraform\.aws\credentials"
  profile                 = "profile_name"
}

路径应该是这种格式:%USERPROFILE%.aws\credentials 截至本答案日期,这是唯一可接受的格式,还有其他方式:
1.您可以将凭据放在tf文件中。
provider "aws" {
  profile    = "profile_name"
  region     = "us-west-2"
  access_key = "my-access-key"
  secret_key = "my-secret-key"
}

如果您正在开发一个项目,不想与团队成员共享某些内容,您可以将其作为变量使用,例如:
  • main.tf
provider "aws" {
  profile    = "profile_name"
  region     = "us-west-2"
  access_key = var.access_key
  secret_key = var.secret_key
}
  • variables.tf
variable "access_key" {
  description = "My AWS access key"
}
variable "secret_key" {
  description = "My AWS secret key"
}

您可以在terraform apply之后填写它们,或将variables.tf添加到.gitignore中。

您可以在这里找到更多选项。

网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接