logo标签列表

使用Terraform创建EC2实例时显示“InvalidGroup.NotFound”错误

amazon-web-servicesterraformterraform-provider-aws
5

我正在尝试使用Terraform部署EC2实例,但是我发现了以下错误:

Error: Error launching source instance: InvalidGroup.NotFound: The security group 'prod-web-servers-sg' does not exist in VPC 'vpc-db3a3cb3'

这里是我正在使用的Terraform模板:

resource "aws_default_vpc" "default" {
}

resource "aws_security_group" "prod-web-servers-sg" {
name        = "prod-web-servers-sg"
description = "security group for production grade web servers"
vpc_id      = "${aws_default_vpc.default.id}"

ingress {
from_port   = 80
to_port     = 80
protocol    = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port   = 443
to_port     = 443
protocol    = "tcp"
cidr_blocks = ["0.0.0.0/0"]
  }
}

#Subnet

 resource "aws_subnet" "private_subnet" {
 vpc_id     = "${aws_default_vpc.default.id}"
 cidr_block = "172.31.0.0/24"
 availability_zone = "ap-south-1a"
 }

 resource "aws_instance" "prod-web-server" {
 ami           = "ami-04b1ddd35fd71475a"
 count    = 2
 key_name = "test_key"
 instance_type = "r5.large"
 security_groups = ["prod-web-servers-sg"]
 subnet_id = "${aws_subnet.private_subnet.id}"
  }
1个回答
11

由于Terraform不知道在创建实例之前等待安全组的创建,您在这里存在竞争条件。

要解决此问题,您应该将aws_security_group.prod-web-servers-sg.id插值到aws_instance.prod-web-server资源中,以便它可以找出资源之间的依赖关系链。还应该使用vpc_security_group_ids而不是security_groups,如aws_instance资源文档中所述:

security_groups-(可选,仅适用于EC2-Classic和默认VPC) 要关联的安全组名称(EC2-Classic)或ID(默认VPC)列表。

注意:如果您正在VPC中创建实例,请改用vpc_security_group_ids。

因此,您应该有以下内容:

resource "aws_default_vpc" "default" {}

resource "aws_security_group" "prod-web-servers-sg" {
  name        = "prod-web-servers-sg"
  description = "security group for production grade web servers"
  vpc_id      = aws_default_vpc.default.id

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
  ingress {
    from_port   = 443
    to_port     = 443
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

#Subnet

resource "aws_subnet" "private_subnet" {
  vpc_id            = aws_default_vpc.default.id
  cidr_block        = "172.31.0.0/24"
  availability_zone = "ap-south-1a"
}

resource "aws_instance" "prod-web-server" {
  ami                    = "ami-04b1ddd35fd71475a"
  count                  = 2
  key_name               = "test_key"
  instance_type          = "r5.large"
  vpc_security_group_ids = [aws_security_group.prod-web-servers-sg.id]
  subnet_id              = aws_subnet.private_subnet.id
}
1
感谢提供 vpc_security_group_ids!对我来说,VPC和SG已经部署完成,我可以在控制台中看到它们。但是在使用terraform时仍然遇到了错误。使用 vpc_security_group_ids 取代名称解决了我的问题。 - marcellsimon
网页内容由stack overflow 提供, 点击上面的
可以查看英文原文,
原文链接