如何使用 terraform 将现有角色添加到现有 ec2 实例?

tag-icon tag-icon terraform
如何使用 terraform 将现有角色添加到现有 ec2 实例?

我正在运行以下代码,但出现退出状态 255 错误我的 resource.tf 文件

resource "null_resource" "create-instance-profile" {
  provisioner "local-exec" {
    command = "aws iam create-instance-profile --instance-profile-name ${var.role_name}-instance-profile"
  }
}

resource "null_resource" "add-role-to-instance-profile" {
  provisioner "local-exec" {
    command = "aws iam add-role-to-instance-profile --role-name ${var.role_name} --instance-profile-name ${var.role_name}-instance-profile"
  }
}

resource "null_resource" "associate-iam-instance-profile" {
  provisioner "local-exec" {
    command = "aws ec2 associate-iam-instance-profile --instance-id ${var.instance_id}  --iam-instance-profile Name=${var.role_name}-instance-profile"
  }
}

这是错误信息

null_resource.associate-iam-instance-profile: Destroying... [id=2341562538298898232]
null_resource.add-role-to-instance-profile: Destroying... [id=474229456545301978]
null_resource.associate-iam-instance-profile: Destruction complete after 0s
null_resource.add-role-to-instance-profile: Destruction complete after 0s
null_resource.add-role-to-instance-profile: Creating...
null_resource.associate-iam-instance-profile: Creating...
null_resource.add-role-to-instance-profile: Provisioning with 'local-exec'...
null_resource.associate-iam-instance-profile: Provisioning with 'local-exec'...
null_resource.add-role-to-instance-profile (local-exec): Executing: ["/bin/sh" "-c" "aws iam add-role-to-instance-profile --role-name s3access --instance-profile-name s3access-instance-profile"]
null_resource.associate-iam-instance-profile (local-exec): Executing: ["/bin/sh" "-c" "aws ec2 associate-iam-instance-profile --instance-id i-0c5a628c  --iam-instance-profile Name=s3access-instance-profile"]
null_resource.associate-iam-instance-profile (local-exec): An error occurred (IncorrectState) when calling the AssociateIamInstanceProfile operation: There is an existing association for instance i-0c5a628c
null_resource.add-role-to-instance-profile: Creation complete after 2s [id=739083633858274972]
Error: Error running command 'aws ec2 associate-iam-instance-profile --instance-id i-0c5a628c  --iam-instance-profile Name=s3access-instance-profile': exit status 255. Output: 
An error occurred (IncorrectState) when calling the AssociateIamInstanceProfile operation: There is an existing association for instance i-0c5a628c

答案1

看起来你需要先解除角色与实例的关联aws ec2 disassociate-iam-instance-profile

相关内容