如何修复“NoCredentialProviders:链中没有有效的提供商。已弃用。”?

如何修复“NoCredentialProviders:链中没有有效的提供商。已弃用。”?

以下是我从这个仓库

provider "aws" {
  region  = "${var.aws_region}"
  profile = "${var.aws_profile}"
}

##----------------------------
#     Get VPC Variables
##----------------------------

#-- Get VPC ID
data "aws_vpc" "selected" {
  tags = {
    Name = "${var.name_tag}"
  }
}

#-- Get Public Subnet List
data "aws_subnet_ids" "selected" {
  vpc_id = "${data.aws_vpc.selected.id}"

  tags = {
    Tier = "public"
  }
}

#--- Gets Security group with tag specified by var.name_tag
data "aws_security_group" "selected" {
  tags = {
    Name = "${var.name_tag}*"
  }
}

#--- Creates SSH key to provision server
module "ssh_key_pair" {
  source                = "git::https://github.com/cloudposse/terraform-aws-key-pair.git?ref=tags/0.3.2"
  namespace             = "example"
  stage                 = "dev"
  name                  = "${var.key_name}"
  ssh_public_key_path   = "${path.module}/secret"
  generate_ssh_key      = "true"
  private_key_extension = ".pem"
  public_key_extension  = ".pub"
}

#-- Grab the latest AMI built with packer - widows2016.json
data "aws_ami" "Windows_2016" {
  owners = [ "amazon", "microsoft" ]
  filter {
    name   = "is-public"
    values = ["false"]
  }

  filter {
    name   = "name"
    values = ["windows2016Server*"]
  }

  most_recent = true
}

#-- sets the user data script
data "template_file" "user_data" {
  template = "/scripts/user_data.ps1"
}


#---- Test Development Server
resource "aws_instance" "this" {
  ami                  = "${data.aws_ami.Windows_2016.image_id}"
  instance_type        = "${var.instance}"
  key_name             = "${module.ssh_key_pair.key_name}"
  subnet_id            = "${data.aws_subnet_ids.selected.ids[01]}"
  security_groups      = ["${data.aws_security_group.selected.id}"]
  user_data            = "${data.template_file.user_data.rendered}"
  iam_instance_profile = "${var.iam_role}"
  get_password_data    = "true"

  root_block_device {
    volume_type           = "${var.volume_type}"
    volume_size           = "${var.volume_size}"
    delete_on_termination = "true"
  }

  tags {
    "Name"    = "NEW_windows2016"
    "Role"    = "Dev"
  }

  #--- Copy ssh keys to S3 Bucket
  provisioner "local-exec" {
    command = "aws s3 cp ${path.module}/secret s3://PATHTOKEYPAIR/ --recursive"
  }

  #--- Deletes keys on destroy
  provisioner "local-exec" {
    when    = "destroy"
    command = "aws s3 rm 3://PATHTOKEYPAIR/${module.ssh_key_pair.key_name}.pem"
  }

  provisioner "local-exec" {
    when    = "destroy"
    command = "aws s3 rm s3://PATHTOKEYPAIR/${module.ssh_key_pair.key_name}.pub"
  }
}

当我调整时,terraform plan我收到以下错误消息:

Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

data.template_file.user_data: Refreshing state...

Error: Error refreshing state: 1 error(s) occurred:

* provider.aws: error validating provider credentials: error calling sts:GetCallerIdentity: NoCredentialProviders: no valid providers in chain. Deprecated.
    For verbose messaging see aws.Config.CredentialsChainVerboseErrors

答案1

我认为您错过了访问和密钥。请尝试以下方法。如果您没有将导入作为变量传递。

provider "aws" {
  region  = "${var.region}"
  profile = "${var.profile}"   
  access_key=********
  secret_key=********
}

答案2

仔细检查文件的格式~/.aws/credentials

就我而言,凭证采用以下格式:

[profile]
AWS_ACCESS_KEY_ID=xxxx
AWS_SECRET_ACCESS_KEY=yyyy

将其更改为以下内容可修复该问题:

[profile]
aws_access_key_id = xxxx
aws_secret_access_key = yyyy

答案3

session-name就我而言,当我使用角色来承担 Terraform 后端时,我忘记分配属性。

答案4

随着宣布更新 IAM 角色信任策略行为还有另一种可能性:你可能有已经假设你的目标角色(例如通过export AWS_PROFILE=...(强调我的):

因此,从今天开始,对于自 2022 年 6 月 30 日起未使用基于身份的行为的任何角色,角色信任策略必须明确向所有主体授予权限,包括角色本身,需要在规定的条件下假设它。

如果您已AWS_PROFILE设置环境变量并且可以运行aws sts get-caller-identity并在配置中看到所需的角色backend,则您有两个选择:

  1. 您可以unset AWS_PROFILE在运行 Terraform 之前执行此操作(假设您的默认 IAM 角色可以role_arn在后端配置中承担)
  2. 您可以更新目标 IAM 角色以信任自身(有关如何执行此操作的示例包含在宣布这一变化的文章

相关内容