首先,我们使用 ADFS,没有单独的 IAM 用户配置文件。我们根据所需的角色/权限使用实例配置文件,而不使用单独的访问密钥等,
在我重新安装最新版本的 TF 后,出现了这个问题。大约 3 周前安装的版本没有这个问题(不知道版本号,因为我现在重新安装了新版本)。我看到了很多关于 s3 后端凭据的帖子,但大多数帖子都在谈论配置单独的访问密钥/配置文件,在使用实例配置文件时,有没有什么想法可以解决这个问题?
错误:未找到有效的凭证源 │
错误:无法刷新缓存的凭证,未找到 EC2 IMDS 角色,操作错误 ec2imds:GetMetadata,http 响应错误 StatusCode:403,│ 对 EC2 IMDS 的请求失败
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "5.19.0"
}
}
required_version = ">= 1.0.0"
backend "s3" {
bucket = "tf-insights-state"
key = "dev-al2/tf-state"
region = "eu-west-1"
}
}
provider "aws" {
region = "eu-west-1"
}
在 RHEL vm 中,这是我在 s3 后端看到的内容:
$ cat ./.terraform/terraform.tfstate
{
"version": 3,
"serial": 2,
"lineage": "xx-xx-xx-xxxxxxxx-xxx",
"backend": {
"type": "s3",
"config": {
"access_key": null,
"acl": null,
"assume_role_duration_seconds": null,
"assume_role_policy": null,
"assume_role_policy_arns": null,
"assume_role_tags": null,
"assume_role_transitive_tag_keys": null,
"bucket": "tf-insights-state",
"dynamodb_endpoint": null,
"dynamodb_table": null,
"encrypt": null,
"endpoint": null,
"external_id": null,
"force_path_style": null,
"iam_endpoint": null,
"key": "dev/tf-state",
"kms_key_id": null,
"max_retries": null,
"profile": null,
"region": "eu-west-1",
"role_arn": null,
"secret_key": null,
"session_name": null,
"shared_credentials_file": null,
"skip_credentials_validation": null,
"skip_metadata_api_check": null,
"skip_region_validation": null,
"sse_customer_key": null,
"sts_endpoint": null,
"token": null,
"workspace_key_prefix": null
},
"hash": 2122242438
},
"modules": [
{
"path": [
"root"
],
"outputs": {},
"resources": {},
"depends_on": []
}
]
}