使用 terraform 创建 aws VPC 的权限

问题描述 投票:0回答:0

我想给我的 Terraform 用户最低权限。我只是在创建 VPC。

vpc.tf

# Create VPC

resource "aws_vpc" "santo_vpc" {
  provider   = aws.santo-region
  cidr_block = "10.0.0.0/20"
  tags = {
    Name = "santo-vpc-10.0.0.0/20"
    Prj  = "santo"
  }
}

# Get all availability zones
data "aws_availability_zones" "azs" {
  provider = aws.santo-region
  state    = "available"
}

# Create private subnet
resource "aws_subnet" "santo_private_subnet" {
  provider          = aws.santo-region
  availability_zone = element(data.aws_availability_zones.azs.names, 0)
  vpc_id            = aws_vpc.santo_vpc.id
  cidr_block        = "10.0.3.0/24"
  tags = {
    Name = "santo-private-subnet-10.0.3.0/24"
    Prj  = "santo"
  }
}

与此用户关联的策略具有以下 json。

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "ec2:DeleteSubnet",
                "ec2:DescribeAvailabilityZones",
                "ec2:DescribeVpcs",
                "ec2:CreateVpc",
                "ec2:DeleteVpc",
                "ec2:CreateSubnet",
                "ec2:DescribeSubnets"
            ],
            "Resource": "*"
        },
        {
            "Sid": "VisualEditor1",
            "Effect": "Allow",
            "Action": "s3:ListBucket",
            "Resource": "arn:aws:s3:::bucket"
        },
        {
            "Sid": "VisualEditor2",
            "Effect": "Allow",
            "Action": [
                "s3:PutObject",
                "s3:GetObject",
                "s3:DeleteObject"
            ],
            "Resource": "arn:aws:s3:::bucket/prj_terraform_file"
        }
    ]
}

但是当我运行

terraform apply
时它给出了创建VPC的错误。

Plan: 2 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

aws_vpc.prj_vpc: Creating...
╷
│ Error: creating EC2 VPC: UnauthorizedOperation: You are not authorized to perform this operation. Encoded authorization failure message: YZow_Zb22lBD6X5fwqYdXXXXXXXXXXXXXfsQyznUuqTNoyDksW_J9W-eY4ngA5xwiRCoMdY97SlCPaPs7LRHXnF7sSf8pmCZWk0ofsLUnawviO3ICw4eLLpNWFSQYbGRYK3w1H8qzuxfc2rdn_LAkOeZ3qILmz2aNEF8Nh
│   status code: 403, request id: 58b59076-a802-4761-886f-9435f29375be
│ 
│   with aws_vpc.prj_vpc,
│   on vpc.tf line 3, in resource "aws_vpc" "prj_vpc":
│    3: resource "aws_vpc" "prj_vpc" {
│ 
╵

创建 VPC 我还必须添加什么权限?

amazon-web-services terraform policy vpc
最新问题
© www.soinside.com 2019 - 2024. All rights reserved.