我在尝试启用 AWS IOT AccountAuditConfiguration 时遇到错误。不幸的是,AWS Terraform 不支持这一点(如果有,请告诉我)。 cloudformation 支持它。我编写了 terraform 脚本来调用它,但遇到了资源已存在错误。我想我想更新它而不是声明它。 这是文件。
sample.json.tpl 文件
{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "Amazon Web Services IoT AccountAuditConfiguration Template",
"Resources": {
"IoTAuditConfiguration": {
"Type": "AWS::IoT::AccountAuditConfiguration",
"Properties": {
"AccountId": "${account_id}",
"AuditCheckConfigurations": {
"AuthenticatedCognitoRoleOverlyPermissiveCheck": { "Enabled": true },
"CaCertificateExpiringCheck": { "Enabled": true },
"CaCertificateKeyQualityCheck": {"Enabled": true },
"ConflictingClientIdsCheck": { "Enabled": true },
"DeviceCertificateExpiringCheck": { "Enabled": true },
"DeviceCertificateKeyQualityCheck": { "Enabled": true },
"DeviceCertificateSharedCheck": { "Enabled": true },
"IntermediateCaRevokedForActiveDeviceCertificatesCheck" : {"Enabled" : true},
"IotPolicyOverlyPermissiveCheck": { "Enabled": true },
"IoTPolicyPotentialMisConfigurationCheck" : {"Enabled" : true},
"IotRoleAliasAllowsAccessToUnusedServicesCheck": { "Enabled": true },
"IotRoleAliasOverlyPermissiveCheck": { "Enabled": true },
"LoggingDisabledCheck": { "Enabled": true },
"RevokedCaCertificateStillActiveCheck": { "Enabled": true },
"RevokedDeviceCertificateStillActiveCheck": { "Enabled": true },
"UnauthenticatedCognitoRoleOverlyPermissiveCheck": { "Enabled": true }
},
"AuditNotificationTargetConfigurations": {
"Sns": {
"TargetArn": "${sns_notifications_arn}",
"RoleArn": "${role}",
"Enabled": true
}
},
"RoleArn": "${role}"
}
}
}
}
cloudformation_deploy.tf
data "template_file" "aws_iot_account_audit_enable" {
template = "${file("${path.module}/sample.json.tpl")}"
vars = {
account_id = data.aws_caller_identity.current.account_id
sns_notifications_arn = aws_sns_topic.iot_topic.arn
role = aws_iam_role.iot_role.name
}
}
resource "aws_cloudformation_stack" "stack" {
name = "stack"
template_body = "${data.template_file.aws_iot_account_audit_enable.rendered}"
}
这是我遇到的错误。
Error: waiting for CloudFormation Stack (arn:aws:cloudformation:us-east-2:xxxxxxxxxxxx:stack/stack/xxxxxxxxxxxxx)
create: failed to create CloudFormation stack, rollback requested (ROLLBACK_COMPLETE):
["The following resource(s) failed to create: [IoTAuditConfiguration]. Rollback requested by user."
"Resource handler returned message: \"The AccountAuditConfiguration already exists.\" (RequestToken: xxxxxxxxxxxxxxxxxxx, HandlerErrorCode: AlreadyExists)"]
我想我正在尝试创造一些已经存在的东西?我该如何更新/配置它?