问题描述
我正在尝试使用 Organizations 将 AWS Guardduty 部署到多个区域。
在我的根配置中,我创建了以下提供程序:
# If I remove this default provider out i get prompted for a region
provider "aws" {
profile = "default"
region = var.region
}
provider "aws" {
profile = "default"
alias = "eu-west-2"
region = "eu-west-2"
}
provider "aws" {
profile = "default"
alias = "eu-west-3"
region = "eu-west-3"
}
module "guardduty_orgs_eu_west_2" {
source = "../../modules/aws_guardduty_organisations"
security_account_id = var.security_account_id
providers = {
aws.alternate = aws.eu-west-2
}
}
module "guardduty_orgs_eu_west_3" {
source = "../../modules/aws_guardduty_organisations"
security_account_id = var.security_account_id
providers = {
aws.alternate = aws.eu-west-3
}
}
在我的模块中,我有所需的提供程序块和“configuration_aliases”
terraform {
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 3.27"
configuration_aliases = [ aws.alternate ]
}
}
}
最后是我的资源
resource "aws_guardduty_organization_admin_account" "gdoaa" {
admin_account_id = var.security_account_id
provider = aws.alternate
}
" Error: error enabling GuardDuty Organization Admin Account (123456789): BadRequestException: The request Failed because the account is already enabled as the GuardDuty delegated administrator for the organization."
现在,这是正确的,因为第一个模块调用启用了“eu-west-2”的管理员帐户,但我认为传递“eu-west-3”的第二个提供程序将启用管理员帐户区域根据 Guardduty 最佳实践 \ 文档。
感谢任何帮助
干杯
保罗
解决方法
暂无找到可以解决该程序问题的有效方法,小编努力寻找整理中!
如果你已经找到好的解决方法,欢迎将解决方案带上本链接一起发送给小编。
小编邮箱:dio#foxmail.com (将#修改为@)