问题描述
在尝试在线培训后,我正在尝试使用terraform在自定义VPC中创建实例。这是我想出的:
resource "aws_vpc" "main" {
cidr_block = "10.0.0.0/16"
tags = {
name = "prod-VPC"
}
}
# create subnet
resource "aws_subnet" "subnet1" {
vpc_id = aws_vpc.main.id
cidr_block = "10.0.1.0/24"
tags = {
Name = "TF-subnet"
}
}
#create IG
resource "aws_internet_gateway" "gw" {
vpc_id = aws_vpc.main.id
}
#create route table
resource "aws_route_table" "r" {
vpc_id = aws_vpc.main.id
route {
cidr_block = "0.0.0.0/0"
gateway_id = aws_internet_gateway.gw.id
}
}
#associate subnet to route table
resource "aws_route_table_association" "a" {
subnet_id = aws_subnet.subnet1.id
route_table_id = aws_route_table.r.id
}
#create SG
resource "aws_security_group" "allow_SSH_HTTP" {
name = "allow_SSH_HTTP"
description = "Allow TLS inbound traffic"
vpc_id = aws_vpc.main.id
ingress {
description = "SSH"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "HTTP"
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "allow_SSH_HTTP"
}
}
#create a network interface with IP
resource "aws_network_interface" "NI" {
subnet_id = aws_subnet.subnet1.id
private_ips = ["10.0.1.50"]
security_groups = [aws_security_group.allow_SSH_HTTP.id]
}
# assign elastic IP to interface
resource "aws_eip" "one" {
vpc = true
network_interface = aws_network_interface.NI.id
associate_with_private_ip = "10.0.1.50"
depends_on = [aws_internet_gateway.gw]
}
# create EC2 install Apache
resource "aws_instance" "server" {
ami = "ami-0ebc1ac48dfd14136"
instance_type = "t2.micro"
subnet_id = aws_subnet.subnet1.id
key_name = "RPkey"
network_interface {
device_index = 0
network_interface_id = aws_network_interface.NI.id
}
user_data = <<-EOF
#! bin/bash
sudo yum install apache2 -y
sudo service apache2 start
echo "<h1>deployed by terraform</h1>" >> /var/www/html/index.html
EOF
tags = {
Name = "TFserver"
}
}
“计划”步骤成功,但“应用”导致以下错误:
Do you want to perform these actions? terraform will perform the actions described above. Only 'yes' will be accepted to approve.
Enter a value: yes
aws_vpc.main: Creating... aws_vpc.main:
Creation complete after 2s [id=vpc-0a79f98c26ff9ac2f] aws_internet_gateway.gw:
Creating... aws_subnet.subnet1: Creating... aws_security_group.allow_SSH_HTTP:
Creating... aws_internet_gateway.gw: Creation complete after 1s [id=igw-0f3fb6801ec48275c]
aws_subnet.subnet1: Creation complete after 1s [id=subnet-0b89ab7649c381937]
aws_route_table.r: Creating... aws_route_table.r: Creation complete after 1s [id=rtb-0a4dbfeb0e54c8a4c]
aws_route_table_association.a: Creating... aws_route_table_association.a: Creation complete after 0s [id=rtbassoc-0e52de7724851ac43]
aws_security_group.allow_SSH_HTTP: Creation complete after 2s [id=sg-0aeb94bfefe5259df]
aws_network_interface.NI: Creating... aws_network_interface.NI: Creation complete after 3s [id=eni-0542d5572bd70097e]
aws_eip.one: Creating... aws_eip.one: Creation complete after 1s [id=eipalloc-007935cd406602652]
Error: "network_interface": conflicts with subnet_id
on main.tf line 106,in resource "aws_instance" "server": 106: resource "aws_instance" "server" {
在这一点上,事情变得一团糟,甚至destroy命令也不起作用。我在几个示例中看到,人们倾向于在创建子网和实例时指定可用区。我尝试创建一个子网,然后确保在指定的子网中创建实例。我无法弄清楚是什么原因导致子网和网络接口发生冲突错误。
terraform版本:v0.13.0 提供商版本:v3.1.0
解决方法
使用subnet_id时您不应该拥有 network_interface。原因是实例将在网络接口所在的子网中创建。
因此,您的实例定义应被删除({subnet_id):
resource "aws_instance" "server" {
ami = "ami-0ebc1ac48dfd14136"
instance_type = "t2.micro"
key_name = "RPkey"
network_interface {
device_index = 0
network_interface_id = aws_network_interface.NI.id
}
user_data = <<-EOF
#! bin/bash
sudo yum install apache2 -y
sudo service apache2 start
echo "<h1>deployed by Terraform</h1>" >> /var/www/html/index.html
EOF
tags = {
Name = "TFserver"
}
}