作者:天秤小果冻cici | 来源:互联网 | 2023-09-14 14:21
Terraform Version
Terraform v0.11.3
Affected Resource(s)
- aws_vpc_peering_connection
Terraform Configuration Files
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
| hcl
resource "aws_vpc_peering_connection" "requester" {
provider = "aws.requester"
count = "${local.enabled}"
tags = "${merge(local.tags, map("Side", "Requestor"))}"
peer_owner_id = "${var.accepter-account_id}"
peer_vpc_id = "${var.accepter-vpc_id}"
vpc_id = "${var.requester-vpc_id}"
requester {
allow_remote_vpc_dns_resolution = "true" // this isn't allowed using cross-account?
}
accepter {
allow_remote_vpc_dns_resolution = "true" // this is ignored when not using auto-accept?
}
}
resource "aws_vpc_peering_connection_accepter" "accepter" {
provider = "aws.accepter"
count = "${local.enabled}"
tags = "${merge(local.tags, map("Side", "Acceptor"))}"
vpc_peering_connection_id = "${aws_vpc_peering_connection.requester.id}"
auto_accept = "true"
} |
Expected Behavior
The
block should apply, but there is no mechanism to supply different credentials for just that operation.
Actual Behavior
1
| * aws_vpc_peering_connection.requester: Error modifying VPC Peering Connection options: OperationNotPermitted: User 012345678901 does not have permission to modify the accepter side peering options |
Steps to Reproduce
Important Factoids
This seems to only relate to peering VPCs in different accounts.
Suggested solution
If the AST has a
1
| aws_vpc_peering_connection_accepter |
, use it, and it's provider, to apply the configuration block.
该提问来源于开源项目:terraform-providers/terraform-provider-aws
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!
京公网安备 11010802041100号