使用Terraform 0.7.7。Terraform無法將密鑰對導入Amazon EC2
我有以下簡單的Terraform文件:
provider "aws" {
access_key = "${var.access_key}"
secret_key = "${var.secret_key}"
region = "${var.region}"
}
resource "aws_instance" "personal" {
ami = "${lookup(var.amis, var.region)}"
instance_type = "t2.micro"
}
resource "aws_eip" "ip" {
instance = "${aws_instance.personal.id}"
}
resource "aws_key_pair" "personal" {
key_name = "mschuchard-us-east"
public_key = "${var.public_key}"
}
Terraform apply
產生以下錯誤:
aws_key_pair.personal: Creating...
fingerprint: "" => "<computed>"
key_name: "" => "mschuchard-us-east"
public_key: "" => "ssh-rsa pubkey hash mschuchard-us-east"
aws_instance.personal: Creating...
ami: "" => "ami-c481fad3"
availability_zone: "" => "<computed>"
ebs_block_device.#: "" => "<computed>"
ephemeral_block_device.#: "" => "<computed>"
instance_state: "" => "<computed>"
instance_type: "" => "t2.micro"
key_name: "" => "<computed>"
network_interface_id: "" => "<computed>"
placement_group: "" => "<computed>"
private_dns: "" => "<computed>"
private_ip: "" => "<computed>"
public_dns: "" => "<computed>"
public_ip: "" => "<computed>"
root_block_device.#: "" => "<computed>"
security_groups.#: "" => "<computed>"
source_dest_check: "" => "true"
subnet_id: "" => "<computed>"
tenancy: "" => "<computed>"
vpc_security_group_ids.#: "" => "<computed>"
aws_instance.personal: Creation complete
aws_eip.ip: Creating...
allocation_id: "" => "<computed>"
association_id: "" => "<computed>"
domain: "" => "<computed>"
instance: "" => "i-0ab94b58b0089697d"
network_interface: "" => "<computed>"
private_ip: "" => "<computed>"
public_ip: "" => "<computed>"
vpc: "" => "<computed>"
aws_eip.ip: Creation complete
Error applying plan:
1 error(s) occurred:
* aws_key_pair.personal: Error import KeyPair: InvalidKeyPair.Duplicate: The keypair 'mschuchard-us-east' already exists.
status code: 400, request id: 51950b9a-55e8-4901-bf35-4d2be234abbf
我發現谷歌搜索的唯一幫助是吹走*.tfstate
文件,這些文件我試過了,但沒有幫助。我可以用這個密鑰對啓動一個帶有gui的EC2實例,並且可以很容易地進入它,但是Terraform在嘗試使用相同的全功能密鑰對時出錯。
在我的情況下,它將是'aws_key_pair.personal'的導入。無論如何,在與證書戰鬥一段時間後,放棄讓Terraform使用憑證文件後,我成功導入並運行了'terraform apply'。然後我意識到資源實際上在做什麼以及如何將'key_name'與實例相關聯。 Terraform對用戶非常不友好,確實需要更高級的教程。進行編輯導入命令,我會接受這個答案。 –
也盯着EC2實例儀表板讓我意識到我也需要'vpc_security_group_ids'。現在我實際上可以成功地將ssh寫入由Terraform創建的EC2實例中,但是'$ {aws_instance.personal.public_dns}'的輸出是完全不準確的,所以我在我面前再有一次爆炸頭對話會話。 –