6
使用terraform 0.9.3創建AWS Lambda函數時,我無法將其加入到我選擇的VPC中。Terraform上的AWS Lambda VPC
這是我的函數看起來像:
resource "aws_lambda_function" "lambda_function" {
s3_bucket = "${var.s3_bucket}"
s3_key = "${var.s3_key}"
function_name = "${var.function_name}"
role = "${var.role_arn}"
handler = "${var.handler}"
runtime = "${var.runtime}"
timeout = "30"
memory_size = 256
publish = true
vpc_config {
subnet_ids = ["${var.subnet_ids}"]
security_group_ids = ["${var.security_group_ids}"]
}
}
的政策我使用的角色是
data "aws_iam_policy_document" "lambda-policy_policy_document" {
statement {
effect = "Allow"
actions = [
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterface"
]
resources = ["*"]
}
}
資源創建就好了,如果我嘗試添加VPC並通過AWS控制檯的子網,這一切都可以解決。
更新(創建計劃):
module.******.aws_lambda_function.lambda_function
arn: "<computed>"
environment.#: "1"
environment.0.variables.%: "1"
environment.0.variables.environment: "******"
function_name: "******"
handler: "******"
last_modified: "<computed>"
memory_size: "256"
publish: "true"
qualified_arn: "<computed>"
role: "******"
runtime: "******"
s3_bucket: "******"
s3_key: "******"
source_code_hash: "<computed>"
timeout: "30"
version: "<computed>"
vpc_config.#: "1"
vpc_config.0.vpc_id: "<computed>"
不過,如果我再次運行terraform計劃,VPC配置總是改變。
vpc_config.#: "0" => "1" (forces new resource)
當您沒有Lambda功能時,您可以顯示計劃輸出嗎? – ydaetskcoR
@ydaetskcoR剛更新了創作計劃 – joaofs
這對我來說看起來不對。我剛剛計劃了自己的Lambda函數中的一個,這些函數恰好位於VPC中,並且我在計劃中看到了計劃未顯示的安全組ID和子網ID的額外行。例如:'vpc_config.0.subnet_ids.1220732747:「subnet-12345678」'。你有沒有檢查你的子網ID和安全組ID是否正確傳入? – ydaetskcoR