terraform - terraform depends_on 用于路线 53 区域关联

问题描述

我正在尝试跨 AWS 中的帐户链接 DNS，并且可以使用此代码来实现。

resource "aws_route53_zone_association" "this" {
  provider = aws.main
  vpc_id  = var.vpc
  zone_id = var.zone
}

resource "aws_route53_vpc_association_authorization" "this" {
  for_each = var.zone_authorizations
  vpc_id = each.key
  zone_id = each.value
}

当我在此代码成功运行后运行 terraform apply 时，但当我再次运行它时，因为我没有在 aws_private_zone 代码中指定 VPC 块，它会尝试解除关联。

  ~ resource "aws_route53_zone" "aws_private_zone" {
        comment       = "Managed by Terraform"
        force_destroy = false
        id            = "XXXXX"
        name          = "XXXXX"
        name_servers  = [XXXX]
        tags          = {}
        tags_all      = {}
        zone_id       = "XXXXXX"

        vpc {
            vpc_id     = "XXXXX"
            vpc_region = "us-east-1"
        }
      - vpc {
          - vpc_id     = "vpc-" -> null
          - vpc_region = "us-east-1" -> null
        }
    }

当我销毁授权和关联，然后添加代码以在专用区域中包含 vpc 块以在有或没有depends_on 的情况下重试时，我收到此错误。

resource "aws_route53_zone" "aws_private_zone" {
  name = var.private_zone

  vpc {
    vpc_id = local.vpc_id
  }

  vpc {
    vpc_id = "vpc-"
  }
  depends_on = [aws_route53_vpc_association_authorization.this, aws_route53_zone_association.this]
  
}

Error: error associating Route53 Hosted Zone (XXXXX) to VPC (vpc-): NotAuthorizedException: User: arn:aws:iam::XXXXX:user/terraform-service is not authorized to perform: route53:AssociateVPCWithHostedZone on resource: arn:aws:ec2:us-east-1:XXXXXX
        status code: 401, request id: XXXXX

  on .terraform/modules/module-vpc-network-01/main.tf line 867, in resource "aws_route53_zone" "aws_private_zone":
 867: resource "aws_route53_zone" "aws_private_zone" {

当我再次运行相同的代码而不进行任何更改时，它可以工作并且没有显示任何更改。

No changes. Infrastructure is up-to-date.

This means that Terraform did not detect any differences between your
configuration and real physical resources that exist. As a result, no
actions need to be performed.

标签： terraformterraform-provider-aws