我试图为EC2节点创建一个VPC端点,以访问us-east-1中同一VPC内的S3存储桶,而不必通过NAT网关。通过浏览器用户界面手动设置时,一切似乎都正常。然后,我将其删除,并在terraform配置中将其定义为aws_vpc_endpoint,如下所示:
resource "aws_vpc_endpoint" "vpc-s3-endpoint-dev" {
vpc_id = "${aws_vpc.dev.id}"
service_name = "com.amazonaws.us-east-1.s3"
route_table_ids = ["${aws_route_table.dev-us-east-1-private.id}"]
}
该计划很好,当我尝试申请时,我得到了这个
Error: Error applying plan:
1 error(s) occurred:
* aws_vpc_endpoint.vpc-s3-endpoint-dev: 1 error(s) occurred:
* aws_vpc_endpoint.vpc-s3-endpoint-dev: Error creating VPC Endpoint: InvalidServiceName: The Vpc Endpoint Service 'com.amazonaws.us-east-1.s3' does not exist
status code: 400,request id: b062c637-ec55-4da4-8527-73b24c10fa3d
据我所知,我做对了所有事情。该路由表与我关联的手动创建的测试VPC端点相同。我尝试通过将关联的路由表分解为单独的aws_vpc_endpoint_route_table_association,甚至根本没有,来做到这一点。我还尝试了us-east-1 S3服务端点的其他别名(com.amazonaws.s3等)。我只是不断遇到同样令人沮丧的错误,而且我也没主意。
编辑:更多上下文
provider "aws" {
alias = "dev"
version = "= 2.12.0"
profile = "development"
region = "us-east-1"
}
resource "aws_vpc" "dev" {
provider = "aws.dev"
cidr_block = "10.201.0.0/16"
enable_dns_support = "true"
enable_dns_hostnames = "true"
}
将特定的提供程序添加到aws_vpc_endpoint
资源似乎可行。
aws_vpc_endpoint.vpc-s3-endpoint-dev-xxx-xxxxx: Creation complete after 6s (ID: vpce-xxxxxxxxxxxxx)
Apply complete! Resources: 1 added,0 changed,0 destroyed.