[英]How can I connect to the AWS IAM API in a private VPC?
I am trying to run Terraform in a private VPC using the AWS provider.我正在尝试使用 AWS 提供商在私有 VPC 中运行 Terraform。 Terraform supports overriding various AWS endpoints and so I have been using VPC Endpoints to expose relevant services in my VPC and overriding those endpoints in my provider configuration.
Terraform 支持覆盖各种 AWS 终端节点,因此我一直使用VPC 终端节点在我的 VPC 中公开相关服务并在我的提供者配置中覆盖这些终端节点。
Unfortunately IAM is not supported by VPC Endpoints - I need this API to create some resource for example AWS roles, so how can I use this API in my private VPC from Terraform?不幸的是,VPC Endpoints 不支持 IAM - 我需要这个 API 来创建一些资源,例如 AWS 角色,那么我如何在 Terraform 的私有 VPC 中使用这个 API?
$ terraform -v
Terraform v0.11.13
+ provider.aws v2.17.0
Cloudformation supports VPC endpoints. Cloudformation 支持 VPC 端点。 So you can make a Cloudformation template that creates the IAM resources.
因此,您可以制作一个 Cloudformation 模板来创建 IAM 资源。 Then apply that cloudformation stack via terraform.
然后通过 terraform 应用该 cloudformation 堆栈。 Then do another Terraform module that refers to those resources as data sources.
然后执行另一个 Terraform 模块,将这些资源称为数据源。
Given the constraints of your problem, it is only possible to solve this indirectly.鉴于您的问题的限制,只能间接解决这个问题。
Docs: Terraform Docs for Cloudformation Docs for AWS Cloudformation VPC Endpoints Docs: Terraform Docs for Cloudformation Docs for AWS Cloudformation VPC Endpoints
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.