Warm tip: This article is reproduced from stackoverflow.com, please click
amazon-web-services terraform terraform-provider-aws

Why does the terraform 'apply' command fail?

发布于 2020-04-13 09:55:08 
variable "server_port" {
  description = "web server port"
  default = 8080  
}
resource "aws_launch_configuration" "example" {
  image_id        = "ami-0bea7fd38fabe821a"
  instance_type   = "t2.micro"
  security_groups = ["${aws_security_group.instance.id}"]

  user_data = <<-EOF
              #!/bin/bash
              echo "Hello, World" > index.html
              nohup busynox httpd -f -p "${var.server_port}" &
              EOF

  lifecycle {
    create_before_destroy = true
 }
}

resource "aws_autoscaling_group" "example" {
  launch_configuration = "${aws_launch_configuration.example.id}"

  load_balancers    = ["${aws_elb.example.name}"]
  health_check_type = "ELB"

  min_size = 2
  max_size = 10

  tag {
    key                 = "Name"
    value               = "terraform-asg-example"
    propagate_at_launch = true
  }
}

resource "aws_security_group" "instance" {
  name = "terraform-example-instance"

  ingress {
    from_port   = "${var.server_port}"
    to_port     = "${var.server_port}"
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  lifecycle {
    create_before_destroy = true
  }
}


resource "aws_elb" "example" {
  name               = "terraform-asg-example"
  security_groups    = ["${aws_security_group.elb.id}"]

  listener {
    lb_port           = 80
    lb_protocol       = "http"
    instance_port     = "${var.server_port}"
    instance_protocol = "http"
  }

  health_check {
    healthy_threshold   = 2
    unhealthy_threshold = 2
    timeout             = 3
    interval            = 30
    target              = "HTTP:${var.server_port}/"
  }
}

resource "aws_security_group" "elb" {
  name = "terraform-example-elb"

  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

[Error: Error creating Security Group: UnauthorizedOperation: You are not authorized to perform this operation. status code: 403, request id: c2e34351-7fa9-4f7e-845a-77458485bfe9

on web_infra.tf line 37, in resource "aws_security_group" "instance": 37: resource "aws_security_group" "instance" {

Error: Error creating Security Group: UnauthorizedOperation: You are not authorized to perform this operation. status code: 403, request id: 4229e1ae-a46d-42fc-8bab-4bb0b7ccd656

on web_infra.tf line 73, in resource "aws_security_group" "elb": 73: resource "aws_security_group" "elb" {]

My IAM permission is AdministratorAccess.

Questioner
sangyul lee
Viewed
73
分享
sangyul lee 2020-02-04 09:11

I found the answer. 

1. aws sts get-session-token --profile default --serial-number arn:aws:iam::3423412:mfa/test@test.com --token-code 509939 

2. credentials file 
[mfa] 
aws_arn_mfa = 
aws_access_key_id = 
aws_secret_access_key = 
aws_session_token = 
region = 

3. terraform provier file 
provider "aws" { 
region = " " 
shared_credentials_file = "credentials file" 
profile = "mfa" 
}

Related issues

1
Logback with Elastic Beanstalk
2
elasticbeanstalk failed to deploy worker environment /var/pids/web.pid: no such file or directory
3
What is the different between replica and db instance in Aurora Postgresql?
4
AWS Elastic Beanstalk Application Logging with Logback
5
python cant find packages on ec2 instance
6
Terraform: cat command issues
7
Amazon S3 Web Server?
8
dynamodb streams adapter for KCL in Java SDK v2.x
9
DynamoDB nested items inserting Android
10
AWS AppSync with Firebase as OpenID Connect provider