使用 terraform 0.9.3 创建 AWS Lambda 函数时,我无法使其加入我选择的 VPC。
这是我的函数的样子:
resource "aws_lambda_function" "lambda_function" {
s3_bucket = "${var.s3_bucket}"
s3_key = "${var.s3_key}"
function_name = "${var.function_name}"
role = "${var.role_arn}"
handler = "${var.handler}"
runtime = "${var.runtime}"
timeout = "30"
memory_size = 256
publish = true
vpc_config {
subnet_ids = ["${var.subnet_ids}"]
security_group_ids = ["${var.security_group_ids}"]
}
}
我用于该角色的策略是
data "aws_iam_policy_document" "lambda-policy_policy_document" {
statement {
effect = "Allow"
actions = [
"ec2:DescribeSecurityGroups",
"ec2:DescribeSubnets",
"ec2:DescribeVpcs",
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents",
"ec2:CreateNetworkInterface",
"ec2:DescribeNetworkInterfaces",
"ec2:DeleteNetworkInterface"
]
resources = ["*"]
}
}
资源创建得很好,如果我尝试通过 AWS 控制台添加 VPC 和子网,一切都会解决。
更新(创作计划):
module.******.aws_lambda_function.lambda_function
arn: "<computed>"
environment.#: "1"
environment.0.variables.%: "1"
environment.0.variables.environment: "******"
function_name: "******"
handler: "******"
last_modified: "<computed>"
memory_size: "256"
publish: "true"
qualified_arn: "<computed>"
role: "******"
runtime: "******"
s3_bucket: "******"
s3_key: "******"
source_code_hash: "<computed>"
timeout: "30"
version: "<computed>"
vpc_config.#: "1"
vpc_config.0.vpc_id: "<computed>"
但是,如果我再次运行 terraform plan,VPC 配置总是会发生变化。
vpc_config.#: "0" => "1" (forces new resource)
最佳答案
我认为subnet_ids的值是这样的:"subnet-xxxxx,subnet-yyyyy,subnet-zzzzz"并将其作为单个子网而不是列表。你可以像这样解决这个问题:
vpc_config {
subnet_ids = ["${split(",", var.subnet_ids)}"]
security_group_ids = ["${var.security_group_ids}"]
}
关于amazon-web-services - Terraform 上的 AWS Lambda VPC,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/43590164/