【发布时间】:2018-12-31 12:59:39
【问题描述】:
我正在尝试在 Terragrunt 中利用 Okta 的使用,并且在担任该角色时遇到了一些问题。 我的 ~/.aws/config 文件
aws_saml_url = home/amazon_aws/XXXXXXXXX/XXXXXXXXX
[profile assume-admin]
role_arn = arn:aws:iam::XXXXXXXXX:role/assumeAdmin
region = us-west-2
[profile dev]
source_profile = assume-admin
role_arn = arn:aws:iam::XXXXXXXXX:role/adminUser
没有 terragrunt,只使用 Terraform 和 Okta,我没有发现任何问题。
$ aws-okta exec dev -- bash
$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
data.terraform_remote_state.bastion: Refreshing state...
data.terraform_remote_state.vpc: Refreshing state...
data.terraform_remote_state.bastion: Refreshing state...
data.terraform_remote_state.vpc: Refreshing state...
data.aws_caller_identity.current: Refreshing state...
SNIP
Plan: 0 to add, 2 to change, 0 to destroy.
Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.
现在使用 Terragrunt
terragrunt plan
[terragrunt] [/Users/user/dev/infrastructure/terraform/accounts/dev/us-west-2/dev/app] 2018/07/23 17:32:56 Running command: terraform --version
[terragrunt] 2018/07/23 17:32:56 Reading Terragrunt config file at /Users/user/dev/infrastructure/terraform/accounts/dev/us-west-2/dev/app/terraform.tfvars
[terragrunt] 2018/07/23 17:32:56 Backend s3 has not changed.
[terragrunt] 2018/07/23 17:32:56 Error initializing session: SharedConfigAssumeRoleError: failed to load assume role for arn:aws:iam::XXXXXXXXX:role/adminUser, source profile has no shared credentials
[terragrunt] 2018/07/23 17:32:56 Unable to determine underlying exit code, so Terragrunt will exit with error code 1
谢谢。
【问题讨论】:
标签: terraform okta terragrunt