search

gravicore / terraform-gravicore-modules

This is a collection of reusable Terraform modules for Gravicore's cloud automation platform.
https://gravicore.io
Apache License 2.0
8 stars 9 forks source link

DNS authorization error when deploying VPC #25

Closed jeremyodle closed 5 years ago

jeremyodle commented 5 years ago

Receiving an error when trying to deploy VPCs:

null_resource.create_remote_zone_auth: Destroying... (ID: 756131847988110860)
null_resource.create_remote_zone_auth: Destruction complete after 0s
null_resource.create_remote_zone_auth: Creating...
  triggers.%:       "" => "1"
  triggers.zone_id: "" => "Z38Q3G3NYVE7RI"
null_resource.create_remote_zone_auth: Provisioning with 'local-exec'...
null_resource.create_remote_zone_auth (local-exec): Executing: ["/bin/sh" "-c" "aws route53 create-vpc-association-authorization --hosted-zone-id Z38Q3G3NYVE7RI --vpc VPCRegion=us-east-1,VPCId=vpc-0cb211b24da133053"]

null_resource.create_remote_zone_auth (local-exec): An error occurred (AccessDenied) when calling the CreateVPCAssociationAuthorization operation: User: arn:aws:iam::125902859862:user/jeremy.odle is not authorized to access this resource
Releasing state lock. This may take a few moments...

Error: Error applying plan:

1 error(s) occurred:

* null_resource.create_remote_zone_auth: Error running command 'aws route53 create-vpc-association-authorization --hosted-zone-id Z38Q3G3NYVE7RI --vpc VPCRegion=us-east-1,VPCId=vpc-0cb211b24da133053': exit status 255. Output: 
An error occurred (AccessDenied) when calling the CreateVPCAssociationAuthorization operation: User: arn:aws:iam::125902859862:user/jeremy.odle is not authorized to access this resource

Suggest moving create-vpc-association-authorization to manual command in outputs for now.

jeremyodle commented 5 years ago

We're changing the way we deploy DNS. DNS zones will now be in the same account as the VPCs. Therefore, we will not need to create a zone authorization request.