search

terraform-yc-modules / terraform-yc-s3

MIT License
6 stars 9 forks source link

no EC2 IMDS role found #5

Closed somewho closed 5 days ago

somewho commented 5 months ago

Error: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, request canceled, context deadline exceeded

Деплой производится в чистом окружении из примера, включенного в поставку модуля

$ yc config profile get default
token: <TOKEN>
cloud-id: b1giruaq0t1pj64884s6
folder-id: b1g0im8csj2219e97jcq
compute-default-zone: ru-central1-a

$ export YC_TOKEN=$(yc iam create-token)
$ export YC_CLOUD_ID=$(yc config get cloud-id)
$ export YC_FOLDER_ID=$(yc config get folder-id)

$ git clone https://github.com/terraform-yc-modules/terraform-yc-s3
Cloning into 'terraform-yc-s3'...
remote: Enumerating objects: 57, done.
remote: Counting objects: 100% (57/57), done.
remote: Compressing objects: 100% (40/40), done.
remote: Total 57 (delta 19), reused 48 (delta 15), pack-reused 0
Receiving objects: 100% (57/57), 28.26 KiB | 5.65 MiB/s, done.
Resolving deltas: 100% (19/19), done.

$ cd terraform-yc-s3/examples/simple-bucket/
$ terraform init

Initializing the backend...
Initializing modules...
- s3 in ../..

Initializing provider plugins...
- Finding hashicorp/random versions matching "> 3.5.0"...
- Finding yandex-cloud/yandex versions matching "> 0.9.0"...
- Finding hashicorp/aws versions matching "> 5.1.0"...
- Installing hashicorp/aws v5.35.0...
- Installed hashicorp/aws v5.35.0 (unauthenticated)
- Installing hashicorp/random v3.6.0...
- Installed hashicorp/random v3.6.0 (unauthenticated)
- Installing yandex-cloud/yandex v0.107.0...
- Installed yandex-cloud/yandex v0.107.0 (unauthenticated)

Terraform has created a lock file .terraform.lock.hcl to record the provider
selections it made above. Include this file in your version control repository
so that Terraform can guarantee to make the same selections by default when
you run "terraform init" in the future.

╷
│ Warning: Incomplete lock file information for providers
│ 
│ Due to your customized provider installation methods, Terraform was forced to calculate lock file checksums locally for the following providers:
│   - hashicorp/aws
│   - hashicorp/random
│   - yandex-cloud/yandex
│ 
│ The current .terraform.lock.hcl file only includes checksums for linux_amd64, so Terraform running on another platform will fail to install these providers.
│ 
│ To calculate additional checksums for another platform, run:
│   terraform providers lock -platform=linux_amd64
│ (where linux_amd64 is the platform to generate)
╵

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

$ terraform plan
module.s3.data.yandex_client_config.client: Reading...
module.s3.data.yandex_client_config.client: Read complete after 0s [id=789511580]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
  + create

Terraform planned the following actions, but then encountered a problem:

  # random_string.unique_id will be created
  + resource "random_string" "unique_id" {
      + id          = (known after apply)
      + length      = 8
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.s3.random_string.unique_id will be created
  + resource "random_string" "unique_id" {
      + id          = (known after apply)
      + length      = 8
      + lower       = true
      + min_lower   = 0
      + min_numeric = 0
      + min_special = 0
      + min_upper   = 0
      + number      = true
      + numeric     = true
      + result      = (known after apply)
      + special     = false
      + upper       = false
    }

  # module.s3.yandex_iam_service_account.storage_admin[0] will be created
  + resource "yandex_iam_service_account" "storage_admin" {
      + created_at  = (known after apply)
      + description = "Service account for Object storage admin."
      + folder_id   = "b1g0im8csj2219e97jcq"
      + id          = (known after apply)
      + name        = (known after apply)
    }

  # module.s3.yandex_iam_service_account_static_access_key.storage_admin[0] will be created
  + resource "yandex_iam_service_account_static_access_key" "storage_admin" {
      + access_key           = (known after apply)
      + created_at           = (known after apply)
      + description          = "Static access key for Object storage admin service account."
      + encrypted_secret_key = (known after apply)
      + id                   = (known after apply)
      + key_fingerprint      = (known after apply)
      + secret_key           = (sensitive value)
      + service_account_id   = (known after apply)
    }

  # module.s3.yandex_resourcemanager_folder_iam_member.storage_admin[0] will be created
  + resource "yandex_resourcemanager_folder_iam_member" "storage_admin" {
      + folder_id = "b1g0im8csj2219e97jcq"
      + id        = (known after apply)
      + member    = (known after apply)
      + role      = "storage.admin"
    }

Plan: 5 to add, 0 to change, 0 to destroy.
╷
│ Error: No valid credential sources found
│ 
│   with provider["registry.terraform.io/hashicorp/aws"],
│   on versions.tf line 22, in provider "aws":
│   22: provider "aws" {
│ 
│ Please see https://registry.terraform.io/providers/hashicorp/aws
│ for more information about providing credentials.
│ 
│ Error: failed to refresh cached credentials, no EC2 IMDS role found, operation error ec2imds: GetMetadata, request canceled, context deadline exceeded
StackAls commented 5 months ago

Такая же проблема

evecherskii commented 4 months ago

кроме указанных в readme параметров для конфигурации провайдера нужно так же указать фейковые access и secret. Вот так

provider "aws" {
  region = "us-east-1"
  skip_credentials_validation = true
  skip_requesting_account_id  = true
  skip_metadata_api_check     = true
  access_key                  = "mock_access_key"
  secret_key                  = "mock_secret_key"
}
patsevanton commented 3 weeks ago

Сделал для yandex cloud PR https://github.com/terraform-yc-modules/terraform-yc-s3/pull/9 Ждем когда замержат.