创建 eks 集群时 terraform 上出现无效 ARN 错误

Question

**resource "aws_iam_role" "eks_role" {
  name = "eks_role"
  assume_role_policy = <<POLICY
{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "eks.amazonaws.com"
      },
      "Action": "sts:AssumeRole"
    }
  ]
}
POLICY
}
resource "aws_iam_role_policy_attachment" "AmazonEKSClusterPolicy" {
  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSClusterPolicy"
  role       = "aws_iam_role.eks_role.name"
}
resource "aws_iam_role_policy_attachment" "AmazonEKSServicePolicy" {
  policy_arn = "arn:aws:iam::aws:policy/AmazonEKSServicePolicy"
  role       = "aws_iam_role.eks_role.name"
}
resource "aws_eks_cluster" "t3_eks" {
  name     = "t3_eks"
  role_arn = "aws_iam_role.eks_role.arn"
  vpc_config {
    security_group_ids = var.sg
    subnet_ids = var.subnets
    endpoint_private_access = false
    endpoint_public_access = true
  }
  depends_on = [
    aws_iam_role_policy_attachment.AmazonEKSClusterPolicy,
    aws_iam_role_policy_attachment.AmazonEKSServicePolicy,
  ]
}**

错误信息 错误：“role_arn”(aws_iam_role.eks_role.arn) 是无效的 ARN：arn：无效前缀

在 EKS\main.tf 第 30 行，资源“aws_eks_cluster”“t3_eks”中： 30：资源“aws_eks_cluster”“t3_eks”{

请有人指导一下可能出了什么问题？

Answer 1

引号对于 terraform 很重要。在 0.12 中，引用的字符串“aws_iam_role.eks_role.arn”只是一个字符串。为了将其插入为实际变量，您需要删除引号：

resource "aws_eks_cluster" "t3_eks" {
  name     = "t3_eks"
  role_arn = aws_iam_role.eks_role.arn

还可以在字符串中插入变量，这是 terraform 0.11 或更早版本所必需的：

resource "aws_eks_cluster" "t3_eks" {
  name     = "t3_eks"
  role_arn = "${aws_iam_role.eks_role.arn}"