AWS Ip restriction and Terraform
Sarah
We have implemented an ip restriction, using the policy provided in the aws documentation:
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Deny",
"Action": "*",
"Resource": "*",
"Condition": {"NotIpAddress": {"aws:SourceIp": [
"XX.XX.XX.XX/XX",
"XX.XX.XX.XX/XX"
]}}
}
}
Our Infrastructure is managed and deployed using Terraform, however when we run Terraform whilst the policy is active we get an error:
InvalidVPCId. Failed to verify the given VPC by calling ec2:DescribeVpcs: You are not authorised to perform this operation.
Terraform is running with using our AWS user credentials and is connecting with an IP listed in the policy. I have checked the CloudTrail logs and from what I have seen so far it is showing my username, correct IP and Key details.
Without the policy attached Terraform is running correctly and able to complete the requested tasks. Is there any known reasons why this would be failing or suggestions on how we can alter the policy to allow this to work?
David Adams
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/8d18784e-e661-4d1c-8c56-62984e874db8%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
ma...@maglana.com
On Monday, October 31, 2016 at 6:43:31 AM UTC-7, David Adams wrote:
This sounds like an AWS issue rather than a Terraform problem. Have you contacted AWS support?Are you able to use the AWS CLI to run `aws ec2 describe-vpcs` from the same machine using the same credentials when the policy is in place?
On Mon, Oct 31, 2016 at 3:53 AM, Sarah <grumpymo...@gmail.com> wrote:
We have implemented an ip restriction, using the policy provided in the aws documentation:
{
"Version": "2012-10-17",
"Statement": {
"Effect": "Deny",
"Action": "*",
"Resource": "*",
"Condition": {"NotIpAddress": {"aws:SourceIp": [
"XX.XX.XX.XX/XX",
"XX.XX.XX.XX/XX"
]}}
}
}
Our Infrastructure is managed and deployed using Terraform, however when we run Terraform whilst the policy is active we get an error:
InvalidVPCId. Failed to verify the given VPC by calling ec2:DescribeVpcs: You are not authorised to perform this operation.
Terraform is running with using our AWS user credentials and is connecting with an IP listed in the policy. I have checked the CloudTrail logs and from what I have seen so far it is showing my username, correct IP and Key details.
Without the policy attached Terraform is running correctly and able to complete the requested tasks. Is there any known reasons why this would be failing or suggestions on how we can alter the policy to allow this to work?
--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.
