答え
ec2:RunInstances の権限を付与せよ
Launch Template Support - Amazon EC2 Auto Scaling
やろうとしたこと
terraform で ASGを launch templateでやろうとして発生。
resource "aws_launch_template" "lt" {
name = "test"
instance_type = "t3.large"
image_id = "xxx"
vpc_security_group_ids = [
"sg-xxx"
]
}
resource "aws_autoscaling_group" "asg" {
name = "test"
max_size = 20
desired_capacity = 0
min_size = 0
health_check_grace_period = 0
health_check_type = "EC2"
launch_template {
id = "${aws_launch_template.lt.id}"
version = "$Latest"
}
availability_zones = [
"ap-northeast-1a",
]
vpc_zone_identifier = [
"subnet-xxxx"
]
lifecycle {
ignore_changes = [
"desired_capacity",
]
}
}
IAM Policy これだとだめなんで ec2:RunInstances を足してね
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "ec2:DeleteLaunchTemplate", "ec2:CreateLaunchTemplate", "ec2:GetLaunchTemplateData", "ec2:DescribeLaunchTemplates", "ec2:DescribeLaunchTemplateVersions", "ec2:ModifyLaunchTemplate", "ec2:DeleteLaunchTemplateVersions", "autoscaling:*", "ec2:CreateLaunchTemplateVersion", ], "Resource": "*" } ] }
もうちょっとヒントほしい。
