在 Terraform 中创建 AWS VPN 时出现 ConcurrentMutationLimitExceeded 问题
我正在寻求一些帮助来指明正确的方向。我正在开发一个从现有 VPC 创建 VPN 的模块,并在应用配置时遇到来自 AWS 的问题。
错误:创建客户端 VPN 网络关联时出错:ConcurrentMutationLimitExceeded:此时无法为此端点发起另一次更改。请稍后重试。
据我所知,Terraform 正在并行旋转网络关联,导致 AWS 在并发请求上出错。
这看起来相当“标准”,因为它部署在 3 个可用区的 us-east-2 中(us-east-2a、us-east-2b< /code> 和 us-east-2c),因此感觉有点怀疑同时启动这 3 个调用可能是根本问题。以较少的并行性运行的解决方法可能会让人感觉有点hacky。
resource "aws_ec2_client_vpn_network_association" "main" {
for_each = data.aws_subnet_ids.private.ids
client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.main.id
subnet_id = each.key
security_groups = [aws_security_group.vpn_access.id]
}
此处提供了该模块的完整版本: https://gist.github.com/bobbrez/0e1bcb4ef376c2b7ebfed9061a74ff19< /a>
I am looking for some help to be pointed in the right direction. I am working on a module to create a VPN from an existing VPC and am running into with from AWS when applying the configuration.
Error: Error creating Client VPN network association: ConcurrentMutationLimitExceeded: Cannot initiate another change for this endpoint at this time. Please try again later.
From what I gather, it looks like Terraform is spinning up the network associations in parallel and causing AWS to trip on the simultaneous requests.
This seems pretty "standard" as it is being deployed in us-east-2 across 3 AZs (us-east-2a, us-east-2b, and us-east-2c), so it feels a bit suspect that initiating these 3 calls simultaneously would be the root issue. A workaround with running with less parallelism might work be feels a bit hacky.
resource "aws_ec2_client_vpn_network_association" "main" {
for_each = data.aws_subnet_ids.private.ids
client_vpn_endpoint_id = aws_ec2_client_vpn_endpoint.main.id
subnet_id = each.key
security_groups = [aws_security_group.vpn_access.id]
}
A fully spike of the module is available here: https://gist.github.com/bobbrez/0e1bcb4ef376c2b7ebfed9061a74ff19
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论