terraform - 使用实例配置文件在EC2上运行

我正在尝试在AWS EC2实例上运行Terraform，该实例是使用实例配置文件设置的 . 但是，Terraform似乎没有隐式使用实例配置文件，因此，每当它尝试访问我的S3远程状态时，我都会收到“访问被拒绝”错误 .

从文档来看，我无法告诉我是否需要指定AWS_METADATA_URL，或者是否还有其他任何我明确需要做的事情才能使其工作 .

根据Terraform文档：

EC2角色如果您使用IAM角色从具有IAM实例配置文件的EC2实例运行Terraform，Terraform将只询问元数据API endpoints 的凭据 . 在EC2中运行时，这是一种优于任何其他方法，因为您可以避免硬编码凭据 . 相反，这些是Terraform即时租赁的，可以减少泄漏的机会 . 您可以通过AWS_METADATA_URL变量提供自定义元数据API endpoints ，该变量需要 endpoints URL，包括版本，默认为http://169.254.169.254:80/latest

这是我正在尝试运行的示例：

# main.tf

provider "aws" {
  region = "${var.region}"
}

terraform {
  backend "s3" {}
}

module "core" {
  // ....
}


# init .sh

terraform init -force-copy -input=false \
        -backend-config="bucket=$TERRAFORM_STATE_BUCKET" \
        -backend-config="key=$ENVIRONMENT/$SERVICE" \
        -backend-config="region=$REGION" \
        -upgrade=true

# AWS policy
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "",
            "Effect": "Allow",
            "Action": [
                "s3:*"
            ],
            "Resource": [
                "*"
            ]
        },
    ]
}

更新

似乎s3 list-objects命令在terraform中失败，尽管我的策略应该允许这样做

-----------------------------------------------------
2018/02/20 21:09:37 [DEBUG] [aws-sdk-go] DEBUG: Response s3/ListObjects Details:
---[ RESPONSE ]--------------------------------------
HTTP/1.1 403 Forbidden
Connection: close
Transfer-Encoding: chunked
Content-Type: application/xml
Date: Tue, 20 Feb 2018 21:09:36 GMT
Server: AmazonS3
X-Amz-Id-2: OVK5E3d5R+Jgj3if5lxAXkwuERPZWsJNFJ7NeMYFbSrhQ/h4FfpV4z2mlgXFKT1Hg7lsqJ/jE6Q=
X-Amz-Request-Id: FE6B77C5C74BCFFF


-----------------------------------------------------
2018/02/20 21:09:37 [DEBUG] [aws-sdk-go] <?xml version="1.0" encoding="UTF-8"?>
<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>FE6B77C5C74BCFFF</RequestId><HostId>OVK5E3d5R+Jgj3if5lxAXkwuERPZWsJNFJ7NeMYFbSrhQ/h4FfpV4z2mlgXFKT1Hg7lsqJ/jE6Q=</HostId></Error>
2018/02/20 21:09:37 [DEBUG] [aws-sdk-go] DEBUG: Validate Response s3/ListObjects failed, not retrying, error AccessDenied: Access Denied
    status code: 403, request id: FE6B77C5C74BCFFF, host id: OVK5E3d5R+Jgj3if5lxAXkwuERPZWsJNFJ7NeMYFbSrhQ/h4FfpV4z2mlgXFKT1Hg7lsqJ/jE6Q=
2018/02/20 21:09:37 [DEBUG] plugin: waiting for all plugin processes to complete...
[31mError inspecting state in "s3": AccessDenied: Access Denied
    status code: 403, request id: FE6B77C5C74BCFFF, host id: OVK5E3d5R+Jgj3if5lxAXkwuERPZWsJNFJ7NeMYFbSrhQ/h4FfpV4z2mlgXFKT1Hg7lsqJ/jE6Q=