如何使用terraform在vpc上运行金丝雀?

我真的很难在使用terraform的vpc上运行金丝雀。首先,我为canary、s3 bucket、secrets manager、logs和cloudwatch创建了vpc端点。我之所以创建这一切,是因为我的金丝雀依赖于这4个实体(s3 bucket、secrets manager、logs和cloudwatch alarms)。但是金丝雀无法将工件上传到s3 bucket。

我得到以下错误

没有返回测试结果。30000ms后连接超时

这是端点创建脚本。

data "aws_caller_identity" "current" {}

resource "aws_route_table" "canary-vpc-route-table" {
    vpc_id = var.vpc_id
    tags = {
      Name = "${var.env}-canary-vpc-route-table"
      env = var.env
    }
}

resource "aws_vpc_endpoint" "artifact_s3_endpoint" {
  vpc_id            = var.vpc_id
  service_name      = "com.amazonaws.${var.region}.s3"
  vpc_endpoint_type = "Gateway"
   policy = <<POLICY
{
    "Statement": [
        {
            "Action": "*",
            "Effect": "Allow",
            "Resource": "*",
            "Principal": "*"
        }
    ]
}
POLICY
}

resource "aws_vpc_endpoint" "cloudwatch_endpoint" {
  vpc_id            = var.vpc_id
  service_name      = "com.amazonaws.${var.region}.monitoring"
  vpc_endpoint_type = "Interface"
  subnet_ids        = ["${var.subnet_id}"]
  security_group_ids = ["${var.security_id}"]
  policy            = jsonencode({
  "Statement": [
    {
      "Sid": "PutOnly",
      "Principal": "*",
      "Action": [
        "cloudwatch:PutMetricData"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}) 
private_dns_enabled = true
}


resource "aws_vpc_endpoint" "secrets_manager_endpoint" {
  vpc_id            = var.vpc_id
  service_name      = "com.amazonaws.${var.region}.secretsmanager"
  vpc_endpoint_type = "Interface"
  subnet_ids        = ["${var.subnet_id}"]
  security_group_ids = ["${var.security_id}"]
  policy            = jsonencode({
  "Statement": [
    {
      "Sid": "AccessSpecificAccount",
      "Principal": {"AWS": "${data.aws_caller_identity.current.account_id}"},
      "Action": "secretsmanager:*",
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
})
private_dns_enabled = true
}

resource "aws_vpc_endpoint" "canary_endpoint" {
  vpc_id            = var.vpc_id
  service_name      = "com.amazonaws.${var.region}.synthetics"
  vpc_endpoint_type = "Interface"
  subnet_ids        = ["${var.subnet_id}"]
  security_group_ids = ["${var.security_id}"]
  policy              = jsonencode({
    "Statement": [
        {
            "Action": [
                "synthetics:DescribeCanaries",
                "synthetics:GetCanaryRuns"
            ],
            "Effect": "Allow",
            "Resource": "*",
            "Principal": "*"
        }
    ]
}) 
private_dns_enabled = true
}

resource "aws_vpc_endpoint" "logs_endpoint" {
  vpc_id            = var.vpc_id
  service_name      = "com.amazonaws.${var.region}.logs"
  vpc_endpoint_type = "Interface"
  subnet_ids        = ["${var.subnet_id}"]
  security_group_ids = ["${var.security_id}"]
  policy            =  jsonencode({
  "Statement": [
    {
      "Sid": "PutOnly",
      "Principal": "*",
      "Action": [
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Effect": "Allow",
      "Resource": "*"
    }
  ]
}
)
private_dns_enabled = true
}


resource "aws_vpc_endpoint_route_table_association" "s3-endpoint-route-table-association" {
  route_table_id = aws_route_table.canary-vpc-route-table.id
  vpc_endpoint_id = aws_vpc_endpoint.artifact_s3_endpoint.id
}

有人能帮我找出为什么会出现这个错误吗?提前感谢:)