为什么在Terraform尝试auto_accept vpc对等时出现权限错误?

我正在尝试在帐户之间创建一个VPC对等体并自动接受它，但是它失败并出现权限错误.

I am trying to create a VPC peer between accounts and auto accepting it but it fails with permissions error.

以下是 main.tf

provider "aws" {
  region                   = "${var.region}"
  shared_credentials_file  = "/Users/<username>/.aws/credentials"
  profile                  = "sandbox"
}

data "aws_caller_identity" "current" { }

这是 vpc_peer 模块:

resource "aws_vpc_peering_connection" "peer" {
      peer_owner_id              = "${var.peer_owner_id}"
      peer_vpc_id                = "${var.peer_vpc_id}"
      vpc_id                     = "${var.vpc_id}"
      auto_accept                = "${var.auto_accept}"

      accepter {
        allow_remote_vpc_dns_resolution = true
      }

      requester {
        allow_remote_vpc_dns_resolution = true
      }

      tags {
        Name = "VPC Peering between ${var.peer_vpc_id} and ${var.vpc_id}"
      }
}

这是maint.ft中的模块执行

Here is the module execution in the maint.ft

module "peering" {
  source = "../modules/vpc_peer"

  region        = "${var.region}"
  peer_owner_id = "<management account number>"
  peer_vpc_id   = "<vpc-********>"
  vpc_id        = "${module.network.vpc_id}"
  auto_accept   = "true"
}

现在，我从沙盒"提供程序中使用的IAM用户具有管理帐户中VPC中对VPC对等的权限.

Now the IAM user I am using from the "sandbox" provider has permissions for VPC peering in the VPC which is in the management account.

我从AWS使用了以下过程: http://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html

I used the following procedure from AWS: http://docs.aws.amazon.com/IAM/latest/UserGuide/tutorial_cross-account-with-roles.html

不幸的是，我一直失败，并出现以下错误:

Unfortunately I keep failing with the following error:

1 error(s) occurred:

* aws_vpc_peering_connection.peer: Unable to accept VPC Peering Connection: OperationNotPermitted: User 651267440910 cannot accept peering pcx-f9c55290
    status code: 400, request id: cfbe1163-241e-413b-a8de-d2bca19726e5

有什么想法吗?