如何导入 Terraform 策略附件?
How to import terraform policy attachment?
我们的主要目标是将一些资源移动到不同的 Terraform 状态文件。我正在尝试导入资源的策略附件,但它似乎不支持导入策略附件。我收到一个错误。
如果不支持还有什么选择?
我正在尝试导入此政策
+ aws_iam_role_policy_attachment.gitlab_as_attach
id: <computed>
policy_arn: "arn:aws:iam::xxxxxxxxxxxx:policy/gitlab_as_policy"
role: "gitlab_prod"
错误:
terraform import aws_iam_role_policy_attachment.gitlab_as_attach arn:aws:iam::xxxxxxxxx:policy/gitlab_as_policy
aws_iam_role_policy_attachment.gitlab_as_attach: Importing from ID "arn:aws:iam::xxxxxxxx:policy/gitlab_as_policy"...
Error importing: 1 error(s) occurred:
* aws_iam_role_policy_attachment.gitlab_as_attach (import id: arn:aws:iam::xxxxxxxxxx:policy/gitlab_as_policy): import aws_iam_role_policy_attachment.gitlab_as_attach (id: arn:aws:iam::xxxxxxxxxx:policy/gitlab_as_policy): resource aws_iam_role_policy_attachment doesn't support import
terraform 版本:
Terraform v0.11.0
+ provider.aws v1.5.0
编辑: a new PR was written and merged, and a new version of the AWS Terraform provider (1.37.0) 已发布,添加了此功能。这个答案现在不再有效了;请参阅 Momooo 的回答以了解如何执行此操作。
不幸的是,这已经是一个open issue in the AWS Terraform provider for a while, and the PR that would fix it被放弃了。您可以尝试分离策略,刷新 terraform,执行导入,然后在导入后 re-attach。
此问题已在 provider.aws 插件的 1.37.0 中修复。升级与地形相关的插件和模块。
升级插件运行下面的命令
terraform init -upgrade
升级模块运行下面的命令
terraform get -update
有关更多信息,请查看与 Terraform 相关的缺陷和增强功能
我 运行 今天为 aws_iam_role_policy_attachment 导入并且成功了。
terraform import -provider=aws.{example} aws_iam_role_policy_attachment.role-attach-1 {test-role}/arn:aws:iam::aws:policy/ReadOnlyAccess
aws_iam_role_policy_attachment.role-attach-1: Importing from ID "{test-role}/arn:aws:iam::aws:policy/ReadOnlyAccess"...
aws_iam_role_policy_attachment.role-attach-1: Import complete!
Imported aws_iam_role_policy_attachment (ID: {test-role}-arn:aws:iam::aws:policy/ReadOnlyAccess)
aws_iam_role_policy_attachment.role-attach-1: Refreshing state... (ID: {test-role}-arn:aws:iam::aws:policy/ReadOnlyAccess)
希望对您有所帮助。
根据@Momooo 的回复,我能够像这样导入用户策略附件:
terraform import aws_iam_user_policy_attachment.TERRAFORM_RESOURCE_NAME USER_NAME/POLICY_ARN
我们的主要目标是将一些资源移动到不同的 Terraform 状态文件。我正在尝试导入资源的策略附件,但它似乎不支持导入策略附件。我收到一个错误。
如果不支持还有什么选择?
我正在尝试导入此政策
+ aws_iam_role_policy_attachment.gitlab_as_attach
id: <computed>
policy_arn: "arn:aws:iam::xxxxxxxxxxxx:policy/gitlab_as_policy"
role: "gitlab_prod"
错误:
terraform import aws_iam_role_policy_attachment.gitlab_as_attach arn:aws:iam::xxxxxxxxx:policy/gitlab_as_policy
aws_iam_role_policy_attachment.gitlab_as_attach: Importing from ID "arn:aws:iam::xxxxxxxx:policy/gitlab_as_policy"...
Error importing: 1 error(s) occurred:
* aws_iam_role_policy_attachment.gitlab_as_attach (import id: arn:aws:iam::xxxxxxxxxx:policy/gitlab_as_policy): import aws_iam_role_policy_attachment.gitlab_as_attach (id: arn:aws:iam::xxxxxxxxxx:policy/gitlab_as_policy): resource aws_iam_role_policy_attachment doesn't support import
terraform 版本:
Terraform v0.11.0
+ provider.aws v1.5.0
编辑: a new PR was written and merged, and a new version of the AWS Terraform provider (1.37.0) 已发布,添加了此功能。这个答案现在不再有效了;请参阅 Momooo 的回答以了解如何执行此操作。
不幸的是,这已经是一个open issue in the AWS Terraform provider for a while, and the PR that would fix it被放弃了。您可以尝试分离策略,刷新 terraform,执行导入,然后在导入后 re-attach。
此问题已在 provider.aws 插件的 1.37.0 中修复。升级与地形相关的插件和模块。
升级插件运行下面的命令
terraform init -upgrade
升级模块运行下面的命令
terraform get -update
有关更多信息,请查看与 Terraform 相关的缺陷和增强功能
我 运行 今天为 aws_iam_role_policy_attachment 导入并且成功了。
terraform import -provider=aws.{example} aws_iam_role_policy_attachment.role-attach-1 {test-role}/arn:aws:iam::aws:policy/ReadOnlyAccess
aws_iam_role_policy_attachment.role-attach-1: Importing from ID "{test-role}/arn:aws:iam::aws:policy/ReadOnlyAccess"...
aws_iam_role_policy_attachment.role-attach-1: Import complete!
Imported aws_iam_role_policy_attachment (ID: {test-role}-arn:aws:iam::aws:policy/ReadOnlyAccess)
aws_iam_role_policy_attachment.role-attach-1: Refreshing state... (ID: {test-role}-arn:aws:iam::aws:policy/ReadOnlyAccess)
希望对您有所帮助。
根据@Momooo 的回复,我能够像这样导入用户策略附件:
terraform import aws_iam_user_policy_attachment.TERRAFORM_RESOURCE_NAME USER_NAME/POLICY_ARN