从 VPC 对等添加路由时,Terraform 不断更新 aws_route_table
Terraform keeps updating aws_route_table when adding routes from VPC Peering
我创建了一个 aws_vpc_peering_connection 来连接到我帐户中的 VPC。我正在使用 aws_route_table 将路由应用于每个 VPC 的路由 table,使用路由 table 部分中的变量来设置路由。
路由 table 应用正确,但 terraform 想要在我之后每次应用它时再次应用它。其中一个 VPC 的 vpc 对等路由的 gateway_id 来自一个变量,因为数据是从另一个模块中提取的。
resource "aws_route_table" "route-table" {
vpc_id = "${aws_vpc.us-west-2-3.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.internet-gateway.id}"
}
route {
cidr_block = "10.12.0.0/16"
gateway_id = "${aws_vpc_peering_connection.usw2-1-usw2-3.id}"
}
}
每次我 plan 或 apply terraform 想要更改 aws_route_table。
~ module.us-west-2-3.aws_route_table.route-table
route.2485290482.cidr_block: "10.12.0.0/16" => ""
route.2485290482.egress_only_gateway_id: "" => ""
route.2485290482.gateway_id: "" => ""
route.2485290482.instance_id: "" => ""
route.2485290482.ipv6_cidr_block: "" => ""
route.2485290482.nat_gateway_id: "" => ""
route.2485290482.network_interface_id: "" => ""
route.2485290482.vpc_peering_connection_id: "pcx-0f3853c43363d28bb" => ""
route.383599590.cidr_block: "" => "10.12.0.0/16"
route.383599590.egress_only_gateway_id: "" => ""
route.383599590.gateway_id: "" => "pcx-0f3853c43363d28bb"
route.383599590.instance_id: "" => ""
route.383599590.ipv6_cidr_block: "" => ""
route.383599590.nat_gateway_id: "" => ""
route.383599590.network_interface_id: "" => ""
route.383599590.vpc_peering_connection_id: "" => ""
route.4190671864.cidr_block: "0.0.0.0/0" => "0.0.0.0/0"
route.4190671864.egress_only_gateway_id: "" => ""
route.4190671864.gateway_id: "igw-84caffe3" => "igw-84caffe3"
route.4190671864.instance_id: "" => ""
route.4190671864.ipv6_cidr_block: "" => ""
route.4190671864.nat_gateway_id: "" => ""
route.4190671864.network_interface_id: "" => ""
route.4190671864.vpc_peering_connection_id: "" => ""
这是我应该报告的错误还是我做错了什么?
在您的第二个内联路由定义中,您指定了 gateway_id。
Gateway_id 用于 internet 访问。您想要使用的是 vpc_peering_connection_id
vpc_peering_connection_id = "${aws_vpc_peering_connection.usw2-1-usw2-3.id}"
官方 terraform 文档提到混合使用 gateway_id 和 nat_gateway_id 时您可能会陷入无限更新,我不会感到惊讶,当您混合使用 gateway_id 时也是如此和 vpc_peering_connection:
NOTE on gateway_id and nat_gateway_id: The AWS API is very forgiving with these two attributes and the aws_route_table resource can be created with a NAT ID specified as a Gateway ID attribute. This will lead to a permanent diff between your configuration and statefile, as the API returns the correct parameters in the returned route table. If you're experiencing constant diffs in your aws_route_table resources, the first thing to check is whether or not you're specifying a NAT ID instead of a Gateway ID, or vice-versa.
来源:https://www.terraform.io/docs/providers/aws/r/route_table.html
我创建了一个 aws_vpc_peering_connection 来连接到我帐户中的 VPC。我正在使用 aws_route_table 将路由应用于每个 VPC 的路由 table,使用路由 table 部分中的变量来设置路由。
路由 table 应用正确,但 terraform 想要在我之后每次应用它时再次应用它。其中一个 VPC 的 vpc 对等路由的 gateway_id 来自一个变量,因为数据是从另一个模块中提取的。
resource "aws_route_table" "route-table" {
vpc_id = "${aws_vpc.us-west-2-3.id}"
route {
cidr_block = "0.0.0.0/0"
gateway_id = "${aws_internet_gateway.internet-gateway.id}"
}
route {
cidr_block = "10.12.0.0/16"
gateway_id = "${aws_vpc_peering_connection.usw2-1-usw2-3.id}"
}
}
每次我 plan 或 apply terraform 想要更改 aws_route_table。
~ module.us-west-2-3.aws_route_table.route-table
route.2485290482.cidr_block: "10.12.0.0/16" => ""
route.2485290482.egress_only_gateway_id: "" => ""
route.2485290482.gateway_id: "" => ""
route.2485290482.instance_id: "" => ""
route.2485290482.ipv6_cidr_block: "" => ""
route.2485290482.nat_gateway_id: "" => ""
route.2485290482.network_interface_id: "" => ""
route.2485290482.vpc_peering_connection_id: "pcx-0f3853c43363d28bb" => ""
route.383599590.cidr_block: "" => "10.12.0.0/16"
route.383599590.egress_only_gateway_id: "" => ""
route.383599590.gateway_id: "" => "pcx-0f3853c43363d28bb"
route.383599590.instance_id: "" => ""
route.383599590.ipv6_cidr_block: "" => ""
route.383599590.nat_gateway_id: "" => ""
route.383599590.network_interface_id: "" => ""
route.383599590.vpc_peering_connection_id: "" => ""
route.4190671864.cidr_block: "0.0.0.0/0" => "0.0.0.0/0"
route.4190671864.egress_only_gateway_id: "" => ""
route.4190671864.gateway_id: "igw-84caffe3" => "igw-84caffe3"
route.4190671864.instance_id: "" => ""
route.4190671864.ipv6_cidr_block: "" => ""
route.4190671864.nat_gateway_id: "" => ""
route.4190671864.network_interface_id: "" => ""
route.4190671864.vpc_peering_connection_id: "" => ""
这是我应该报告的错误还是我做错了什么?
在您的第二个内联路由定义中,您指定了 gateway_id。
Gateway_id 用于 internet 访问。您想要使用的是 vpc_peering_connection_id
vpc_peering_connection_id = "${aws_vpc_peering_connection.usw2-1-usw2-3.id}"
官方 terraform 文档提到混合使用 gateway_id 和 nat_gateway_id 时您可能会陷入无限更新,我不会感到惊讶,当您混合使用 gateway_id 时也是如此和 vpc_peering_connection:
NOTE on gateway_id and nat_gateway_id: The AWS API is very forgiving with these two attributes and the aws_route_table resource can be created with a NAT ID specified as a Gateway ID attribute. This will lead to a permanent diff between your configuration and statefile, as the API returns the correct parameters in the returned route table. If you're experiencing constant diffs in your aws_route_table resources, the first thing to check is whether or not you're specifying a NAT ID instead of a Gateway ID, or vice-versa.
来源:https://www.terraform.io/docs/providers/aws/r/route_table.html