Terraform 在每次申请时销毁我的实例
Terraform destroy my instances every apply
我有一个 terraform 项目,每次我应用它都会破坏我的实例(如果存在)然后创建一个新实例(即使没有任何更改)
我的地形代码:
resource "aws_instance" "first_instance" {
ami = var.ami
instance_type = var.ec2_type
subnet_id = var.subnets[0]
security_groups = [var.Web_app_sg_id]
key_name = var.keyname
tags = {
Name = var.tag_name
}
}
terraform 计划输出(terraform 所说的需要替换)
# module.instances.aws_instance.first_instance must be replaced
-/+ resource "aws_instance" "first_instance" {
~ arn = "arn:aws:ec2:us-east-1:215364375712:instance/i-0891d9f95637fe077" -> (known after apply)
- disable_api_termination = false -> null
- ebs_optimized = false -> null
- hibernation = false -> null
+ host_id = (known after apply)
~ id = "i-0891d9f95637fe077" -> (known after apply)
- monitoring = false -> null
+ outpost_arn = (known after apply)
+ password_data = (known after apply)
+ placement_group = (known after apply)
+ public_dns = (known after apply)
~ security_groups = [ # forces replacement
+ "sg-04e4675374e29481d",
]
tags = {
"Name" = "prod"
}
- credit_specification {
- cpu_credits = "standard" -> null
}
+ ebs_block_device {
+ delete_on_termination = (known after apply)
+ device_name = (known after apply)
+ encrypted = (known after apply)
+ iops = (known after apply)
+ kms_key_id = (known after apply)
+ snapshot_id = (known after apply)
+ tags = (known after apply)
+ throughput = (known after apply)
+ volume_id = (known after apply)
+ volume_size = (known after apply)
+ volume_type = (known after apply)
}
+ ephemeral_block_device {
+ device_name = (known after apply)
+ no_device = (known after apply)
+ virtual_name = (known after apply)
}
+ network_interface {
+ delete_on_termination = (known after apply)
+ device_index = (known after apply)
+ network_interface_id = (known after apply)
}
}
为什么会这样?我没有更改任何值
我通过将 ignore_changes 块添加到 aws_instance 资源来解决这个问题:
lifecycle {
ignore_changes = [
disable_api_termination,ebs_optimized,hibernation,security_groups,
credit_specification,network_interface,ephemeral_block_device]
}
您提供的安全组 ID 是 VPC 安全 ID 而不是 EC2 Classic 安全 ID,因此您需要将其分配给 vpc_security_group_ids 而不是 security_groups 才能获得正确行为:
vpc_security_group_ids = [var.Web_app_sg_id]
基础 EC2 API 的一个怪癖是它认为这两个参数在某种程度上是等价的,因此当您在经典参数中提交 VPC 样式 ID 时,API 会接受它但是当 AWS 提供商稍后读回它时,它最终出现在 vpc_security_group_ids 参数中,提供商随后将其误解为“漂移”。
因此,通过使配置与 API 解释设置的方式相匹配,填充正确的参数可以避免该问题,从而避免被误解为漂移。
我有一个 terraform 项目,每次我应用它都会破坏我的实例(如果存在)然后创建一个新实例(即使没有任何更改)
我的地形代码:
resource "aws_instance" "first_instance" {
ami = var.ami
instance_type = var.ec2_type
subnet_id = var.subnets[0]
security_groups = [var.Web_app_sg_id]
key_name = var.keyname
tags = {
Name = var.tag_name
}
}
terraform 计划输出(terraform 所说的需要替换)
# module.instances.aws_instance.first_instance must be replaced
-/+ resource "aws_instance" "first_instance" {
~ arn = "arn:aws:ec2:us-east-1:215364375712:instance/i-0891d9f95637fe077" -> (known after apply)
- disable_api_termination = false -> null
- ebs_optimized = false -> null
- hibernation = false -> null
+ host_id = (known after apply)
~ id = "i-0891d9f95637fe077" -> (known after apply)
- monitoring = false -> null
+ outpost_arn = (known after apply)
+ password_data = (known after apply)
+ placement_group = (known after apply)
+ public_dns = (known after apply)
~ security_groups = [ # forces replacement
+ "sg-04e4675374e29481d",
]
tags = {
"Name" = "prod"
}
- credit_specification {
- cpu_credits = "standard" -> null
}
+ ebs_block_device {
+ delete_on_termination = (known after apply)
+ device_name = (known after apply)
+ encrypted = (known after apply)
+ iops = (known after apply)
+ kms_key_id = (known after apply)
+ snapshot_id = (known after apply)
+ tags = (known after apply)
+ throughput = (known after apply)
+ volume_id = (known after apply)
+ volume_size = (known after apply)
+ volume_type = (known after apply)
}
+ ephemeral_block_device {
+ device_name = (known after apply)
+ no_device = (known after apply)
+ virtual_name = (known after apply)
}
+ network_interface {
+ delete_on_termination = (known after apply)
+ device_index = (known after apply)
+ network_interface_id = (known after apply)
}
}
为什么会这样?我没有更改任何值
我通过将 ignore_changes 块添加到 aws_instance 资源来解决这个问题:
lifecycle {
ignore_changes = [
disable_api_termination,ebs_optimized,hibernation,security_groups,
credit_specification,network_interface,ephemeral_block_device]
}
您提供的安全组 ID 是 VPC 安全 ID 而不是 EC2 Classic 安全 ID,因此您需要将其分配给 vpc_security_group_ids 而不是 security_groups 才能获得正确行为:
vpc_security_group_ids = [var.Web_app_sg_id]
基础 EC2 API 的一个怪癖是它认为这两个参数在某种程度上是等价的,因此当您在经典参数中提交 VPC 样式 ID 时,API 会接受它但是当 AWS 提供商稍后读回它时,它最终出现在 vpc_security_group_ids 参数中,提供商随后将其误解为“漂移”。
因此,通过使配置与 API 解释设置的方式相匹配,填充正确的参数可以避免该问题,从而避免被误解为漂移。