基础设施是用Terraform源代码构建到AWS中的。状态文件不见了,现在我正试图将现有的基础设施导入Terraform,重建状态并与源代码同步。
我运行地形导入的任何资源,导入过程都没有错误。但当我运行地形计划时(没有做任何修改,只是在导入之后(,地形显示需要修改甚至破坏资源。我使用了地形刷新,检查了所有的ID和资源名称/ARN,但结果相同。
例如,我有一个安全组,其ID为sg-12345678910111213。此资源需要导入,因此我使用了以下命令:
terraform import -var-file=secrets.tfvars aws_security_group.sg-rds sg-12345678910111213
aws_security_group.sg-rds: Importing from ID "sg-12345678910111213"...
aws_security_group.sg-rds: Import prepared!
Prepared aws_security_group for import
aws_security_group.sg-rds: Refreshing state... [id=sg-12345678910111213]
Import successful!
The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.
当我运行terraform plan-var file=secrets.tfvars时,我会得到以下输出:
# aws_security_group.sg-rds will be updated in-place
~ resource "aws_security_group" "sg-rds" {
id = "sg-12345678910111213"
~ ingress = [
- {
- cidr_blocks = [
- "10.123.0.40/32",
]
- description = ""
- from_port = 3306
- ipv6_cidr_blocks = []
- prefix_list_ids = []
- protocol = "tcp"
- security_groups = [
- "sg-12345678910111213",
]
- self = false
- to_port = 3306
},
+ {
+ cidr_blocks = [
+ "10.123.0.40/32",
]
+ description = ""
+ from_port = 3306
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = []
+ self = false
+ to_port = 3306
},
+ {
+ cidr_blocks = []
+ description = ""
+ from_port = 3306
+ ipv6_cidr_blocks = []
+ prefix_list_ids = []
+ protocol = "tcp"
+ security_groups = [
+ "sg-12345678910111213",
]
+ self = false
+ to_port = 3306
},
]
name = "SG_RDS"
+ revoke_rules_on_delete = false
tags = {
"Name" = "SG_RDS"
}
# (5 unchanged attributes hidden)
# (1 unchanged block hidden)
}
这是我的安全组资源源代码:
resource "aws_security_group" "sg-rds" {
name = "SG_RDS"
description = "Allows incoming database connections"
ingress {
from_port = 3306
to_port = 3306
protocol = "tcp"
security_groups = [aws_security_group.sg-ec2.id]
}
ingress {
from_port = 3306
to_port = 3306
protocol = "tcp"
cidr_blocks = ["10.123.0.40/32"]
}
tags = {
Name = "SG_RDS"
}
}
现有SG:中的规则
AWS控制面板中的规则
源代码没有改变为在配置中有漂移(diff显然显示了这一点(,我导入的所有资源都会发生这种情况。
我不能破坏/更改任何资源而不对项目产生负面影响。
这是我目前的地形版本和提供商:
Terraform v0.14.5
- 提供者registry.terraform.io/hasicorp/aws v3.26.0
- provider registry.terraform.io/hashicorp/arandom v3.0.1
- provider registry.terraform.io/hasicorp/tls v3.0.0
我也遇到了同样的问题,对我来说,解决方案是用"地形状态rm资源名称,例如azure id;。
在那之后,我在TF配置中将资源的名称更改为resource_name.example2;地形导入资源名称例如2 azure id";。
然后我重复了同样的操作;resource_name.example2";将我的TF配置改回";resource_name.example"并运行";地形导入资源名称例如azure id";,它成功了!我认为这是一个错误,因为我没有更改任何资源配置。我只是删除了它,并将它再次导入到该州。