我在ELB堆栈中创建了一个cloudwatch警报,如下所示:
module "elb_sg" {
source = "git@github.com:terraform-aws-modules/terraform-aws-security-group.git"
name = "${local.name}-elb-sg"
description = "Allow internet inbound traffic"
vpc_id = "${data.terraform_remote_state.vpc.vpc_id}"
ingress_with_cidr_blocks = "${data.null_data_source.elb_sg_rules.*.inputs}"
tags = "${local.tags}"
# Open egress for all
egress_with_cidr_blocks = "${local.open_egress}"
}
# ELB
module "elb" {
source = "git@github.com:terraform-aws-modules/terraform-aws-elb.git"
name = "${local.name}"
subnets = ["${split(",",local.elb_subnets)}"]
internal = "${var.internal}"
security_groups = "${local.elb_security_group_ids}"
cross_zone_load_balancing = "${var.cross_zone_load_balancing}"
idle_timeout = "${var.idle_timeout}"
connection_draining = "${var.connection_draining}"
connection_draining_timeout = "${var.connection_draining_timeout}"
listener = ["${var.listener}"]
access_logs = ["${var.access_logs}"]
health_check = ["${var.health_check}"]
tags = "${local.tags}"
}
# Cloudwatch alarms
data "aws_elb" "classic_lb" {
count = "${module.elb.this_elb_name != "" ? 1 : 0}"
name = "${module.elb.this_elb_name}"
}
resource "aws_cloudwatch_metric_alarm" "low_healthy_host_count_alarm" {
count = "${var.create_alarm ? 1 : 0}"
# alarm_name = "${module.elb.this_elb_name}-HealthyHostCount"
alarm_name = "${data.aws_elb.classic_lb.name}-HealthyHostCount"
dimensions {
# LoadBalancerName = "${module.elb.this_elb_name}"
LoadBalancerName = "${data.aws_elb.classic_lb.name}"
}
...
}
然而,我尝试使用data source
以及像${module.elb.this_elb_name}
这样的直接模块访问来获取ELB名称,因为它存在于AWS上(而不是在我的本地,因为有时AWS会截断长名称(。但这两次,当只针对像terraform plan -target=aws_cloudwatch_metric_alarm.low_healthy_host_count_alarm
这样的警报时,我也会针对其他资源,这是我不想要的。
Terraform will perform the following actions:
+ aws_cloudwatch_metric_alarm.low_healthy_host_count_alarm
id: <computed>
actions_enabled: "true"
...
~ module.elb_sg.aws_security_group.this
...
~ module.elb.module.elb.aws_elb.this
access_logs.#: "0" => "1"
access_logs.0.bucket: "" => "test-logs"
access_logs.0.enabled: "" => "true"
access_logs.0.interval: "" => "60"
...
Plan: 1 to add, 2 to change, 0 to destroy.
当我在cloudwatch警报中为elb-in维度和alarm_name使用硬编码名称或local.name
时,问题就消失了。
有人能解释到底是什么导致了这种行为吗?谢谢
根据这个官方文档,当我们指定模块路径时,"目标"适用于指定模块中的所有资源以及指定模块的所有派生模块。
这就是为什么当为elb使用硬编码值时,我们不会将依赖项作为目标。
但我们使用的是模块路径,文档中也提到,"如果指定的模块路径没有资源规范,则地址适用于模块中的每个资源。">