这里有一个区域:
resource "aws_route53_zone" "example_com" {
name = "example.com"
}
一个已经存在的TXT记录:
resource "aws_route53_record" "example_com_txt" {
zone_id = aws_route53_zone.example_com.zone_id
name = "example.com"
type = "TXT"
ttl = "300"
records = [
"v=spf1 foo ~all",
"google-site-verification=zzzz",
"google-site-verification=bbbb",
"other-things",
"MS=ms12345",
"apple-domain-verification=abcd12345"
]
}
尝试添加TXT记录:
resource "aws_route53_record" "easydmarc_txt" {
zone_id = aws_route53_zone.example_com.zone_id
name. = "_dmarc.example.com"
type = "TXT"
ttl = "300"
records = ["v=DMARC1; p=quarantine; rua=mailto:somename@somedomain.us, mailto:dmarc-reports@example.com; ruf=mailto:somename@ruf.somedomain.us; fo=1"]
}
当我尝试运行terraform plan -target module.route53.aws_route53_record.easydmarc_txt时,它似乎试图修改现有的TXT记录:
# module.route53.aws_route53_record.easydmarc_txt must be replaced
-/+ resource "aws_route53_record" "easydmarc_txt" {
+ allow_overwrite = (known after apply)
~ fqdn = "example.com" -> (known after apply)
~ id = "Z0N3ID_example.com_TXT" -> (known after apply)
~ name = "example.com" -> "_dmarc" # forces replacement
~ records = [
- "MS=MS=ms12345",
- "apple-domain-verification=abcd12345",
- "google-site-verification=zzzz",
- "google-site-verification=bbbb",
- "other-things",
+ ""v=DMARC1; p=quarantine; rua=mailto:somename.somedomain.us, mailto:dmarc-reports@example.com; ruf=mailto:somename@ruf.somedomain.us; fo=1",
- "v=spf1 foo ~all",
]
# (3 unchanged attributes hidden)
}
我不明白为什么它要修改现有的记录。
我添加的TXT记录是Route53中已经存在的记录。我terraform import命令是错误的,导致起程拓殖修改example.com记录。
改变:
terraform import module.route53.aws_route53_record.easydmarc_txt Z0N3ID_example.com_TXT
:
terraform import module.route53.aws_route53_record.easydmarc_txt Z0N3ID__dmarc.example.com_TXT
地形计划现在按预期工作。