当破坏基础设施时,遵循Terraform脚本总是返回以下错误。注意,安全组";GC-SG-VPC1";正在安全组"中的入口规则中使用;默认";。在销毁过程中,Terraform试图删除";GC-SG-VPC1";并且在多次重试后失败。
任何绕过这一问题的建议都将不胜感激。
aws_security_group:DependencyViolation:资源sg XXX有一个依赖对象
# Security Group GC-SG-VPC1
resource "aws_security_group" "GC-SG-VPC1" {
name = "GC-SG-VPC1"
vpc_id = aws_vpc.vpc1.id
tags = {
Name = "GCTF-SG-VPC1"
}
#SSH and all PING
ingress {
description = "Allow SSH"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "Allow all PING"
from_port = -1
to_port = -1
protocol = "icmp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "Allow iPERF3"
from_port = 5201
to_port = 5201
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
# Security Group default
resource "aws_default_security_group" "default" {
vpc_id = aws_vpc.vpc1.id
ingress {
description = "Default SG for VPC1"
from_port = 0
to_port = 0
protocol = "-1"
self = true
}
ingress {
description = "Include EC2 SG in VPC1 default SG"
from_port = 0
to_port = 0
protocol = "-1"
security_groups = [aws_security_group.GC-SG-VPC1.id]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "Default VPC1-SG"
}
}
您不应该使用aws_default_security_group,因为在大多数情况下这是不需要的,并且被视为高级功能。默认SG不能删除,TF也不能删除它的规则,如文档中所述:
所有入口或出口规则将保持删除时的原样。
由于您将GC-SG-VPC1与aws_default_security_group绑定,您必须转到AWS控制台并手动删除此关系,因为TF不会这样做。
然后,只使用常规的aws_security_group来代替aws_default_security_group。