当我使用vpc_security_group_ids属性将安全组附加到Terraform中的EC2实例时,相同configuration的后续运行总是会导致对环境的更改。
一些可能相关的细节:
terraform config的片段:
data "aws_vpc" "default" { default = true } data "aws_subnet" "default" { vpc_id = "${data.aws_vpc.default.id}" availability_zone = "eu-west-2a" default_for_az = true } resource "aws_security_group" "bastion-test" { name = "bastion-test" ... } resource "aws_instance" "bastion" { subnet_id = "${data.aws_subnet.default.id}" vpc_security_group_ids = ["${aws_security_group.bastion-test.id}"] ... }
第一轮terraform plan输出:
$ terraform apply ... aws_security_group.bastion-test: Creating... ... name: "" => "bastion-test" ... aws_security_group.bastion-test: Creation complete after 4s (ID: sg-8fXXXXe7) aws_instance.bastion: Creating... ... source_dest_check: "" => "true" subnet_id: "" => "subnet-XXXXX" ... vpc_security_group_ids.#: "" => "1" vpc_security_group_ids.2237593593: "" => "sg-8fXXXXe7" ... aws_instance.bastion: Creation complete after 27s (ID: i-08XXXXXXXXXXXX49) ... Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
好吧,那么好。 现在我立即执行terraform plan :
$ terraform plan ... aws_security_group.bastion-test: Refreshing state... (ID: sg-8fXXXXe7) ... aws_instance.bastion: Refreshing state... (ID: i-08XXXXXXXXXXXX49) ... Terraform will perform the following actions: ~ aws_instance.bastion vpc_security_group_ids.#: "0" => "1" vpc_security_group_ids.2237593593: "" => "sg-8fXXXXe7" Plan: 0 to add, 1 to change, 0 to destroy.
版本:
$ terraform --version Terraform v0.10.7 $ ls .terraform/plugins/darwin_amd64/ lock.json terraform-provider-aws_v1.0.0_x4
谢谢阅读
詹姆士