[英]Terraform aws security group revoke_rule_on_delete?
I am getting我正进入(状态
~ update in-place
~ 就地更新
Terraform will perform the following actions:
Terraform 将执行以下操作:
~ aws_security_group.mayanks-sg revoke_rules_on_delete: "" => "false"
~ aws_security_group.mayanks-sg revoke_rules_on_delete: "" => "false"
while running terraform plan and I have no idea what it means and why it is coming searched it on google but no luck.在运行 terraform 计划时,我不知道这意味着什么以及为什么它会在谷歌上搜索它但没有运气。
tf file :- .tf 文件:-
resource "aws_security_group" "mayanks-sg" {
name = "mayanks-sg"
description = "for test purpose"
vpc_id = ""
}
resource "aws_security_group_rule" "mayanks-sg" {
type = "ingress"
security_group_id = "sg-xxxxxxxxx"
from_port = 12345
to_port = 12345
protocol = "tcp"
cidr_blocks = ["x.x.x.x"]
}
resource "aws_security_group_rule" "mayanks-sg-1" {
type = "ingress"
security_group_id = "sg-xxxxxxxxx"
from_port = 54321
to_port = 54321
protocol = "tcp"
cidr_blocks = ["x.x.x.x"]
}
tfstate :- tfstate :-
{
"version": 3,
"terraform_version": "0.11.7",
"serial": 1,
"lineage": "x-x-x-x-x",
"modules": [
{
"path": [
"root"
],
"outputs": {},
"resources": {
"aws_security_group.mayanks-sg": {
"type": "aws_security_group",
"depends_on": [],
"primary": {
"id": "sg-xxxxxxxxx",
"attributes": {
"arn": "arn:aws:ec2:x:x:security-group/sg-xxxxxxxxx",
"description": "for test purpose",
"egress.#": "0",
"id": "sg-xxxxxxxxx",
"ingress.#": "2",
"ingress.1364877358.cidr_blocks.#": "1",
"ingress.1364877358.cidr_blocks.0": "x.x.x.x",
"ingress.1364877358.description": "",
"ingress.1364877358.from_port": "12345",
"ingress.1364877358.ipv6_cidr_blocks.#": "0",
"ingress.1364877358.protocol": "tcp",
"ingress.1364877358.security_groups.#": "0",
"ingress.1364877358.self": "false",
"ingress.1364877358.to_port": "12345",
"ingress.2197545509.cidr_blocks.#": "1",
"ingress.2197545509.cidr_blocks.0": "x.x.x.x",
"ingress.2197545509.description": "",
"ingress.2197545509.from_port": "54321",
"ingress.2197545509.ipv6_cidr_blocks.#": "0",
"ingress.2197545509.protocol": "tcp",
"ingress.2197545509.security_groups.#": "0",
"ingress.2197545509.self": "false",
"ingress.2197545509.to_port": "54321",
"name": "mayanks-sg",
"owner_id": "xxxxxxx",
"tags.%": "0",
"vpc_id": ""
},
"meta": {
"x-x-x-x-x-x": {
"create": 600000000000,
"delete": 600000000000
},
"schema_version": "1"
},
"tainted": false
},
"deposed": [],
"provider": "provider.aws"
},
"aws_security_group_rule.mayanks-sg": {
"type": "aws_security_group_rule",
"depends_on": [],
"primary": {
"id": "sgrule-xxxxxx",
"attributes": {
"cidr_blocks.#": "1",
"cidr_blocks.0": "x.x.x.x",
"description": "",
"from_port": "12345",
"id": "sgrule-xxxxxx",
"ipv6_cidr_blocks.#": "0",
"prefix_list_ids.#": "0",
"protocol": "tcp",
"security_group_id": "sg-xxxxxxxxxx",
"self": "false",
"to_port": "12345",
"type": "ingress"
},
"meta": {
"schema_version": "2"
},
"tainted": false
},
"deposed": [],
"provider": "provider.aws"
},
"aws_security_group_rule.mayanks-sg-1": {
"type": "aws_security_group_rule",
"depends_on": [],
"primary": {
"id": "sgrule-xxxxxx",
"attributes": {
"cidr_blocks.#": "1",
"cidr_blocks.0": "x.x.x.x",
"description": "",
"from_port": "54321",
"id": "sgrule-xxxxx",
"ipv6_cidr_blocks.#": "0",
"prefix_list_ids.#": "0",
"protocol": "tcp",
"security_group_id": "sg-xxxxxxxxxxx",
"self": "false",
"to_port": "54321",
"type": "ingress"
},
"meta": {
"schema_version": "2"
},
"tainted": false
},
"deposed": [],
"provider": "provider.aws"
}
},
"depends_on": []
}
]
}
I want to remove this error from in the by adding something in the configuration file and also whats the meaning of this parameter.我想通过在配置文件中添加一些内容以及这个参数的含义来消除这个错误。 Thanks in advance
提前致谢
This is not an error message.这不是错误消息。 If you want to remove it,
apply
your template.如果要删除它,请
apply
您的模板。 It's stating that if you ran the template it would update the parameter for that security group.它指出,如果您运行模板,它将更新该安全组的参数。
revoke_rules_on_delete
is currently set to blank. revoke_rules_on_delete
当前设置为空白。 Terraform defaults it to false
. Terraform 将其默认为
false
。
revoke_rules_on_delete - (Optional) Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself.
revoke_rules_on_delete -(可选)指示 Terraform 在删除规则本身之前撤销所有附加的安全组入口和出口规则。 This is normally not needed, however certain AWS services such as Elastic Map Reduce may automatically add required rules to security groups used with the service, and those rules may contain a cyclic dependency that prevent the security groups from being destroyed without removing the dependency first.
这通常不是必需的,但是某些 AWS 服务(例如 Elastic Map Reduce)可能会自动向与服务一起使用的安全组添加所需的规则,并且这些规则可能包含循环依赖项,以防止安全组在未先删除依赖项的情况下被破坏。 Default false
默认假
Bottom line, if you want this to be true set it in your aws_security_group
resource and apply your playbook.最重要的是,如果您希望这是真的,请将其设置在您的
aws_security_group
资源中并应用您的剧本。 If you want it to be false, apply your playbook.如果您希望它是假的,请应用您的剧本。
https://www.terraform.io/docs/providers/aws/r/security_group.html https://www.terraform.io/docs/providers/aws/r/security_group.html
For anyone faced to this issue and wondering how to fix it.对于任何面临这个问题并想知道如何解决它的人。
Following the three steps, you can perform the terraform apply
with minimal risk.按照这三个步骤,您可以以最小的风险执行
terraform apply
。
terraform apply
terraform apply
By doing so, you can see the terraform fix the state file and you don't have to worry about the terraform will modify any unexpected resource.通过这样做,您可以看到 terraform 修复状态文件,您不必担心 terraform 会修改任何意外的资源。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.