Terraform aws 安全组 revoke_rule_on_delete?
[英]Terraform aws security group revoke_rule_on_delete?
问题描述
I am getting
我正进入(状态
~ update in-place
Terraform will perform the following actions:
~ aws_security_group.mayanks-sg revoke_rules_on_delete: "" => "false"
while running terraform plan and I have no idea what it means and why it is coming searched it on google but no luck.在运行 terraform 计划时,我不知道这意味着什么以及为什么它会在谷歌上搜索它但没有运气。
tf file :- .tf 文件:-
resource "aws_security_group" "mayanks-sg" {
name = "mayanks-sg"
description = "for test purpose"
vpc_id = ""
}
resource "aws_security_group_rule" "mayanks-sg" {
type = "ingress"
security_group_id = "sg-xxxxxxxxx"
from_port = 12345
to_port = 12345
protocol = "tcp"
cidr_blocks = ["x.x.x.x"]
}
resource "aws_security_group_rule" "mayanks-sg-1" {
type = "ingress"
security_group_id = "sg-xxxxxxxxx"
from_port = 54321
to_port = 54321
protocol = "tcp"
cidr_blocks = ["x.x.x.x"]
}
tfstate :- tfstate :-
{
"version": 3,
"terraform_version": "0.11.7",
"serial": 1,
"lineage": "x-x-x-x-x",
"modules": [
{
"path": [
"root"
],
"outputs": {},
"resources": {
"aws_security_group.mayanks-sg": {
"type": "aws_security_group",
"depends_on": [],
"primary": {
"id": "sg-xxxxxxxxx",
"attributes": {
"arn": "arn:aws:ec2:x:x:security-group/sg-xxxxxxxxx",
"description": "for test purpose",
"egress.#": "0",
"id": "sg-xxxxxxxxx",
"ingress.#": "2",
"ingress.1364877358.cidr_blocks.#": "1",
"ingress.1364877358.cidr_blocks.0": "x.x.x.x",
"ingress.1364877358.description": "",
"ingress.1364877358.from_port": "12345",
"ingress.1364877358.ipv6_cidr_blocks.#": "0",
"ingress.1364877358.protocol": "tcp",
"ingress.1364877358.security_groups.#": "0",
"ingress.1364877358.self": "false",
"ingress.1364877358.to_port": "12345",
"ingress.2197545509.cidr_blocks.#": "1",
"ingress.2197545509.cidr_blocks.0": "x.x.x.x",
"ingress.2197545509.description": "",
"ingress.2197545509.from_port": "54321",
"ingress.2197545509.ipv6_cidr_blocks.#": "0",
"ingress.2197545509.protocol": "tcp",
"ingress.2197545509.security_groups.#": "0",
"ingress.2197545509.self": "false",
"ingress.2197545509.to_port": "54321",
"name": "mayanks-sg",
"owner_id": "xxxxxxx",
"tags.%": "0",
"vpc_id": ""
},
"meta": {
"x-x-x-x-x-x": {
"create": 600000000000,
"delete": 600000000000
},
"schema_version": "1"
},
"tainted": false
},
"deposed": [],
"provider": "provider.aws"
},
"aws_security_group_rule.mayanks-sg": {
"type": "aws_security_group_rule",
"depends_on": [],
"primary": {
"id": "sgrule-xxxxxx",
"attributes": {
"cidr_blocks.#": "1",
"cidr_blocks.0": "x.x.x.x",
"description": "",
"from_port": "12345",
"id": "sgrule-xxxxxx",
"ipv6_cidr_blocks.#": "0",
"prefix_list_ids.#": "0",
"protocol": "tcp",
"security_group_id": "sg-xxxxxxxxxx",
"self": "false",
"to_port": "12345",
"type": "ingress"
},
"meta": {
"schema_version": "2"
},
"tainted": false
},
"deposed": [],
"provider": "provider.aws"
},
"aws_security_group_rule.mayanks-sg-1": {
"type": "aws_security_group_rule",
"depends_on": [],
"primary": {
"id": "sgrule-xxxxxx",
"attributes": {
"cidr_blocks.#": "1",
"cidr_blocks.0": "x.x.x.x",
"description": "",
"from_port": "54321",
"id": "sgrule-xxxxx",
"ipv6_cidr_blocks.#": "0",
"prefix_list_ids.#": "0",
"protocol": "tcp",
"security_group_id": "sg-xxxxxxxxxxx",
"self": "false",
"to_port": "54321",
"type": "ingress"
},
"meta": {
"schema_version": "2"
},
"tainted": false
},
"deposed": [],
"provider": "provider.aws"
}
},
"depends_on": []
}
]
}
I want to remove this error from in the by adding something in the configuration file and also whats the meaning of this parameter.我想通过在配置文件中添加一些内容以及这个参数的含义来消除这个错误。 Thanks in advance提前致谢
2 个解决方案
解决方案1
1 2018-09-25 19:08:05
This is not an error message.这不是错误消息。 If you want to remove it, apply your template.如果要删除它,请apply您的模板。 It's stating that if you ran the template it would update the parameter for that security group.它指出,如果您运行模板,它将更新该安全组的参数。 revoke_rules_on_delete is currently set to blank. revoke_rules_on_delete当前设置为空白。 Terraform defaults it to false . Terraform 将其默认为false 。
revoke_rules_on_delete - (Optional) Instruct Terraform to revoke all of the Security Groups attached ingress and egress rules before deleting the rule itself.
Bottom line, if you want this to be true set it in your aws_security_group resource and apply your playbook.最重要的是,如果您希望这是真的,请将其设置在您的aws_security_group资源中并应用您的剧本。 If you want it to be false, apply your playbook.如果您希望它是假的,请应用您的剧本。
https://www.terraform.io/docs/providers/aws/r/security_group.html https://www.terraform.io/docs/providers/aws/r/security_group.html
解决方案2
0 2020-06-08 17:42:48
For anyone faced to this issue and wondering how to fix it.对于任何面临这个问题并想知道如何解决它的人。
Following the three steps, you can perform the terraform apply with minimal risk.按照这三个步骤,您可以以最小的风险执行terraform apply 。
- You can create a restricted AWS User with S3 full access and VPC read only permission.您可以创建具有 S3 完全访问权限和 VPC 只读权限的受限 AWS 用户。
- Make sure you use the restricted AWS User to perform
terraform apply确保您使用受限 AWS 用户执行terraform apply - Done完毕
By doing so, you can see the terraform fix the state file and you don't have to worry about the terraform will modify any unexpected resource.通过这样做,您可以看到 terraform 修复状态文件,您不必担心 terraform 会修改任何意外的资源。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.