[英]Unable to align imported S3 bucket terraform configuration
I have imported an existing S3 bucket to my terraform
state.我已将现有的 S3 存储桶导入到我的
terraform
状态。
I am now trying to reverse engineer its configuration and pass it to the .tf
file.我现在正在尝试对其配置进行逆向工程并将其传递给
.tf
文件。
Here is my file这是我的文件
resource "aws_s3_bucket" "my-bucket" {
provider = "aws.eu_west_1"
bucket = "my-bucket"
grant {
type = "Group"
permissions = ["READ_ACP", "WRITE"]
uri = "http://acs.amazonaws.com/groups/s3/LogDelivery"
}
grant {
id = "my-account-id"
type = "CanonicalUser"
permissions = ["FULL_CONTROL"]
}
Here is my terraform plan
output这是我的
terraform plan
输出
~ aws_s3_bucket.my-bucket
acl: "" => "private"
No matter what value I use for the acl
I always fail to align my tf
with the existing acl
configuration on the S3 bucket, eg无论我为
acl
使用什么值,我总是无法将我的tf
与 S3 存储桶上的现有acl
配置对齐,例如
resource "aws_s3_bucket" "my-bucket" {
provider = "aws.eu_west_1"
bucket = "my-bucket"
acl. = "private"
corresponding plan
output:对应的
plan
输出:
Error: aws_s3_bucket.my-bucket: "acl": conflicts with grant
Error: aws_s3_bucket.my-bucket: "grant": conflicts with acl
and another:另一个:
resource "aws_s3_bucket" "my-bucket" {
provider = "aws.eu_west_1"
bucket = "my-bucket"
acl. = ""
resource "aws_s3_bucket" "my-bucket" {
provider = "aws.eu_west_1"
bucket = "my-bucket"
acl. = ""
so if I use no value for acl, terraform
shows the acl
will change from non-set to private
所以如果我不使用 acl 的值,
terraform
显示acl
将从非设置变为private
If I use any value whatsoever, I get an error.如果我使用任何值,我会收到一个错误。
Why is that?这是为什么?
This is an observation on 0.13 but still might help:这是对 0.13 的观察,但仍可能有所帮助:
If I create a bucket using your original code (ie with no acl line), the resulting TF state file still includes a "acl": "private",
attribute for the bucket.如果我使用您的原始代码(即没有 acl 行)创建存储桶,则生成的 TF 状态文件仍包含存储桶的
"acl": "private",
属性。 If I then add an acl="private" definition in the TF code, I also get "acl": conflicts with grant
when trying to apply.如果我然后在 TF 代码中添加 acl="private" 定义,我也会得到
"acl": conflicts with grant
在尝试申请时"acl": conflicts with grant
。
But what's really odd is that if I delete the acl="private"
definition (ie revert to your original code), and also delete the "acl": "private",
attribute line from the state file, then the plan (including a refresh) shows that the bucket will be updated in place with this: + acl = "private"
.但真正奇怪的是,如果我删除
acl="private"
定义(即恢复到您的原始代码),并且还删除状态文件中的"acl": "private",
属性行,那么计划(包括refresh) 显示存储桶将使用以下内容进行更新: + acl = "private"
。 Applying this seems to work fine, but then a second apply shows that the grants have been lost and need to be reapplied.申请这似乎工作正常,但第二次申请表明赠款已丢失,需要重新申请。
So it seems to me that there's a bug in the S3 state refresh that might also affect the import, and in addition clearly removing the acl attribute from state makes it then incorrectly apply as a default overriding any grants.因此,在我看来,S3 状态刷新中存在一个错误,该错误也可能会影响导入,此外,从状态中明确删除 acl 属性会使其错误地应用为覆盖任何授权的默认值。 I think it might be worth using your code to create a new bucket, and then compare the state definitions to bring over any bits the original import missed.
我认为可能值得使用您的代码创建一个新存储桶,然后比较状态定义以获取原始导入丢失的任何位。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.