stackoom
  简体   繁体   中英

How to block Terraform from deleting an imported resource?

 原文  2019-10-04 16:43:42       amazon-web-services/ amazon-ec2/ terraform/ amazon-vpc

Question

I'm brand new to Terraform so I'm sure i'm missing something, but the answers i'm finding don't seem to be asking the same question I have.

I have an AWS VPC/Security Group that we need our EC2 instances to be created under and this VPC/SG is already created. To create an EC2 instance, Terraform requires that if I don't have a default VPC, I must import my own. But once I import and apply my plan, when I wish to destroy it, its trying to destroy my VPC as well. How do I encapsulate my resources so when I run "terraform apply", I can create an EC2 instance with my imported VPC, but when I run "terraform destroy" I only destroy my EC2 instance?

In case anyone wants to mention, I understand that:

lifecycle = {
    prevent_destroy = true
}

is not what I'm looking for.

Here is my current practice code.

resource "aws_vpc" "my_vpc" {
  cidr_block = "xx.xx.xx.xx/24"
}

provider "aws" {
  region = "us-west-2"
}


data "aws_ami" "ubuntu" {
  most_recent = true

  filter {
    name   = "name"
    values = ["ubuntu/images/hvm-ssd/ubuntu-bionic-18.04-amd64-server-*"]
  }

  owners = ["099720109477"] # Canonical
}


resource "aws_instance" "web" {

  ami           = "${data.aws_ami.ubuntu.id}"
  instance_type = "t3.nano"

  vpc_security_group_ids = ["sg-0e27d851dxxxxxxxxxx"]
  subnet_id              = "subnet-0755c2exxxxxxxx"

  tags = {
    Name = "HelloWorld"
  }
}

2 answers

solution1
 0 ACCPTED  2019-10-04 17:55:26

Terraform should not require you to deploy or import a VPC in order to deploy an EC2 instance into it. You should be able to reference the VPC, subnets and security groups by id so TF is aware of your existing network infrastructure just like you've already done for SGs and subnets. All you should need to deploy the EC2 instance "aws_instance" is give it an existing subnet id in the existing VPC like you already did. Why do you say deploying or importing a VPC is required by Terraform? What error or issue do you have deploying without the VPC and just using the existing one?

You can protect the VPC through AWS if you really wanted to, but I don't think you really want to import the VPC into your Terraform state and let Terraform manage it here. Sounds like you want the VPC to service other resources, maybe applications manually deployed or through other TF stacks, and the VPC to live independent of anyone application deployment.

solution2
 0  2020-08-12 08:08:09

To answer the original question, you can use a data source and match your VPC by id or tag name:

data "aws_vpc" "main" {
  tags = {
    Name = "main_vpc"
  }
}

Or

data "aws_vpc" "main" {
  id = "vpc-nnnnnnnn"
}

Then refer to it with: data.aws_vpc.main

Also, if you already included your VPC but would like not to destroy it while remove it from your state, you can manage to do it with the terraform state command: https://www.terraform.io/docs/commands/state/index.html

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Terraform: How to create multiple aws subnets from one resource block? How to move from Terraform aws_network_interface with attachment block to aws_network_interface_attachment resource How to call Config block multiple times in terraform cloud search resource Dependency Violation when changing/deleting a resource in terraform For_each loop in resource block terraform AWS Terraform - using dynamic block on resource How to move terraform resource in terraform apply Terraform: How to supply attributes of resources which where created using one resource block? Terraform: How to pass output from one resource to another? How to conditionally update a resource in Terraform
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM