stackoom
  简体   繁体   中英

How to sync lifecycle_rule of s3 bucket actual configuration with terraform script

 原文  2021-01-13 18:26:59       amazon-web-services/ amazon-s3/ terraform

Question

The rule was set up manually in AWS console. I wanted to sync it in my terraform script.

I have the following defined in terraform script:

resource "aws_s3_bucket" "bucketname" {
  bucket = "${local.bucket_name}"
  acl = "private"
  force_destroy = "false"
  acceleration_status = "Enabled"

  lifecycle_rule {
    enabled = true,
    transition {
      days = 30
      storage_class = "INTELLIGENT_TIERING"
    }
  }

  lifecycle_rule {
    enabled = true,
    expiration {
      days = 30
    }
  }

}

However this always gives me the following output when applying it:

 lifecycle_rule.0.transition.1300905083.date:          "" => ""
 lifecycle_rule.0.transition.1300905083.days:          "" => "30"
 lifecycle_rule.0.transition.1300905083.storage_class: "" => "INTELLIGENT_TIERING"
 lifecycle_rule.0.transition.3021102259.date:          "" => ""
 lifecycle_rule.0.transition.3021102259.days:          "0" => "0"
 lifecycle_rule.0.transition.3021102259.storage_class: "INTELLIGENT_TIERING" => ""

I'm not sure what's the behavior, is it trying to delete the existing and recreate it?

2 answers

solution1
 1  2021-01-13 21:55:40

is it trying to delete the existing and recreate it?

Yes. If the rules have been created outside of TF, as far as TF is concerned, they don't exist. Thus TF is going to replace existing ones, as it is not aware of them. TF docs states:

It [TF] does not generate configuration.

Since your bucket does not have lifecycles in TF, TF treats them as non-existent.

When you are managing your infrastructure using any IoC tool (TF, CloudFormation, ...) its a bad practice to modify resources "manually", outside of these tools. This leads to, so called, resource drift which in turn can lead to more issues in future.

In your case, you either have to re-create the rules in TF, which means the manually ones will be replaced, or import them. However, you can't import individual attributes of a resource. Thus you would have to import the bucket.

solution2
 0  2021-01-14 16:57:17

It looks like i just made a silly mistake putting a value for the days parameter. The correct config which is same as the manual update done is:

resource "aws_s3_bucket" "bucketname" {
  bucket = "${local.bucket_name}"
  acl = "private"
  force_destroy = "false"
  acceleration_status = "Enabled"

  lifecycle_rule {
    enabled = true,
    transition {
      storage_class = "INTELLIGENT_TIERING"
    }
  }

  lifecycle_rule {
    enabled = true,
    expiration {
      days = 30
    }
  }

}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How do I apply a lifecycle rule to an EXISTING s3 bucket in Terraform? How to add lifecycle rules to an S3 bucket using terraform? How to create private S3 bucket with Terraform? How to see JSON of S3 Lifecycle rule created in console? How to ensure an S3 bucket name is not used with Terraform? How to setup terraform state on encrypted s3 bucket How to disable s3 bucket ACL using Terraform scripts? Terraform and S3 - How to upload files to an existing bucket Amazon AWS S3 Lifecycle rule exception? How can I backup or sync an Amazon S3 bucket?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM