Terraform aws 安全组 revoke_rule_on_delete?
[英]Terraform aws security group revoke_rule_on_delete?
问题描述
我正进入(状态
~ 就地更新
Terraform 将执行以下操作:
~ aws_security_group.mayanks-sg revoke_rules_on_delete: "" => "false"
在运行 terraform 计划时,我不知道这意味着什么以及为什么它会在谷歌上搜索它但没有运气。
.tf 文件:-
resource "aws_security_group" "mayanks-sg" {
name = "mayanks-sg"
description = "for test purpose"
vpc_id = ""
}
resource "aws_security_group_rule" "mayanks-sg" {
type = "ingress"
security_group_id = "sg-xxxxxxxxx"
from_port = 12345
to_port = 12345
protocol = "tcp"
cidr_blocks = ["x.x.x.x"]
}
resource "aws_security_group_rule" "mayanks-sg-1" {
type = "ingress"
security_group_id = "sg-xxxxxxxxx"
from_port = 54321
to_port = 54321
protocol = "tcp"
cidr_blocks = ["x.x.x.x"]
}
tfstate :-
{
"version": 3,
"terraform_version": "0.11.7",
"serial": 1,
"lineage": "x-x-x-x-x",
"modules": [
{
"path": [
"root"
],
"outputs": {},
"resources": {
"aws_security_group.mayanks-sg": {
"type": "aws_security_group",
"depends_on": [],
"primary": {
"id": "sg-xxxxxxxxx",
"attributes": {
"arn": "arn:aws:ec2:x:x:security-group/sg-xxxxxxxxx",
"description": "for test purpose",
"egress.#": "0",
"id": "sg-xxxxxxxxx",
"ingress.#": "2",
"ingress.1364877358.cidr_blocks.#": "1",
"ingress.1364877358.cidr_blocks.0": "x.x.x.x",
"ingress.1364877358.description": "",
"ingress.1364877358.from_port": "12345",
"ingress.1364877358.ipv6_cidr_blocks.#": "0",
"ingress.1364877358.protocol": "tcp",
"ingress.1364877358.security_groups.#": "0",
"ingress.1364877358.self": "false",
"ingress.1364877358.to_port": "12345",
"ingress.2197545509.cidr_blocks.#": "1",
"ingress.2197545509.cidr_blocks.0": "x.x.x.x",
"ingress.2197545509.description": "",
"ingress.2197545509.from_port": "54321",
"ingress.2197545509.ipv6_cidr_blocks.#": "0",
"ingress.2197545509.protocol": "tcp",
"ingress.2197545509.security_groups.#": "0",
"ingress.2197545509.self": "false",
"ingress.2197545509.to_port": "54321",
"name": "mayanks-sg",
"owner_id": "xxxxxxx",
"tags.%": "0",
"vpc_id": ""
},
"meta": {
"x-x-x-x-x-x": {
"create": 600000000000,
"delete": 600000000000
},
"schema_version": "1"
},
"tainted": false
},
"deposed": [],
"provider": "provider.aws"
},
"aws_security_group_rule.mayanks-sg": {
"type": "aws_security_group_rule",
"depends_on": [],
"primary": {
"id": "sgrule-xxxxxx",
"attributes": {
"cidr_blocks.#": "1",
"cidr_blocks.0": "x.x.x.x",
"description": "",
"from_port": "12345",
"id": "sgrule-xxxxxx",
"ipv6_cidr_blocks.#": "0",
"prefix_list_ids.#": "0",
"protocol": "tcp",
"security_group_id": "sg-xxxxxxxxxx",
"self": "false",
"to_port": "12345",
"type": "ingress"
},
"meta": {
"schema_version": "2"
},
"tainted": false
},
"deposed": [],
"provider": "provider.aws"
},
"aws_security_group_rule.mayanks-sg-1": {
"type": "aws_security_group_rule",
"depends_on": [],
"primary": {
"id": "sgrule-xxxxxx",
"attributes": {
"cidr_blocks.#": "1",
"cidr_blocks.0": "x.x.x.x",
"description": "",
"from_port": "54321",
"id": "sgrule-xxxxx",
"ipv6_cidr_blocks.#": "0",
"prefix_list_ids.#": "0",
"protocol": "tcp",
"security_group_id": "sg-xxxxxxxxxxx",
"self": "false",
"to_port": "54321",
"type": "ingress"
},
"meta": {
"schema_version": "2"
},
"tainted": false
},
"deposed": [],
"provider": "provider.aws"
}
},
"depends_on": []
}
]
}
我想通过在配置文件中添加一些内容以及这个参数的含义来消除这个错误。 提前致谢
2 个解决方案
解决方案1
1 2018-09-25 19:08:05
这不是错误消息。 如果要删除它,请apply您的模板。 它指出,如果您运行模板,它将更新该安全组的参数。 revoke_rules_on_delete当前设置为空白。 Terraform 将其默认为false 。
revoke_rules_on_delete -(可选)指示 Terraform 在删除规则本身之前撤销所有附加的安全组入口和出口规则。 这通常不是必需的,但是某些 AWS 服务(例如 Elastic Map Reduce)可能会自动向与服务一起使用的安全组添加所需的规则,并且这些规则可能包含循环依赖项,以防止安全组在未先删除依赖项的情况下被破坏。 默认假
最重要的是,如果您希望这是真的,请将其设置在您的aws_security_group资源中并应用您的剧本。 如果您希望它是假的,请应用您的剧本。
https://www.terraform.io/docs/providers/aws/r/security_group.html
解决方案2
0 2020-06-08 17:42:48
对于任何面临这个问题并想知道如何解决它的人。
按照这三个步骤,您可以以最小的风险执行terraform apply 。
- 您可以创建具有 S3 完全访问权限和 VPC 只读权限的受限 AWS 用户。
- 确保您使用受限 AWS 用户执行
terraform apply - 完毕
通过这样做,您可以看到 terraform 修复状态文件,您不必担心 terraform 会修改任何意外的资源。
带有 Terraform 的 AWS - 安全组规则中的安全组参数
[英]AWS with Terraform - security groups argument inside a security group rule
有条件地使用 terraform 中的计数创建 aws_security_group_rule
[英]Conditionally create aws_security_group_rule with count in terraform
如何使用 append 或删除安全组的入口/出口规则 Terraform?
[英]How to append or delete the ingress/egress rule for a security group using Terraform?
使用 Terraform (AWS) 将安全组添加到另一个安全组的入站规则作为源
[英]Add a Security Group to the Inbound Rule of another Security Group as a Source with Terraform (AWS)
如何使用 terraform 创建允许来自任何地方的 RDP 端口的 aws 安全组规则?
[英]How to create an aws security group rule allowing RDP ports from anywhere using terraform?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
AWS 和 Terraform - 安全组中的默认出口规则
通过 boto3 中的撤销删除 Aws 安全组规则
带有 Terraform 的 AWS - 安全组规则中的安全组参数
有条件地使用 terraform 中的计数创建 aws_security_group_rule
如何使用 append 或删除安全组的入口/出口规则 Terraform?
使用 Terraform (AWS) 将安全组添加到另一个安全组的入站规则作为源
撤销所有 AWS 安全组入口规则
将 csvdecode 放入安全组规则 terraform
如何使用 terraform 创建允许来自任何地方的 RDP 端口的 aws 安全组规则?
获取 AWS 安全组 ID Terraform 模块
相关标签