Terraform aws 安全組 revoke_rule_on_delete?
[英]Terraform aws security group revoke_rule_on_delete?
問題描述
我正進入(狀態
~ 就地更新
Terraform 將執行以下操作:
~ aws_security_group.mayanks-sg revoke_rules_on_delete: "" => "false"
在運行 terraform 計划時,我不知道這意味着什么以及為什么它會在谷歌上搜索它但沒有運氣。
.tf 文件:-
resource "aws_security_group" "mayanks-sg" {
name = "mayanks-sg"
description = "for test purpose"
vpc_id = ""
}
resource "aws_security_group_rule" "mayanks-sg" {
type = "ingress"
security_group_id = "sg-xxxxxxxxx"
from_port = 12345
to_port = 12345
protocol = "tcp"
cidr_blocks = ["x.x.x.x"]
}
resource "aws_security_group_rule" "mayanks-sg-1" {
type = "ingress"
security_group_id = "sg-xxxxxxxxx"
from_port = 54321
to_port = 54321
protocol = "tcp"
cidr_blocks = ["x.x.x.x"]
}
tfstate :-
{
"version": 3,
"terraform_version": "0.11.7",
"serial": 1,
"lineage": "x-x-x-x-x",
"modules": [
{
"path": [
"root"
],
"outputs": {},
"resources": {
"aws_security_group.mayanks-sg": {
"type": "aws_security_group",
"depends_on": [],
"primary": {
"id": "sg-xxxxxxxxx",
"attributes": {
"arn": "arn:aws:ec2:x:x:security-group/sg-xxxxxxxxx",
"description": "for test purpose",
"egress.#": "0",
"id": "sg-xxxxxxxxx",
"ingress.#": "2",
"ingress.1364877358.cidr_blocks.#": "1",
"ingress.1364877358.cidr_blocks.0": "x.x.x.x",
"ingress.1364877358.description": "",
"ingress.1364877358.from_port": "12345",
"ingress.1364877358.ipv6_cidr_blocks.#": "0",
"ingress.1364877358.protocol": "tcp",
"ingress.1364877358.security_groups.#": "0",
"ingress.1364877358.self": "false",
"ingress.1364877358.to_port": "12345",
"ingress.2197545509.cidr_blocks.#": "1",
"ingress.2197545509.cidr_blocks.0": "x.x.x.x",
"ingress.2197545509.description": "",
"ingress.2197545509.from_port": "54321",
"ingress.2197545509.ipv6_cidr_blocks.#": "0",
"ingress.2197545509.protocol": "tcp",
"ingress.2197545509.security_groups.#": "0",
"ingress.2197545509.self": "false",
"ingress.2197545509.to_port": "54321",
"name": "mayanks-sg",
"owner_id": "xxxxxxx",
"tags.%": "0",
"vpc_id": ""
},
"meta": {
"x-x-x-x-x-x": {
"create": 600000000000,
"delete": 600000000000
},
"schema_version": "1"
},
"tainted": false
},
"deposed": [],
"provider": "provider.aws"
},
"aws_security_group_rule.mayanks-sg": {
"type": "aws_security_group_rule",
"depends_on": [],
"primary": {
"id": "sgrule-xxxxxx",
"attributes": {
"cidr_blocks.#": "1",
"cidr_blocks.0": "x.x.x.x",
"description": "",
"from_port": "12345",
"id": "sgrule-xxxxxx",
"ipv6_cidr_blocks.#": "0",
"prefix_list_ids.#": "0",
"protocol": "tcp",
"security_group_id": "sg-xxxxxxxxxx",
"self": "false",
"to_port": "12345",
"type": "ingress"
},
"meta": {
"schema_version": "2"
},
"tainted": false
},
"deposed": [],
"provider": "provider.aws"
},
"aws_security_group_rule.mayanks-sg-1": {
"type": "aws_security_group_rule",
"depends_on": [],
"primary": {
"id": "sgrule-xxxxxx",
"attributes": {
"cidr_blocks.#": "1",
"cidr_blocks.0": "x.x.x.x",
"description": "",
"from_port": "54321",
"id": "sgrule-xxxxx",
"ipv6_cidr_blocks.#": "0",
"prefix_list_ids.#": "0",
"protocol": "tcp",
"security_group_id": "sg-xxxxxxxxxxx",
"self": "false",
"to_port": "54321",
"type": "ingress"
},
"meta": {
"schema_version": "2"
},
"tainted": false
},
"deposed": [],
"provider": "provider.aws"
}
},
"depends_on": []
}
]
}
我想通過在配置文件中添加一些內容以及這個參數的含義來消除這個錯誤。 提前致謝
2 個解決方案
解決方案1
1 2018-09-25 19:08:05
這不是錯誤消息。 如果要刪除它,請apply您的模板。 它指出,如果您運行模板,它將更新該安全組的參數。 revoke_rules_on_delete當前設置為空白。 Terraform 將其默認為false 。
revoke_rules_on_delete -(可選)指示 Terraform 在刪除規則本身之前撤銷所有附加的安全組入口和出口規則。 這通常不是必需的,但是某些 AWS 服務(例如 Elastic Map Reduce)可能會自動向與服務一起使用的安全組添加所需的規則,並且這些規則可能包含循環依賴項,以防止安全組在未先刪除依賴項的情況下被破壞。 默認假
最重要的是,如果您希望這是真的,請將其設置在您的aws_security_group資源中並應用您的劇本。 如果您希望它是假的,請應用您的劇本。
https://www.terraform.io/docs/providers/aws/r/security_group.html
解決方案2
0 2020-06-08 17:42:48
對於任何面臨這個問題並想知道如何解決它的人。
按照這三個步驟,您可以以最小的風險執行terraform apply 。
- 您可以創建具有 S3 完全訪問權限和 VPC 只讀權限的受限 AWS 用戶。
- 確保您使用受限 AWS 用戶執行
terraform apply - 完畢
通過這樣做,您可以看到 terraform 修復狀態文件,您不必擔心 terraform 會修改任何意外的資源。
帶有 Terraform 的 AWS - 安全組規則中的安全組參數
[英]AWS with Terraform - security groups argument inside a security group rule
有條件地使用 terraform 中的計數創建 aws_security_group_rule
[英]Conditionally create aws_security_group_rule with count in terraform
如何使用 append 或刪除安全組的入口/出口規則 Terraform?
[英]How to append or delete the ingress/egress rule for a security group using Terraform?
使用 Terraform (AWS) 將安全組添加到另一個安全組的入站規則作為源
[英]Add a Security Group to the Inbound Rule of another Security Group as a Source with Terraform (AWS)
如何使用 terraform 創建允許來自任何地方的 RDP 端口的 aws 安全組規則?
[英]How to create an aws security group rule allowing RDP ports from anywhere using terraform?
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
AWS 和 Terraform - 安全組中的默認出口規則
通過 boto3 中的撤銷刪除 Aws 安全組規則
帶有 Terraform 的 AWS - 安全組規則中的安全組參數
有條件地使用 terraform 中的計數創建 aws_security_group_rule
如何使用 append 或刪除安全組的入口/出口規則 Terraform?
使用 Terraform (AWS) 將安全組添加到另一個安全組的入站規則作為源
撤銷所有 AWS 安全組入口規則
將 csvdecode 放入安全組規則 terraform
如何使用 terraform 創建允許來自任何地方的 RDP 端口的 aws 安全組規則?
獲取 AWS 安全組 ID Terraform 模塊
相關標簽