当我使用属性将安全组附加到 Terraform 中的 EC2 实例时vpc_security_group_ids,后续运行相同配置总是会导致环境发生变化。
一些可能相关的细节:
- 我正在尝试在默认 VPC 和子网中创建一个新的实例和安全组。
- 我已在多个地区重现了这一现象。
Terraform 配置片段:
data "aws_vpc" "default" {
default = true
}
data "aws_subnet" "default" {
vpc_id = "${data.aws_vpc.default.id}"
availability_zone = "eu-west-2a"
default_for_az = true
}
resource "aws_security_group" "bastion-test" {
name = "bastion-test"
...
}
resource "aws_instance" "bastion" {
subnet_id = "${data.aws_subnet.default.id}"
vpc_security_group_ids = ["${aws_security_group.bastion-test.id}"]
...
}
第一次运行的输出terraform plan:
$ terraform apply
...
aws_security_group.bastion-test: Creating...
...
name: "" => "bastion-test"
...
aws_security_group.bastion-test: Creation complete after 4s (ID: sg-8fXXXXe7)
aws_instance.bastion: Creating...
...
source_dest_check: "" => "true"
subnet_id: "" => "subnet-XXXXX"
...
vpc_security_group_ids.#: "" => "1"
vpc_security_group_ids.2237593593: "" => "sg-8fXXXXe7"
...
aws_instance.bastion: Creation complete after 27s (ID: i-08XXXXXXXXXXXX49)
...
Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
好的,到目前为止一切顺利。现在我立即执行terraform plan:
$ terraform plan
...
aws_security_group.bastion-test: Refreshing state... (ID: sg-8fXXXXe7)
...
aws_instance.bastion: Refreshing state... (ID: i-08XXXXXXXXXXXX49)
...
Terraform will perform the following actions:
~ aws_instance.bastion
vpc_security_group_ids.#: "0" => "1"
vpc_security_group_ids.2237593593: "" => "sg-8fXXXXe7"
Plan: 0 to add, 1 to change, 0 to destroy.
版本:
$ terraform --version
Terraform v0.10.7
$ ls .terraform/plugins/darwin_amd64/
lock.json
terraform-provider-aws_v1.0.0_x4
谢谢阅读
詹姆士