我正在尝试销毁 AWS 上一些 Terraform 创建的资源。
Terraform 提出了这个计划
Terraform will perform the following actions:
- aws_lambda_function.myproject-mainprocess-restore-db-from-snapshot
- module.myproject-mainprocess.aws_db_event_subscription.send_rds_event_to_sns
- module.myproject-mainprocess.aws_lambda_permission.allow_sns_call_rds_lambda
- module.myproject-mainprocess.aws_sns_topic_subscription.call_lambda_by_sns
- module.myproject-mainprocess.module.lambda.aws_iam_policy.lambda_policy
- module.myproject-mainprocess.module.lambda.aws_iam_policy.lambda_policy_logs
- module.myproject-mainprocess.module.lambda.aws_iam_role.lambda_role
- module.myproject-mainprocess.module.lambda.aws_iam_role_policy_attachment.policy_attachment
- module.myproject-mainprocess.module.lambda.aws_iam_role_policy_attachment.policy_attachment_logs
- module.myproject-mainprocess.module.lambda.aws_lambda_function.lambda
- module.myproject-mainprocess.module.lambda.datadog_monitor.lambda_errors_alert
- module.myproject-mainprocess.module.rds_event_sns.aws_sns_topic.topic_simple
但是由于我的AWS配置文件缺少一些删除权限,其中一个步骤失败了:
- module.myproject-mainprocess.aws_db_event_subscription.send_rds_event_to_sns
Error: Error applying plan:
1 error(s) occurred:
* module.media-rotate-reports-db.aws_db_event_subscription.send_rds_event_to_sns (destroy): 1 error(s) occurred:
* aws_db_event_subscription.send_rds_event_to_sns: Error deleting RDS Event Subscription dev-media-rotate-reports-db-rds-snapshot-creation-event-subscription: AccessDenied: User: arn:aws:sts::141225792464:assumed-role/myteam/anthony_dev_credentials is not authorized to perform: rds:DeleteEventSubscription on resource: arn:aws:rds:us-east-1:141225792464:es:dev-myproject-mainprocess-rds-snapshot-creation-event-subscription
status code: 403, request id: a20c2dbf-8526-4a8f-9d86-71f2df4507c5
我已使用备用 AWS 角色手动删除上述内容aws_db_event_subscription。但是我无法让 Terraform 恢复并忽略此错误。
Terraform 仍需要执行以下操作:
Terraform will perform the following actions:
- module.myproject-mainprocess.aws_db_event_subscription.send_rds_event_to_sns
- module.myproject-mainprocess.module.rds_event_sns.aws_sns_topic.topic_simple
我如何告诉 Terraform 恢复并忽略module.myproject-mainprocess.aws_db_event_subscription.send_rds_event_to_sns已被删除的内容?
答案1
备份您的tfstate第一个并使用R M命令用于从 中删除资源tfstate。使用方法如下:
terraform state rm module.myproject-mainprocess.aws_db_event_subscription.send_rds_event_to_sns
terraform state rm module.myproject-mainprocess.module.rds_event_sns.aws_sns_topic.topic_simple
编辑 刚刚读
此命令将输出保存任何更改之前的状态备份副本。无法禁用备份。由于此命令具有破坏性,因此需要备份。
我仍然建议进行手动备份以及从损坏的 tfstate 中恢复或重建 tfstate 是一项耗时且有风险的操作,我希望不惜一切代价避免。