amazon-web-services - Terraform aws安全组revoke_rule_on_delete?
问题描述
我正进入(状态
~ 就地更新
Terraform 将执行以下操作:
~ aws_security_group.mayanks-sg revoke_rules_on_delete: "" => "false"
在运行 terraform plan 时,我不知道这意味着什么以及为什么会在谷歌上搜索它,但没有运气。
.tf 文件:-
resource "aws_security_group" "mayanks-sg" {
name = "mayanks-sg"
description = "for test purpose"
vpc_id = ""
}
resource "aws_security_group_rule" "mayanks-sg" {
type = "ingress"
security_group_id = "sg-xxxxxxxxx"
from_port = 12345
to_port = 12345
protocol = "tcp"
cidr_blocks = ["x.x.x.x"]
}
resource "aws_security_group_rule" "mayanks-sg-1" {
type = "ingress"
security_group_id = "sg-xxxxxxxxx"
from_port = 54321
to_port = 54321
protocol = "tcp"
cidr_blocks = ["x.x.x.x"]
}
tfstate :-
{
"version": 3,
"terraform_version": "0.11.7",
"serial": 1,
"lineage": "x-x-x-x-x",
"modules": [
{
"path": [
"root"
],
"outputs": {},
"resources": {
"aws_security_group.mayanks-sg": {
"type": "aws_security_group",
"depends_on": [],
"primary": {
"id": "sg-xxxxxxxxx",
"attributes": {
"arn": "arn:aws:ec2:x:x:security-group/sg-xxxxxxxxx",
"description": "for test purpose",
"egress.#": "0",
"id": "sg-xxxxxxxxx",
"ingress.#": "2",
"ingress.1364877358.cidr_blocks.#": "1",
"ingress.1364877358.cidr_blocks.0": "x.x.x.x",
"ingress.1364877358.description": "",
"ingress.1364877358.from_port": "12345",
"ingress.1364877358.ipv6_cidr_blocks.#": "0",
"ingress.1364877358.protocol": "tcp",
"ingress.1364877358.security_groups.#": "0",
"ingress.1364877358.self": "false",
"ingress.1364877358.to_port": "12345",
"ingress.2197545509.cidr_blocks.#": "1",
"ingress.2197545509.cidr_blocks.0": "x.x.x.x",
"ingress.2197545509.description": "",
"ingress.2197545509.from_port": "54321",
"ingress.2197545509.ipv6_cidr_blocks.#": "0",
"ingress.2197545509.protocol": "tcp",
"ingress.2197545509.security_groups.#": "0",
"ingress.2197545509.self": "false",
"ingress.2197545509.to_port": "54321",
"name": "mayanks-sg",
"owner_id": "xxxxxxx",
"tags.%": "0",
"vpc_id": ""
},
"meta": {
"x-x-x-x-x-x": {
"create": 600000000000,
"delete": 600000000000
},
"schema_version": "1"
},
"tainted": false
},
"deposed": [],
"provider": "provider.aws"
},
"aws_security_group_rule.mayanks-sg": {
"type": "aws_security_group_rule",
"depends_on": [],
"primary": {
"id": "sgrule-xxxxxx",
"attributes": {
"cidr_blocks.#": "1",
"cidr_blocks.0": "x.x.x.x",
"description": "",
"from_port": "12345",
"id": "sgrule-xxxxxx",
"ipv6_cidr_blocks.#": "0",
"prefix_list_ids.#": "0",
"protocol": "tcp",
"security_group_id": "sg-xxxxxxxxxx",
"self": "false",
"to_port": "12345",
"type": "ingress"
},
"meta": {
"schema_version": "2"
},
"tainted": false
},
"deposed": [],
"provider": "provider.aws"
},
"aws_security_group_rule.mayanks-sg-1": {
"type": "aws_security_group_rule",
"depends_on": [],
"primary": {
"id": "sgrule-xxxxxx",
"attributes": {
"cidr_blocks.#": "1",
"cidr_blocks.0": "x.x.x.x",
"description": "",
"from_port": "54321",
"id": "sgrule-xxxxx",
"ipv6_cidr_blocks.#": "0",
"prefix_list_ids.#": "0",
"protocol": "tcp",
"security_group_id": "sg-xxxxxxxxxxx",
"self": "false",
"to_port": "54321",
"type": "ingress"
},
"meta": {
"schema_version": "2"
},
"tainted": false
},
"deposed": [],
"provider": "provider.aws"
}
},
"depends_on": []
}
]
}
我想通过在配置文件中添加一些东西以及这个参数的含义来消除这个错误。提前致谢
解决方案
这不是错误消息。如果你想删除它,apply你的模板。它说明如果您运行模板,它将更新该安全组的参数。 revoke_rules_on_delete当前设置为空白。Terraform 默认为false.
revoke_rules_on_delete - (可选)指示 Terraform 在删除规则本身之前撤销所有附加的安全组入口和出口规则。这通常是不需要的,但是某些 AWS 服务(例如 Elastic Map Reduce)可能会自动将所需的规则添加到与该服务一起使用的安全组中,并且这些规则可能包含一个循环依赖关系,以防止安全组在不首先删除依赖关系的情况下被破坏。默认假
最重要的是,如果您希望这是真的,请将其设置在您的aws_security_group资源中并应用您的剧本。如果您希望它是错误的,请应用您的剧本。
https://www.terraform.io/docs/providers/aws/r/security_group.html
推荐阅读
- javascript - 如何从具有文本值的表中查找下一个类
- r - 如何修复此错误:在合成器包中未找到作为字符变量的变量?
- r - R - 逗号分隔的列表之间是否至少有一个匹配项?
- javascript - 使用 JavaScript 提取字符串中间的 div 标签
- mongodb - 如何修复 Mac OS 11 上的“mongod”错误?
- python - 将最后一个卷积层的输出传递到 FCC 层 - PyTorch
- php - 如何让 wkhtmtopdf 在没有 root 访问权限的情况下在共享主机上工作
- javascript - 如果从用户浏览器发出请求,CORS 将如何响应
- bash - Tee 命令未附加
- r - 停止在 R 中重新排序 Y 轴的 Geom-Point