import - 从已删除状态导入资源后显示差异的 Terraform 计划

问题描述

该基础设施使用 Terraform 源代码内置到 AWS 中。状态文件已经消失，现在我正在尝试将现有基础设施导入 Terraform，重建状态并与源代码同步。

我运行 terraform import 的任何资源，导入过程都没有错误。但是当我运行 terraform plan 时（不做任何修改，就在导入之后），Terraforms 显示需要修改甚至销毁资源。我使用了 terraform refresh，检查了所有 ID 和资源名称/ARN，但结果相同。

例如，我有一个 ID 为sg-12345678910111213的安全组。这个资源需要导入，所以我使用了下面的命令：

terraform import -var-file=secrets.tfvars aws_security_group.sg-rds sg-12345678910111213

aws_security_group.sg-rds: Importing from ID "sg-12345678910111213"...
aws_security_group.sg-rds: Import prepared!
Prepared aws_security_group for import
aws_security_group.sg-rds: Refreshing state... [id=sg-12345678910111213]

Import successful!

The resources that were imported are shown above. These resources are now in
your Terraform state and will henceforth be managed by Terraform.

当我运行 terraform plan -var-file=secrets.tfvars 时，我有以下输出：

  # aws_security_group.sg-rds will be updated in-place
  ~ resource "aws_security_group" "sg-rds" {
        id                     = "sg-12345678910111213"
      ~ ingress                = [
          - {
              - cidr_blocks      = [
                  - "10.123.0.40/32",
                ]
              - description      = ""
              - from_port        = 3306
              - ipv6_cidr_blocks = []
              - prefix_list_ids  = []
              - protocol         = "tcp"
              - security_groups  = [
                  - "sg-12345678910111213",
                ]
              - self             = false
              - to_port          = 3306
            },
          + {
              + cidr_blocks      = [
                  + "10.123.0.40/32",
                ]
              + description      = ""
              + from_port        = 3306
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = []
              + self             = false
              + to_port          = 3306
            },
          + {
              + cidr_blocks      = []
              + description      = ""
              + from_port        = 3306
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = [
                  + "sg-12345678910111213",
                ]
              + self             = false
              + to_port          = 3306
            },
        ]
        name                   = "SG_RDS"
      + revoke_rules_on_delete = false
        tags                   = {
            "Name"        = "SG_RDS"
        }
        # (5 unchanged attributes hidden)

        # (1 unchanged block hidden)
}

这是我的安全组资源源代码：

resource "aws_security_group" "sg-rds" {
  name = "SG_RDS"
  description = "Allows incoming database connections"

  ingress {
    from_port = 3306
    to_port = 3306
    protocol = "tcp"
    security_groups = [aws_security_group.sg-ec2.id]
  }

  ingress {
    from_port = 3306
    to_port = 3306
    protocol = "tcp"
    cidr_blocks = ["10.123.0.40/32"]
  }

  tags = {
    Name = "SG_RDS"
  }
}

现有SG中的规则：

AWS 控制面板中的规则

源代码没有更改为在配置中有偏差（差异显然表明了这一点），这发生在我导入的所有资源中。

我不能在不对项目产生负面影响的情况下销毁/更改任何资源。

这是我当前的 terraform 版本和提供程序：

Terraform v0.14.5

• 提供者 registry.terraform.io/hashicorp/aws v3.26.0
• 提供者 registry.terraform.io/hashicorp/random v3.0.1
• 提供者 registry.terraform.io/hashicorp/tls v3.0.0

标签： importterraformterraform-provider-aws