时间戳

首页 > 解决方案 > 使用 Terraform 时,为什么我在其入/出规则中更改 EC2 实例时,我的 RDS 实例会拆除并重新启动?

amazon-web-services - 使用 Terraform 时,为什么我在其入/出规则中更改 EC2 实例时,我的 RDS 实例会拆除并重新启动?

问题描述

我有一个带有自己的安全组(未显示)的 ec2 资源(显示)

resource "aws_instance" "outpost" {
  ami           = "ami-0469d1xxxxxxxx"
  instance_type = "t2.micro"
  key_name      = module.secretsmanager.key_name
  vpc_security_group_ids = [module.ec2_security_group.security_group_id]
  subnet_id              = module.vpc.public_subnets[0]
  tags = {
    Name        = "${var.env}-${var.user}-ec2-outpost"
    Terraform   = "true"
    Environment = var.env
    Created     = "${timestamp()}"
  }
}

具有该 ec2 安全组的入口和出口规则的 RDS 实例的安全组:

module "db_security_group" {
  source      = "terraform-aws-modules/security-group/aws"
  version     = "~> 4"
  name        = "${var.env}-${var.user}-${local.db_name}"
  vpc_id      = module.vpc.vpc_id

  ingress_with_source_security_group_id = [
    {
      rule                     = "postgresql-tcp"
      source_security_group_id = module.ec2_security_group.security_group_id
    }
  ]

  egress_with_source_security_group_id = [
    {
      rule                     = "postgresql-tcp"
      source_security_group_id = module.ec2_security_group.security_group_id
    }
  ]

}

以及其中的 RDS 实例db_security_group

module "rds" {
  source                                = "terraform-aws-modules/rds/aws"
  version                               = "~> 3.4.0"
  identifier                            = "${var.env}-${var.user}-${local.db_name}"
  engine                                = var.postgres.engine
  engine_version                        = var.postgres.engine_version
  family                                = var.postgres.family
  major_engine_version                  = var.postgres.major_engine_version
  instance_class                        = var.postgres.instance_class
  allocated_storage                     = var.postgres.allocated_storage
  max_allocated_storage                 = var.postgres.max_allocated_storage
  storage_encrypted                     = var.postgres.storage_encrypted
  name                                  = var.postgres.name
  username                              = var.postgres.username
  password                              = var.rds_password
  port                                  = var.postgres.port
  multi_az                              = var.postgres.multi_az
  subnet_ids                            = module.vpc.private_subnets
  vpc_security_group_ids                = [module.db_security_group.security_group_id]
  maintenance_window                    = var.postgres.maintenance_window
  backup_window                         = var.postgres.backup_window
  enabled_cloudwatch_logs_exports       = var.postgres.enabled_cloudwatch_logs_exports
  backup_retention_period               = var.postgres.backup_retention_period
  skip_final_snapshot                   = var.postgres.skip_final_snapshot
  deletion_protection                   = var.postgres.deletion_protection
  performance_insights_enabled          = var.postgres.performance_insights_enabled
  performance_insights_retention_period = var.postgres.performance_insights_retention_period
  create_monitoring_role                = var.postgres.create_monitoring_role
  monitoring_role_name                  = "${var.env}-${var.user}-${var.postgres.monitoring_role_name}"
  monitoring_interval                   = var.postgres.monitoring_interval
  snapshot_identifier                   = var.postgres.snapshot_identifier
}

当我使用 ec2 实例(例如,iam_instance_profile)更改某些内容或关于 的入站/出站规则中引用的实例的任何内容时module.db_security_group.security_group_id,为什么 RDS 实例会被 Terraform 销毁并重新创建?

标签: amazon-web-servicesamazon-ec2terraformamazon-rdsterraform-provider-aws

解决方案

似乎除了给出时看到的username和行为(herehere),Terraform还会在设置这些参数中的任何一个时将RDS实例标记为删除和重新创建。你会在重新考虑计划时看到这种情况,因为初始和/或从未由 Terraform 实际设置;它认为有变化。passwordsnapshot_identifierapplyusernamepassword

推荐阅读