如何删除负载均衡器指向的服务器证书?

时间:2017-05-30 14:51:49

标签: amazon-web-services terraform

我尝试升级我的terraform托管基础架构上的某些证书​​。 tf计划是删除使用旧aws_iam_server_certificate的aws_elb.load_balancer,然后创建一个新的aws_iam_server_certificate,并为其指向一个新的侦听器。但是,当应用计划时,永远不会删除侦听器,因此无法删除旧证书。

我知道监听器没有被删除,因为当我再次运行terraform计划时,我发现旧的监听器仍然需要被销毁。

我如何通过简单的terraform apply来说服terraform销毁此监听器和旧证书,并创建新的证书和监听器,即无需手动调用terraform destroy?

计划

~ module.ecs.aws_ecs_service.service
    task_definition: "arn:aws:ecs:us-east-1:12345:task-definition/dle-glossary-api-sandbox:20" => "${aws_ecs_task_definition.task_definition.arn}"

-/+ module.ecs.aws_ecs_task_definition.admin_task_definition
    arn:                   "arn:aws:ecs:us-east-1:12345:task-definition/dle-glossary-api-sandbox-admin:20" => "<computed>"
    container_definitions: "93b15fbec63f6cae8389cc6befa505890002ec4f" => "abf62f02c60dbfa30952def0eb69fec96b455205" (forces new resource)
    family:                "dle-glossary-api-sandbox-admin" => "dle-glossary-api-sandbox-admin"
    network_mode:          "" => "<computed>"
    revision:              "20" => "<computed>"

-/+ module.ecs.aws_ecs_task_definition.task_definition
    arn:                   "arn:aws:ecs:us-east-1:12345:task-definition/dle-glossary-api-sandbox:20" => "<computed>"
    container_definitions: "9e38e676174426b7c8179446f788d7eeffa90583" => "92fd7350f9798461d78f80bfca4fccea6cea68db" (forces new resource)
    family:                "dle-glossary-api-sandbox" => "dle-glossary-api-sandbox"
    network_mode:          "" => "<computed>"
    revision:              "20" => "<computed>"

~ module.ecs.aws_elb.load_balancer
needs to delete listener 2240553862, create a listener. This should free up the cert resource. Why can't we delete it?

listener.2240553862.instance_port:       "80" => "0"
    listener.2240553862.instance_protocol:   "http" => ""
    listener.2240553862.lb_port:             "443" => "0"
    listener.2240553862.lb_protocol:         "https" => ""
    listener.2240553862.ssl_certificate_id:  "arn:aws:iam::12345:server-certificate/dle-glossary-api-cert-sandbox009476f6b7..." => ""
listener.3057123346.instance_port:       "80" => "80"
    listener.3057123346.instance_protocol:   "http" => "http"
    listener.3057123346.lb_port:             "80" => "80"
    listener.3057123346.lb_protocol:         "http" => "http"
    listener.3057123346.ssl_certificate_id:  "" => ""
listener.~1222724879.instance_port:      "" => "80"
    listener.~1222724879.instance_protocol:  "" => "http"
    listener.~1222724879.lb_port:            "" => "443"
    listener.~1222724879.lb_protocol:        "" => "https"
    listener.~1222724879.ssl_certificate_id: "" => "${var.ssl_certificate_arn}"

-/+ module.iam.aws_iam_server_certificate.cert
    arn:               "arn:aws:iam::12345:server-certificate/dle-glossary-api-cert-sandbox009476f6b7..." => "<computed>"
    certificate_body:  "x" => "y" (forces new resource)
    certificate_chain: "z" => "q"
    name:              "dle-glossary-api-cert-sandbox009476f6b7..." => "<computed>"
    name_prefix:       "dle-glossary-api-cert-sandbox" => "dle-glossary-api-cert-sandbox"
    path:              "/" => "/"
    private_key:       "xyz" => "zxy" (forces new resource)

错误是:

 aws_iam_server_certificate.cert (deposed #0): DeleteConflict:
    Certificate: ASCAI25L32IRFVVIZQNIQ is currently in use by
    arn:aws:elasticloadbalancing:us-east-1:12345:loadbalancer/dle-glossary-api-sandbox. Please
    remove it first before deleting it from IAM.  status code: 409,

0 个答案:

没有答案