我尝试升级我的terraform托管基础架构上的某些证书。 tf计划是删除使用旧aws_iam_server_certificate的aws_elb.load_balancer,然后创建一个新的aws_iam_server_certificate,并为其指向一个新的侦听器。但是,当应用计划时,永远不会删除侦听器,因此无法删除旧证书。
我知道监听器没有被删除,因为当我再次运行terraform计划时,我发现旧的监听器仍然需要被销毁。
我如何通过简单的terraform apply
来说服terraform销毁此监听器和旧证书,并创建新的证书和监听器,即无需手动调用terraform destroy?
~ module.ecs.aws_ecs_service.service
task_definition: "arn:aws:ecs:us-east-1:12345:task-definition/dle-glossary-api-sandbox:20" => "${aws_ecs_task_definition.task_definition.arn}"
-/+ module.ecs.aws_ecs_task_definition.admin_task_definition
arn: "arn:aws:ecs:us-east-1:12345:task-definition/dle-glossary-api-sandbox-admin:20" => "<computed>"
container_definitions: "93b15fbec63f6cae8389cc6befa505890002ec4f" => "abf62f02c60dbfa30952def0eb69fec96b455205" (forces new resource)
family: "dle-glossary-api-sandbox-admin" => "dle-glossary-api-sandbox-admin"
network_mode: "" => "<computed>"
revision: "20" => "<computed>"
-/+ module.ecs.aws_ecs_task_definition.task_definition
arn: "arn:aws:ecs:us-east-1:12345:task-definition/dle-glossary-api-sandbox:20" => "<computed>"
container_definitions: "9e38e676174426b7c8179446f788d7eeffa90583" => "92fd7350f9798461d78f80bfca4fccea6cea68db" (forces new resource)
family: "dle-glossary-api-sandbox" => "dle-glossary-api-sandbox"
network_mode: "" => "<computed>"
revision: "20" => "<computed>"
~ module.ecs.aws_elb.load_balancer
needs to delete listener 2240553862, create a listener. This should free up the cert resource. Why can't we delete it?
listener.2240553862.instance_port: "80" => "0"
listener.2240553862.instance_protocol: "http" => ""
listener.2240553862.lb_port: "443" => "0"
listener.2240553862.lb_protocol: "https" => ""
listener.2240553862.ssl_certificate_id: "arn:aws:iam::12345:server-certificate/dle-glossary-api-cert-sandbox009476f6b7..." => ""
listener.3057123346.instance_port: "80" => "80"
listener.3057123346.instance_protocol: "http" => "http"
listener.3057123346.lb_port: "80" => "80"
listener.3057123346.lb_protocol: "http" => "http"
listener.3057123346.ssl_certificate_id: "" => ""
listener.~1222724879.instance_port: "" => "80"
listener.~1222724879.instance_protocol: "" => "http"
listener.~1222724879.lb_port: "" => "443"
listener.~1222724879.lb_protocol: "" => "https"
listener.~1222724879.ssl_certificate_id: "" => "${var.ssl_certificate_arn}"
-/+ module.iam.aws_iam_server_certificate.cert
arn: "arn:aws:iam::12345:server-certificate/dle-glossary-api-cert-sandbox009476f6b7..." => "<computed>"
certificate_body: "x" => "y" (forces new resource)
certificate_chain: "z" => "q"
name: "dle-glossary-api-cert-sandbox009476f6b7..." => "<computed>"
name_prefix: "dle-glossary-api-cert-sandbox" => "dle-glossary-api-cert-sandbox"
path: "/" => "/"
private_key: "xyz" => "zxy" (forces new resource)
错误是:
aws_iam_server_certificate.cert (deposed #0): DeleteConflict:
Certificate: ASCAI25L32IRFVVIZQNIQ is currently in use by
arn:aws:elasticloadbalancing:us-east-1:12345:loadbalancer/dle-glossary-api-sandbox. Please
remove it first before deleting it from IAM. status code: 409,