Question

我有一个问题，我的terraform在某种程度上与部署的不同，虽然我不知道为什么。根据我的git历史记录，管理Cognito用户池的文件自部署以来没有发生变化，但terraform认为它有并且抱怨更改需要强制新资源。

terraform版本：0.11.7

AWS提供商版本：1.14.1

我的Terraform code：

resource "aws_cognito_user_pool" "my_app" {
  name                          = "My App Pool"

  /* Fields that can work as aliases */
  alias_attributes              = [
    "email"
  ]

  /* Auto-verify these fields */
  auto_verified_attributes      = [
    "email"
  ]

  /* This is the template used to verify addresses / accounts */
  verification_message_template {
    default_email_option        = "CONFIRM_WITH_CODE"
  }

  admin_create_user_config {
    allow_admin_create_user_only = false
    invite_message_template {
      email_message             = <<EOF    
  {####}
  EOF

      email_subject             = "MyApp"
      sms_message               = "Welcome to MyApp.  Your username: {username} and password: {####}  Thank you!"
    }
  }

  email_verification_subject    = "MyApp's Confirmation Code"
  email_verification_message    = "Your confirmation code: {####}   Thank you."

password_policy {
    minimum_length              = 8
    require_lowercase           = true
    require_numbers             = true
    require_symbols             = true
    require_uppercase           = true
}

  schema {
    attribute_data_type         = "String"
    developer_only_attribute    = false
    mutable                     = true
    name                        = "email"
    required                    = true
  }

  schema {
    attribute_data_type         = "String"
    developer_only_attribute    = false
    mutable                     = true
    name                        = "custom1"
    required                    = false
  }

  schema {
    attribute_data_type         = "String"
    developer_only_attribute    = false
    mutable                     = true
    name                        = "custom2"
    required                    = false
  }

  tags {
    "name"                      = "MyApp"
    "Project"                   = "Terraform"
  }
}

我得到以下结果：

  schema.3021841581.attribute_data_type:                              "String" => "" (forces new resource)
  schema.3021841581.developer_only_attribute:                         "false" => "false"
  schema.3021841581.mutable:                                          "true" => "false" (forces new resource)
  schema.3021841581.name:                                             "custom1" => "" (forces new resource)
  schema.3021841581.number_attribute_constraints.#:                   "0" => "0"
  schema.3021841581.required:                                         "false" => "false"
  schema.3021841581.string_attribute_constraints.#:                   "1" => "0" (forces new resource)
  schema.3021841581.string_attribute_constraints.0.max_length:        "" => ""
  schema.3021841581.string_attribute_constraints.0.min_length:        "" => ""

我尝试了 terraform刷新，但它无效。

通过 terraform state show 显示状态是什么

 schema.3021841581.attribute_data_type                              = String
 schema.3021841581.developer_only_attribute                         = false
 schema.3021841581.mutable                                          = true
 schema.3021841581.name                                             = custom1
 schema.3021841581.number_attribute_constraints.#                   = 0
 schema.3021841581.required                                         = false
 schema.3021841581.string_attribute_constraints.#                   = 1

所以，我的问题：

我知道这可能不太理想，但有没有办法忽略或跳过Cognito？我不想更改该服务的任何内容，并且需要保护它，因为我们的用户。
有没有办法弄明白为什么它认为存在差异并在不破坏我的游泳池的情况下解决它？

Answer 1

您可以在计划/应用操作中使用选项-target。您应该在此处传递要更新/创建的资源。 Terraform将限制对该资源的操作。如果您有依赖项或者您要更新/创建多个资源，则可以根据需要多次使用该选项。
如果由于某种原因它不同步，也许你可以使用terraform import命令来定位有问题的资源。这将尝试引入您已部署的当前配置，但这种方法有一些限制，并不是所有内容都已导入。

Terraform不同步

1 个答案: