Terraform计划要销毁导入的RDS资源

时间:2019-06-11 12:45:41

标签: amazon-rds terraform terraform-provider-aws

我使用以下命令将以前部署的RDS实例替换为手动配置的RDS实例:

  • ./terraform destroy -target aws_db_instance.my_db
  • ./terraform import aws_db_instance.my_db my-rds-instance

(必须先破坏旧实例,然后才能使用import。)

当我现在运行./terraform plan时,terraform想要销毁并重新创建RDS数据库:

-/+ aws_db_instance.my_db (new resource required)
      id:                                    "my-rds-instance" => <computed> (forces new resource)
      address:                               "my-rds-instance.path.rds.amazonaws.com" => <computed>
      allocated_storage:                     "100" => "100"
      allow_major_version_upgrade:           "false" => "false"
      apply_immediately:                     "false" => "false"
      arn:                                   "arn:aws:rds:eu-central-1:123456789123:db:my-rds-instance" => <computed>
      auto_minor_version_upgrade:            "false" => "false"
      availability_zone:                     "eu-central-1b" => <computed>
      backup_retention_period:               "7" => "7"
      backup_window:                         "09:46-10:16" => "09:46-10:16"
      ca_cert_identifier:                    "rds-ca-2015" => <computed>
      character_set_name:                    "" => <computed>
      copy_tags_to_snapshot:                 "false" => "false"
      db_subnet_group_name:                  "bintu-ct6" => "bintu-ct6"
      endpoint:                              "my-rds-db-manually.path.rds.amazonaws.com:5432" => <computed>
      engine:                                "postgres" => "postgres"
      engine_version:                        "10.6" => "10.6"
      final_snapshot_identifier:             "" => "my-rds-DbFinal"
      hosted_zone_id:                        "Z1RLNUO7B9Q6NB" => <computed>
      identifier:                            "my-rds-db-manually" => "my-rds-db-manually"
      identifier_prefix:                     "my-rds-db-" => <computed>
      instance_class:                        "db.m5.large" => "db.m5.xlarge"
      kms_key_id:                            "arn:aws:kms:eu-central-1:123456789123:key/d123d45d-b678-9123-a1e9-c456d40d7be7" => <computed>
      license_model:                         "postgresql-license" => <computed>
      maintenance_window:                    "wed:00:53-wed:01:23" => "mon:00:00-mon:03:00"
      monitoring_interval:                   "60" => "60"
      monitoring_role_arn:                   "arn:aws:iam::123456789123:role/myRdsMonitoring" => "arn:aws:iam::123456789123:role/myRdsMonitoring"
      multi_az:                              "true" => "true"
      name:                                  "mydb" => "mydb"
      option_group_name:                     "default:postgres-10" => <computed>
      parameter_group_name:                  "rds-my-group" => "rds-my-group"
      password:                              <sensitive> => <sensitive> (attribute changed)
      port:                                  "5432" => <computed>
      publicly_accessible:                   "false" => "false"
      replicas.#:                            "0" => <computed>
      resource_id:                           "db-ABCDEFGHIJKLMNOPQRSTUVW12" => <computed>
      skip_final_snapshot:                   "true" => "false"
      status:                                "available" => <computed>
      storage_encrypted:                     "true" => "false" (forces new resource)
      storage_type:                          "gp2" => "gp2"
      tags.%:                                "1" => "0"
      tags.workload-type:                    "production" => ""
      timezone:                              "" => <computed>
      username:                              "user" => "user"
      vpc_security_group_ids.#:              "1" => "1"
      vpc_security_group_ids.1234563899:     "sg-011d2e33a4464eb65" => "sg-011d2e33a4464eb65"

我希望“导入”命令会将手动创建的RDS实例添加到config / state文件中,因此可以在不重新部署新RDS实例的情况下使用它。 使用terraform plan/apply时如何防止破坏导入的RDS实例?

这是资源配置:

resource "aws_db_instance" "my_db" {
  #identifier                 = "my-rds-db-manually"
  identifier_prefix           = "${var.db_instance_identifier_prefix}"
  vpc_security_group_ids      = ["${aws_security_group.my_db.id}"]
  allocated_storage           = "${var.db_allocated_storage}"
  storage_type                = "gp2"
  engine                      = "postgres"
  engine_version              = "10.6"
  instance_class              = "${var.db_instance_type}"
  monitoring_interval         = "60"
  monitoring_role_arn         = "${aws_iam_role.my_rds_monitoring.arn}"
  name                        = "${var.bintu_db_name}"
  username                    = "${var.DB_USER}"
  password                    = "${var.DB_PASS}"
  allow_major_version_upgrade = false
  apply_immediately           = false
  auto_minor_version_upgrade  = false
  backup_window               = "${var.db_backup_window}"
  maintenance_window          = "${var.db_maintenance_window}"
  db_subnet_group_name        = "${aws_db_subnet_group.my_db.name}"
  final_snapshot_identifier   = "${var.db_final_snapshot_identifier}"
  parameter_group_name        = "${aws_db_parameter_group.my_db.name}"
  multi_az                    = true
  backup_retention_period     = 7

  lifecycle {
    prevent_destroy = false
  }
}

请注意,已设置prevent_destroy = false,否则该计划将失败。

1 个答案:

答案 0 :(得分:3)

您可能已经注意到,您必须自己找出与导入资源匹配的代码。

提供的输出包含一项重要信息:

storage_encrypted: "true" => "false" (forces new resource)

这意味着您的代码想使用storage_encrypted = false设置RDS实例,而状态/现实将其设置为true。更改您的代码,您的计划将是无损的。

我还没有检查其余的差异是否匹配。如果没有,它将告诉您哪些确切设置与当前状态相反。