我使用以下命令将以前部署的RDS实例替换为手动配置的RDS实例:
./terraform destroy -target aws_db_instance.my_db
./terraform import aws_db_instance.my_db my-rds-instance
(必须先破坏旧实例,然后才能使用import
。)
当我现在运行./terraform plan
时,terraform想要销毁并重新创建RDS数据库:
-/+ aws_db_instance.my_db (new resource required)
id: "my-rds-instance" => <computed> (forces new resource)
address: "my-rds-instance.path.rds.amazonaws.com" => <computed>
allocated_storage: "100" => "100"
allow_major_version_upgrade: "false" => "false"
apply_immediately: "false" => "false"
arn: "arn:aws:rds:eu-central-1:123456789123:db:my-rds-instance" => <computed>
auto_minor_version_upgrade: "false" => "false"
availability_zone: "eu-central-1b" => <computed>
backup_retention_period: "7" => "7"
backup_window: "09:46-10:16" => "09:46-10:16"
ca_cert_identifier: "rds-ca-2015" => <computed>
character_set_name: "" => <computed>
copy_tags_to_snapshot: "false" => "false"
db_subnet_group_name: "bintu-ct6" => "bintu-ct6"
endpoint: "my-rds-db-manually.path.rds.amazonaws.com:5432" => <computed>
engine: "postgres" => "postgres"
engine_version: "10.6" => "10.6"
final_snapshot_identifier: "" => "my-rds-DbFinal"
hosted_zone_id: "Z1RLNUO7B9Q6NB" => <computed>
identifier: "my-rds-db-manually" => "my-rds-db-manually"
identifier_prefix: "my-rds-db-" => <computed>
instance_class: "db.m5.large" => "db.m5.xlarge"
kms_key_id: "arn:aws:kms:eu-central-1:123456789123:key/d123d45d-b678-9123-a1e9-c456d40d7be7" => <computed>
license_model: "postgresql-license" => <computed>
maintenance_window: "wed:00:53-wed:01:23" => "mon:00:00-mon:03:00"
monitoring_interval: "60" => "60"
monitoring_role_arn: "arn:aws:iam::123456789123:role/myRdsMonitoring" => "arn:aws:iam::123456789123:role/myRdsMonitoring"
multi_az: "true" => "true"
name: "mydb" => "mydb"
option_group_name: "default:postgres-10" => <computed>
parameter_group_name: "rds-my-group" => "rds-my-group"
password: <sensitive> => <sensitive> (attribute changed)
port: "5432" => <computed>
publicly_accessible: "false" => "false"
replicas.#: "0" => <computed>
resource_id: "db-ABCDEFGHIJKLMNOPQRSTUVW12" => <computed>
skip_final_snapshot: "true" => "false"
status: "available" => <computed>
storage_encrypted: "true" => "false" (forces new resource)
storage_type: "gp2" => "gp2"
tags.%: "1" => "0"
tags.workload-type: "production" => ""
timezone: "" => <computed>
username: "user" => "user"
vpc_security_group_ids.#: "1" => "1"
vpc_security_group_ids.1234563899: "sg-011d2e33a4464eb65" => "sg-011d2e33a4464eb65"
我希望“导入”命令会将手动创建的RDS实例添加到config / state文件中,因此可以在不重新部署新RDS实例的情况下使用它。
使用terraform plan/apply
时如何防止破坏导入的RDS实例?
这是资源配置:
resource "aws_db_instance" "my_db" {
#identifier = "my-rds-db-manually"
identifier_prefix = "${var.db_instance_identifier_prefix}"
vpc_security_group_ids = ["${aws_security_group.my_db.id}"]
allocated_storage = "${var.db_allocated_storage}"
storage_type = "gp2"
engine = "postgres"
engine_version = "10.6"
instance_class = "${var.db_instance_type}"
monitoring_interval = "60"
monitoring_role_arn = "${aws_iam_role.my_rds_monitoring.arn}"
name = "${var.bintu_db_name}"
username = "${var.DB_USER}"
password = "${var.DB_PASS}"
allow_major_version_upgrade = false
apply_immediately = false
auto_minor_version_upgrade = false
backup_window = "${var.db_backup_window}"
maintenance_window = "${var.db_maintenance_window}"
db_subnet_group_name = "${aws_db_subnet_group.my_db.name}"
final_snapshot_identifier = "${var.db_final_snapshot_identifier}"
parameter_group_name = "${aws_db_parameter_group.my_db.name}"
multi_az = true
backup_retention_period = 7
lifecycle {
prevent_destroy = false
}
}
请注意,已设置prevent_destroy = false
,否则该计划将失败。
答案 0 :(得分:3)
您可能已经注意到,您必须自己找出与导入资源匹配的代码。
提供的输出包含一项重要信息:
storage_encrypted: "true" => "false" (forces new resource)
这意味着您的代码想使用storage_encrypted = false
设置RDS实例,而状态/现实将其设置为true
。更改您的代码,您的计划将是无损的。
我还没有检查其余的差异是否匹配。如果没有,它将告诉您哪些确切设置与当前状态相反。