Terraform NAT网关强制应用新资源

时间:2019-08-06 23:28:00

标签: terraform terraform-provider-aws

感谢您的提前帮助。(terraform的新手)

Terraform每次在terraform应用期间都会创建一个新的NAT网关。我显然在这里丢失了一些东西,

resource "aws_eip" "tfeip"{
  vpc      = true
  depends_on = ["aws_internet_gateway.igw"]
  tags{
    Name = "${var.vpc_env}-tf-eip-nat-gw"
  }
}

# Create NAT Gateway
resource "aws_nat_gateway" "nat-gw" {
  allocation_id = "${aws_eip.tfeip.id}"
  subnet_id  = "${element(data.aws_subnet_ids.public-subnets.ids, 0)}"
  depends_on = ["aws_internet_gateway.igw"]
  tags{
    Name = "${var.vpc_env}-tf-nat-gateway"
  }
}

Terraform创建新的分配ID,然后每次都创建NAT网关。知道我想念什么吗?

这是我的计划输出,

Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

aws_nat_gateway.nat-gw: Refreshing state...
data.aws_eip.eipid: Refreshing state...
aws_vpc.tfvpc: Refreshing state... [id=vpc-02f8c59a8497b4106]
aws_subnet.tfprivate[1]: Refreshing state... [id=subnet-08e2c6d4747f6825b]
aws_internet_gateway.igw: Refreshing state... [id=igw-0a2e4bac38e4daf38]
aws_subnet.tfprivate[0]: Refreshing state... [id=subnet-0b1e4b8c079eba45a]
aws_network_acl.tf-private-acl: Refreshing state... [id=acl-0c7e5678f7cc69c21]
aws_subnet.tfpublic[0]: Refreshing state... [id=subnet-055b2b384d0c0ce66]
aws_subnet.tfpublic[1]: Refreshing state... [id=subnet-048769cf43c37022b]
aws_eip.tfeip: Refreshing state... [id=eipalloc-0e5020f276b019d1a]
aws_route_table.tf-public-route: Refreshing state... [id=rtb-0c036c023e7949d24]
aws_nat_gateway.nat-gw: Refreshing state... [id=nat-0df993ed23f40559f]
aws_route_table_association.tf-public-route-association[0]: Refreshing state... [id=rtbassoc-0dbfff44cb44ef6e6]
aws_route_table_association.tf-public-route-association[1]: Refreshing state... [id=rtbassoc-05b2e9420129b6cad]
aws_route_table.tf-private-route: Refreshing state... [id=rtb-00d7850a8294282b5]
aws_route_table_association.tf-private-route-association[0]: Refreshing state... [id=rtbassoc-06d65de0b71461ac4]
aws_route_table_association.tf-private-route-association[1]: Refreshing state... [id=rtbassoc-04658d796d38247d7]
aws_vpc_endpoint.s3-vpce: Refreshing state... [id=vpce-0c48db5bd18368299]

------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  ~ update in-place
-/+ destroy and then create replacement
 <= read (data resources)

Terraform will perform the following actions:

  # data.aws_subnet_ids.private-subnets will be read during apply
  # (config refers to values not yet known)
 <= data "aws_subnet_ids" "private-subnets"  {
      + id     = (known after apply)
      + ids    = (known after apply)
      + tags   = {
          + "Type" = "Private"
        }
      + vpc_id = "vpc-02f8c59a8497b4106"
    }

  # data.aws_subnet_ids.public-subnets will be read during apply
  # (config refers to values not yet known)
 <= data "aws_subnet_ids" "public-subnets"  {
      + id     = (known after apply)
      + ids    = (known after apply)
      + tags   = {
          + "Type" = "Public"
        }
      + vpc_id = "vpc-02f8c59a8497b4106"
    }

  # aws_nat_gateway.nat-gw must be replaced
-/+ resource "aws_nat_gateway" "nat-gw" {
        allocation_id        = "eipalloc-0e5020f276b019d1a"
      ~ id                   = "nat-0df993ed23f40559f" -> (known after apply)
      ~ network_interface_id = "eni-09a821bxxxxx39297" -> (known after apply)
      ~ private_ip           = "10.38.0.21" -> (known after apply)
      ~ public_ip            = "3.225.5.235" -> (known after apply)
      ~ subnet_id            = "subnet-055b2b384d0c0ce66" -> (known after apply) # forces replacement
        tags                 = {
            "Name" = "dev-tf-nat-gateway"
        }
    }

  # aws_route_table.tf-private-route will be updated in-place
  ~ resource "aws_route_table" "tf-private-route" {
        id               = "rtb-00d7850a8294282b5"
        owner_id         = "xxxxxxxxxxxxx"
        propagating_vgws = []
      ~ route            = [
          - {
              - cidr_block                = "0.0.0.0/0"
              - egress_only_gateway_id    = ""
              - gateway_id                = ""
              - instance_id               = ""
              - ipv6_cidr_block           = ""
              - nat_gateway_id            = "nat-0df993ed23f40559f"
              - network_interface_id      = ""
              - transit_gateway_id        = ""
              - vpc_peering_connection_id = ""
            },
            {
                cidr_block                = "0.0.0.0/0"
                egress_only_gateway_id    = ""
                gateway_id                = ""
                instance_id               = ""
                ipv6_cidr_block           = ""
                nat_gateway_id            = (known after apply)
                network_interface_id      = ""
                transit_gateway_id        = ""
                vpc_peering_connection_id = ""
            },
        ]
        tags             = {
            "Name" = "dev-tf-private-rt-table"
        }
        vpc_id           = "vpc-02f8c59a8497b4106"
    }

  # aws_route_table_association.tf-private-route-association[0] must be replaced
-/+ resource "aws_route_table_association" "tf-private-route-association" {
      ~ id             = "rtbassoc-06d65de0b71461ac4" -> (known after apply)
        route_table_id = "rtb-00d7850a8294282b5"
      ~ subnet_id      = "subnet-08e2c6d4747f6825b" -> (known after apply) # forces replacement
    }

  # aws_route_table_association.tf-private-route-association[1] must be replaced
-/+ resource "aws_route_table_association" "tf-private-route-association" {
      ~ id             = "rtbassoc-04658d796d38247d7" -> (known after apply)
        route_table_id = "rtb-00d7850a8294282b5"
      ~ subnet_id      = "subnet-0b1e4b8c079eba45a" -> (known after apply) # forces replacement
    }

  # aws_route_table_association.tf-public-route-association[0] must be replaced
-/+ resource "aws_route_table_association" "tf-public-route-association" {
      ~ id             = "rtbassoc-0dbfff44cb44ef6e6" -> (known after apply)
        route_table_id = "rtb-0c036c023e7949d24"
      ~ subnet_id      = "subnet-048769cf43c37022b" -> (known after apply) # forces replacement
    }

  # aws_route_table_association.tf-public-route-association[1] must be replaced
-/+ resource "aws_route_table_association" "tf-public-route-association" {
      ~ id             = "rtbassoc-05b2e9420129b6cad" -> (known after apply)
        route_table_id = "rtb-0c036c023e7949d24"
      ~ subnet_id      = "subnet-055b2b384d0c0ce66" -> (known after apply) # forces replacement
    }

Plan: 5 to add, 1 to change, 5 to destroy.

------------------------------------------------------------------------

Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.```

1 个答案:

答案 0 :(得分:0)

@ydaetskcoR在所有公用子网上为每个可用区创建一个网关并将旧的孤立网关从状态文件中删除之后,此问题得以解决。