I, когда я присоединяю группу безопасности к экземпляру EC2 в Terraform, используя vpc_security_group_ids атрибут, последующие запуски той же конфигурации всегда приводят к изменениям в среде.
Несколько важных деталей:
Фрагмент конфигурации terraform:
data "aws_vpc" "default" {
default = true
}
data "aws_subnet" "default" {
vpc_id = "${data.aws_vpc.default.id}"
availability_zone = "eu-west-2a"
default_for_az = true
}
resource "aws_security_group" "bastion-test" {
name = "bastion-test"
...
}
resource "aws_instance" "bastion" {
subnet_id = "${data.aws_subnet.default.id}"
vpc_security_group_ids = ["${aws_security_group.bastion-test.id}"]
...
}
Результат первого запуска terraform plan:
$ terraform apply
...
aws_security_group.bastion-test: Creating...
...
name: "" => "bastion-test"
...
aws_security_group.bastion-test: Creation complete after 4s (ID: sg-8fXXXXe7)
aws_instance.bastion: Creating...
...
source_dest_check: "" => "true"
subnet_id: "" => "subnet-XXXXX"
...
vpc_security_group_ids.#: "" => "1"
vpc_security_group_ids.2237593593: "" => "sg-8fXXXXe7"
...
aws_instance.bastion: Creation complete after 27s (ID: i-08XXXXXXXXXXXX49)
...
Apply complete! Resources: 2 added, 0 changed, 0 destroyed.
Хорошо, пока все хорошо. Теперь я немедленно выполняю terraform plan:
$ terraform plan
...
aws_security_group.bastion-test: Refreshing state... (ID: sg-8fXXXXe7)
...
aws_instance.bastion: Refreshing state... (ID: i-08XXXXXXXXXXXX49)
...
Terraform will perform the following actions:
~ aws_instance.bastion
vpc_security_group_ids.#: "0" => "1"
vpc_security_group_ids.2237593593: "" => "sg-8fXXXXe7"
Plan: 0 to add, 1 to change, 0 to destroy.
Версии:
$ terraform --version
Terraform v0.10.7
$ ls .terraform/plugins/darwin_amd64/
lock.json
terraform-provider-aws_v1.0.0_x4
Спасибо за прочтение
Джеймс