Terraform一直将VPC对等替换
我正在尝试在两个不同的帐户中在两个VPC之间创建VPC凝视。一个是由我管理的,另一个是由我管理的,我无法访问它。 我正在使用Terraform脚本的下一个片段。
resource "aws_vpc_peering_connection" "a" {
peer_owner_id = var.a.aws_account_id
peer_vpc_id = var.a.vpc_id
vpc_id = aws_vpc.main.id
peer_region = "eu-west-1"
requester {
allow_remote_vpc_dns_resolution = false
}
}
接下来,它将被管理该帐户的人手动接受。 问题是,对等是否被接受Terraform是否需要替换对等连接:
# module.vpc.aws_vpc_peering_connection.a is tainted, so must be replaced
-/+ resource "aws_vpc_peering_connection" "a" {
~ accept_status = "active" -> (known after apply)
~ id = "pcx-00000000000000000" -> (known after apply)
# (5 unchanged attributes hidden)
+ accepter {
+ allow_classic_link_to_remote_vpc = (known after apply)
+ allow_remote_vpc_dns_resolution = (known after apply)
+ allow_vpc_to_remote_classic_link = (known after apply)
}
# (1 unchanged block hidden)
}
我已经尝试通过使用LifeCycle 来防止替换,
lifecycle {
ignore_changes = all
}
但这无济于事。 。
I'm trying to create VPC Peering between two VPCs in two different accounts. One is managed by me and another one by others and I don't have access to it.
I'm using the next snippet of Terraform script.
resource "aws_vpc_peering_connection" "a" {
peer_owner_id = var.a.aws_account_id
peer_vpc_id = var.a.vpc_id
vpc_id = aws_vpc.main.id
peer_region = "eu-west-1"
requester {
allow_remote_vpc_dns_resolution = false
}
}
Next, it is going to be manually accepted by those who manage that account.
The problem is whether Peering is accepted or not Terraform wants to replace that Peering connection:
# module.vpc.aws_vpc_peering_connection.a is tainted, so must be replaced
-/+ resource "aws_vpc_peering_connection" "a" {
~ accept_status = "active" -> (known after apply)
~ id = "pcx-00000000000000000" -> (known after apply)
# (5 unchanged attributes hidden)
+ accepter {
+ allow_classic_link_to_remote_vpc = (known after apply)
+ allow_remote_vpc_dns_resolution = (known after apply)
+ allow_vpc_to_remote_classic_link = (known after apply)
}
# (1 unchanged block hidden)
}
I have already tried to prevent the replacement by using lifecycle
lifecycle {
ignore_changes = all
}
But it doesn't help...
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
尝试解开资源
Try to untaint the resource e.g.
By using the
aws_vpc_peering_connection_optionsresource instead of specifying options in theaws_vpc_peering_connectionrequester, I was able to avoid recreation of the connection itself when Terraform noticed that theallow_remote_vpc_dns_resolution选项已更改。https://registry.terraform.io/providers/hashicorp/aws/latest/docs/docs/resources/vpc_peering_connection_options_options
设置该选项仍然会在其他方面接受,但在其他方面接受了一次,但一次。您已经接受了另一个帐户上的连接,只有选项会被污染,而不是整个连接。
By using the
aws_vpc_peering_connection_optionsresource instead of specifying options in theaws_vpc_peering_connectionrequester, I was able to avoid recreation of the connection itself when Terraform noticed that theallow_remote_vpc_dns_resolutionoption had changed.https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/vpc_peering_connection_options
Setting the option will still fail before the peering connection has been accepted by the other side, but once you have accepted the connection on the other account, only the options will be tainted, not the whole connection.