Terraform Version
Terraform v0.12.6Q: Why terraform aws_instance always recreate?
main.tf
data "aws_ami" "linux" {
owners = ["self"]
filter {
name = "tag:Description"
values = ["${var.instance_ami.base}"]
}
}
resource "aws_instance" "linux" {
ami = "${data.aws_ami.linux.id}"
instance_type = "t2.micro"
subnet_id = "${aws_subnet.public.id}"
availability_zone = "${var.availability_zone.us-east-1}"
security_groups = ["${aws_security_group.allow_ssh.id}"]
associate_public_ip_address = true
key_name = "HelloWorld"
tags = {
Name = "Web"
}
}
Error
Terraform will perform the following actions:
# aws_instance.linux must be replaced
-/+ resource "aws_instance" "linux" {
ami = "ami-0c7157d76b3a45a34"
~ arn = "arn:aws:ec2:us-east-1:xxxxxxxxxxxx:instance/i-075a770cca5ab74e4" -> (known after apply)
associate_public_ip_address = true
availability_zone = "us-east-1a"
~ cpu_core_count = 1 -> (known after apply)
~ cpu_threads_per_core = 1 -> (known after apply)
- disable_api_termination = false -> null
- ebs_optimized = false -> null
get_password_data = false
+ host_id = (known after apply)
~ id = "i-075a770cca5ab74e4" -> (known after apply)
~ instance_state = "running" -> (known after apply)
instance_type = "t2.micro"
~ ipv6_address_count = 0 -> (known after apply)
~ ipv6_addresses = [] -> (known after apply)
key_name = "devops"
- monitoring = false -> null
+ network_interface_id = (known after apply)
+ password_data = (known after apply)
+ placement_group = (known after apply)
~ primary_network_interface_id = "eni-00fefb01fc9fa12de" -> (known after apply)
~ private_dns = "ip-172-88-0-166.ec2.internal" -> (known after apply)
~ private_ip = "172.88.0.166" -> (known after apply)
~ public_dns = "ec2-xx-xx-xx-xx.compute-1.amazonaws.com" -> (known after apply)
~ public_ip = "xx.xx.xx.xx" -> (known after apply)
~ security_groups = [ # forces replacement
+ "sg-025186720be2334e9",
]
source_dest_check = true
subnet_id = "subnet-0007ef0e7a0bf8cc6"
tags = {
"Name" = "Test"
}
~ tenancy = "default" -> (known after apply)
~ volume_tags = {} -> (known after apply)
~ vpc_security_group_ids = [
- "sg-025186720be2334e9",
] -> (known after apply)
- credit_specification {
- cpu_credits = "standard" -> null
}
+ ebs_block_device {
+ delete_on_termination = (known after apply)
+ device_name = (known after apply)
+ encrypted = (known after apply)
+ iops = (known after apply)
+ kms_key_id = (known after apply)
+ snapshot_id = (known after apply)
+ volume_id = (known after apply)
+ volume_size = (known after apply)
+ volume_type = (known after apply)
}
+ ephemeral_block_device {
+ device_name = (known after apply)
+ no_device = (known after apply)
+ virtual_name = (known after apply)
}
+ network_interface {
+ delete_on_termination = (known after apply)
+ device_index = (known after apply)
+ network_interface_id = (known after apply)
}
~ root_block_device {
~ delete_on_termination = false -> (known after apply)
~ encrypted = false -> (known after apply)
~ iops = 120 -> (known after apply)
+ kms_key_id = (known after apply)
~ volume_id = "vol-0f77b0b8696ac4379" -> (known after apply)
~ volume_size = 40 -> (known after apply)
~ volume_type = "gp2" -> (known after apply)
}
}
Solution
Use
vpc_security_group_ids instead of security_groups.-
vpc_security_group_ids- The associated security groups in a non-default VPC.security_groups- The associated security groups.
-
vpc_security_group_ids- (Optional, VPC only) A list of security group IDs to associate with.security_groups- (Optional, EC2-Classic and default VPC only) A list of security group names (EC2-Classic) or IDs (default VPC) to associate with.
Reference:
沒有留言:
張貼留言