Terraform 不同步
Terraform Out Of Sync
我有一个问题,我的 terraform 与部署的不一样,但我不知道为什么。根据我的 git 历史记录,管理 Cognito 用户池的文件自部署以来没有更改,但 terraform 认为它有更改并抱怨更改需要强制使用新资源。
terraform 版本:0.11.7
AWS 提供商版本:1.14.1
我的 Terraform code :
resource "aws_cognito_user_pool" "my_app" {
name = "My App Pool"
/* Fields that can work as aliases */
alias_attributes = [
"email"
]
/* Auto-verify these fields */
auto_verified_attributes = [
"email"
]
/* This is the template used to verify addresses / accounts */
verification_message_template {
default_email_option = "CONFIRM_WITH_CODE"
}
admin_create_user_config {
allow_admin_create_user_only = false
invite_message_template {
email_message = <<EOF
{####}
EOF
email_subject = "MyApp"
sms_message = "Welcome to MyApp. Your username: {username} and password: {####} Thank you!"
}
}
email_verification_subject = "MyApp's Confirmation Code"
email_verification_message = "Your confirmation code: {####} Thank you."
password_policy {
minimum_length = 8
require_lowercase = true
require_numbers = true
require_symbols = true
require_uppercase = true
}
schema {
attribute_data_type = "String"
developer_only_attribute = false
mutable = true
name = "email"
required = true
}
schema {
attribute_data_type = "String"
developer_only_attribute = false
mutable = true
name = "custom1"
required = false
}
schema {
attribute_data_type = "String"
developer_only_attribute = false
mutable = true
name = "custom2"
required = false
}
tags {
"name" = "MyApp"
"Project" = "Terraform"
}
}
我得到以下结果:
schema.3021841581.attribute_data_type: "String" => "" (forces new resource)
schema.3021841581.developer_only_attribute: "false" => "false"
schema.3021841581.mutable: "true" => "false" (forces new resource)
schema.3021841581.name: "custom1" => "" (forces new resource)
schema.3021841581.number_attribute_constraints.#: "0" => "0"
schema.3021841581.required: "false" => "false"
schema.3021841581.string_attribute_constraints.#: "1" => "0" (forces new resource)
schema.3021841581.string_attribute_constraints.0.max_length: "" => ""
schema.3021841581.string_attribute_constraints.0.min_length: "" => ""
我尝试了 terraform refresh 但它没有用。
通过执行 terraform state show 显示状态中的内容给出此
schema.3021841581.attribute_data_type = String
schema.3021841581.developer_only_attribute = false
schema.3021841581.mutable = true
schema.3021841581.name = custom1
schema.3021841581.number_attribute_constraints.# = 0
schema.3021841581.required = false
schema.3021841581.string_attribute_constraints.# = 1
那么,我的问题是:
我知道这可能不太理想,但是有什么方法可以忽略或跳过 Cognito 吗?我不想更改该服务的任何内容,并且为了我们的用户需要保护它。
有什么方法可以弄清楚为什么它认为存在差异并在不破坏我的池的情况下解决它?
- 您可以在 plan/apply 操作中使用选项 -target。你应该在这里传递你想要的资源update/create。 Terraform 将限制对该资源的操作。如果您有依赖关系或者您要 update/create 多个资源,您可以根据需要多次使用该选项。
- 如果由于某种原因它不同步,也许您可以针对有问题的资源使用 terraform import 命令。这将尝试引入您已部署的当前配置,但这种方法有一些局限性,并非所有内容都已导入。
我有一个问题,我的 terraform 与部署的不一样,但我不知道为什么。根据我的 git 历史记录,管理 Cognito 用户池的文件自部署以来没有更改,但 terraform 认为它有更改并抱怨更改需要强制使用新资源。
terraform 版本:0.11.7
AWS 提供商版本:1.14.1
我的 Terraform code :
resource "aws_cognito_user_pool" "my_app" {
name = "My App Pool"
/* Fields that can work as aliases */
alias_attributes = [
"email"
]
/* Auto-verify these fields */
auto_verified_attributes = [
"email"
]
/* This is the template used to verify addresses / accounts */
verification_message_template {
default_email_option = "CONFIRM_WITH_CODE"
}
admin_create_user_config {
allow_admin_create_user_only = false
invite_message_template {
email_message = <<EOF
{####}
EOF
email_subject = "MyApp"
sms_message = "Welcome to MyApp. Your username: {username} and password: {####} Thank you!"
}
}
email_verification_subject = "MyApp's Confirmation Code"
email_verification_message = "Your confirmation code: {####} Thank you."
password_policy {
minimum_length = 8
require_lowercase = true
require_numbers = true
require_symbols = true
require_uppercase = true
}
schema {
attribute_data_type = "String"
developer_only_attribute = false
mutable = true
name = "email"
required = true
}
schema {
attribute_data_type = "String"
developer_only_attribute = false
mutable = true
name = "custom1"
required = false
}
schema {
attribute_data_type = "String"
developer_only_attribute = false
mutable = true
name = "custom2"
required = false
}
tags {
"name" = "MyApp"
"Project" = "Terraform"
}
}
我得到以下结果:
schema.3021841581.attribute_data_type: "String" => "" (forces new resource)
schema.3021841581.developer_only_attribute: "false" => "false"
schema.3021841581.mutable: "true" => "false" (forces new resource)
schema.3021841581.name: "custom1" => "" (forces new resource)
schema.3021841581.number_attribute_constraints.#: "0" => "0"
schema.3021841581.required: "false" => "false"
schema.3021841581.string_attribute_constraints.#: "1" => "0" (forces new resource)
schema.3021841581.string_attribute_constraints.0.max_length: "" => ""
schema.3021841581.string_attribute_constraints.0.min_length: "" => ""
我尝试了 terraform refresh 但它没有用。
通过执行 terraform state show 显示状态中的内容给出此
schema.3021841581.attribute_data_type = String
schema.3021841581.developer_only_attribute = false
schema.3021841581.mutable = true
schema.3021841581.name = custom1
schema.3021841581.number_attribute_constraints.# = 0
schema.3021841581.required = false
schema.3021841581.string_attribute_constraints.# = 1
那么,我的问题是:
我知道这可能不太理想,但是有什么方法可以忽略或跳过 Cognito 吗?我不想更改该服务的任何内容,并且为了我们的用户需要保护它。
有什么方法可以弄清楚为什么它认为存在差异并在不破坏我的池的情况下解决它?
- 您可以在 plan/apply 操作中使用选项 -target。你应该在这里传递你想要的资源update/create。 Terraform 将限制对该资源的操作。如果您有依赖关系或者您要 update/create 多个资源,您可以根据需要多次使用该选项。
- 如果由于某种原因它不同步,也许您可以针对有问题的资源使用 terraform import 命令。这将尝试引入您已部署的当前配置,但这种方法有一些局限性,并非所有内容都已导入。