terraform 销毁错误 - aws_security_group: DependencyViolation: 资源 sg-XXX 有一个依赖对象
terraform destroy error - aws_security_group: DependencyViolation: resource sg-XXX has a dependent object
跟踪 Terraform 脚本总是 returns 在破坏基础设施时出现错误。请注意,安全组“GC-SG-VPC1”正在安全组“默认”的入口规则中使用。在销毁 Terraform 期间尝试删除“GC-SG-VPC1”并在多次重试后失败。
非常感谢任何解决此问题的建议。
aws_security_group:DependencyViolation:资源 sg-XXX 有一个依赖对象
# Security Group GC-SG-VPC1
resource "aws_security_group" "GC-SG-VPC1" {
name = "GC-SG-VPC1"
vpc_id = aws_vpc.vpc1.id
tags = {
Name = "GCTF-SG-VPC1"
}
#SSH and all PING
ingress {
description = "Allow SSH"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "Allow all PING"
from_port = -1
to_port = -1
protocol = "icmp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "Allow iPERF3"
from_port = 5201
to_port = 5201
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
# Security Group default
resource "aws_default_security_group" "default" {
vpc_id = aws_vpc.vpc1.id
ingress {
description = "Default SG for VPC1"
from_port = 0
to_port = 0
protocol = "-1"
self = true
}
ingress {
description = "Include EC2 SG in VPC1 default SG"
from_port = 0
to_port = 0
protocol = "-1"
security_groups = [aws_security_group.GC-SG-VPC1.id]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "Default VPC1-SG"
}
}
您不应该使用 aws_default_security_group,因为在大多数情况下这不是必需的并且被视为高级功能。默认SG不能删除,TF也不能删除它的规则,详见docs:
All ingress or egress rules will be left as they are at the time of removal.
由于您将 GC-SG-VPC1 与 aws_default_security_group 绑定,您必须转到 AWS 控制台并手动删除 这种关系,因为 TF 不会这样做.
然后,而不是 aws_default_security_group 使用常规的 aws_security_group。
跟踪 Terraform 脚本总是 returns 在破坏基础设施时出现错误。请注意,安全组“GC-SG-VPC1”正在安全组“默认”的入口规则中使用。在销毁 Terraform 期间尝试删除“GC-SG-VPC1”并在多次重试后失败。
非常感谢任何解决此问题的建议。
aws_security_group:DependencyViolation:资源 sg-XXX 有一个依赖对象
# Security Group GC-SG-VPC1
resource "aws_security_group" "GC-SG-VPC1" {
name = "GC-SG-VPC1"
vpc_id = aws_vpc.vpc1.id
tags = {
Name = "GCTF-SG-VPC1"
}
#SSH and all PING
ingress {
description = "Allow SSH"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "Allow all PING"
from_port = -1
to_port = -1
protocol = "icmp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
description = "Allow iPERF3"
from_port = 5201
to_port = 5201
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
# Security Group default
resource "aws_default_security_group" "default" {
vpc_id = aws_vpc.vpc1.id
ingress {
description = "Default SG for VPC1"
from_port = 0
to_port = 0
protocol = "-1"
self = true
}
ingress {
description = "Include EC2 SG in VPC1 default SG"
from_port = 0
to_port = 0
protocol = "-1"
security_groups = [aws_security_group.GC-SG-VPC1.id]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "Default VPC1-SG"
}
}
您不应该使用 aws_default_security_group,因为在大多数情况下这不是必需的并且被视为高级功能。默认SG不能删除,TF也不能删除它的规则,详见docs:
All ingress or egress rules will be left as they are at the time of removal.
由于您将 GC-SG-VPC1 与 aws_default_security_group 绑定,您必须转到 AWS 控制台并手动删除 这种关系,因为 TF 不会这样做.
然后,而不是 aws_default_security_group 使用常规的 aws_security_group。