Terraform 试图重新创建 "default" `aws_security_group`

Terraform trying to re-create "default" `aws_security_group`

我在尝试通过 Terraform 更改一位用户的 ssh public 密钥时遇到意外问题。 PR 中更改的是一行(实际 ssh 密钥),没有别的。这样我就不会期望创建任何新的东西。但是,在 terraform plan 上,我得到了这个:

# aws_security_group.default will be created
+ resource "aws_security_group" "default" {

terraform apply 这个错误:

Error: Error creating Security Group: InvalidParameterValue: Cannot use reserved security group name: default
        status code: 400, request id: xxx

  on classic_security_groups.tf line 1, in resource "aws_security_group" "default":
   1: resource "aws_security_group" "default" {

这个问题以前没有发生过,但我找不到任何相关的更新等导致它。谁能建议我应该在哪里寻找解决方案?

根据 AWS 文档 [1]:

Your AWS account automatically has a default security group for the default VPC in each Region. If you don't specify a security group when you launch an instance, the instance is automatically associated with the default security group for the VPC.

A default security group is named "default", and it has an ID assigned by AWS. The following table describes the default rules for a default security group.

这意味着您应该将 aws_security_group 资源的 name 参数更改为其他内容,例如 my-default-sg。这不应与赋予资源的逻辑名称混淆,即 "aws_security_group" "default".

注意:如果您必须有一个名为 default 的安全组,您应该将其分配给 non-default VPC。

[1] https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/default-custom-security-groups.html