Closed5
terraformでセキュリティグループを変更したら、EC2がreplace対象となる
not75743取り急ぎ使っていたのはこれ
resource "aws_security_group" "test-sg-1" {
name = "test-sg-1"
description = "Test Security Group"
vpc_id = aws_vpc.test-vpc.id
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_instance" "test-instance-1" {
ami = "ami-0d979355d03fa2522"
associate_public_ip_address = true
instance_type = "t3.small"
iam_instance_profile = aws_iam_instance_profile.test-instance-profile.name
security_groups = [aws_security_group.test-sg-1.id]
subnet_id = aws_subnet.test-pub-subnet1a.id
private_ip = "10.10.1.100"
root_block_device {
volume_size = 20
volume_type = "gp3"
}
user_data = file("./userdata.sh")
tags = {
Name = "test-instance-1"
}
}
ログ
$ terraform apply
# aws_instance.test-instance-1 must be replaced
# aws_security_group.test-sg-1 must be replaced
EC2がreplaceにならないのが理想
not75743security_groupsをvpc_security_group_idsにすればよさげ
not75743実際にやってみる
OK
tfファイル
resource "aws_instance" "test-instance-1" {
vpc_security_group_ids = [aws_security_group.test-sg-1.id]
}
apply
$ terraform apply
.. 略 ..
# aws_security_group.test-sg-1 will be updated in-place
.. 略 ..
Plan: 0 to add, 1 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
If you are creating Instances in a VPC, use `vpc_security_group_ids instead.
この記載にしたがって、EC2ではvpc_security_group_ids を使いましょう
このスクラップは2023/05/26にクローズされました