我有一个 terraform 文件,它负责创建 ec2 实例以及安全组。
resource "aws_instance" "ec2" {
ami = "ami-06791f9213cbb608b"
instance_type = "t2.micro"
key_name = "terraform-key"
depends_on = [aws_security_group.ssh_group]
security_groups = [aws_security_group.ssh_group.name]
}
resource "aws_security_group" "ssh_group" {
name = "ssh_group"
description = "SSH Security Group"
ingress {
description = "SSH"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}
运行此命令,创建一个安全组和一个 ec2 实例。
现在,如果我创建另一个安全组并将该组附加到其上,则会导致 ec2 实例的替换,即该实例首先被销毁,然后创建一个新实例。
resource "aws_instance" "ec2" {
ami = "ami-06791f9213cbb608b"
instance_type = "t2.micro"
key_name = "terraform-key"
depends_on = [aws_security_group.ssh_group, aws_security_group.https_group]
security_groups = [aws_security_group.ssh_group.name, aws_security_group.https_group.name]
}
resource "aws_security_group" "ssh_group" {
name = "ssh_group"
description = "SSH Security Group"
ingress {
description = "SSH"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_security_group" "https_group" {
name = "https_group"
description = "HTTPs Security Group"
ingress {
description = "HTTPs"
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}
在 aws 控制台上执行相同的活动,只需将新组附加到实例,这意味着必须存在更新 API。为什么 terraform 的行为与 aws 控制台不一致?我错过了什么吗?有没有办法确保在实例类型更改时发生就地更新!
您应该使用 vpc_security_group_ids,而不是
security_groups
。