我正在运行一个小的 terraform 脚本来构建基础设施[测试目的],当我运行 apply 命令时,它创建了 2 个不同的安全组。
terraform { # Setting up with the provider as AWS
required_providers {
aws = {
source = "hashicorp/aws"
version = "~> 5.0"
}
}
}
provider "aws" {
region = "ap-south-1" # Set your desired AWS region
shared_config_files = ["/home/terraform/.aws/config"] # IAM user access key
shared_credentials_files = ["/home/terraform/.aws/credentials"] # IAM user secret access key
}
resource "aws_vpc" "Terraform_VPC" { # Creating a new VPC and updating a CIDR block.
cidr_block = "10.0.0.0/16"
tags = {
Name = "Terraform_VPC"
}
}
# 4. Creating a Subnet # Creating a Subnet using the above VPC and updating a CIDR block.
resource "aws_subnet" "Subnet_Terraform_VPC" {
vpc_id = aws_vpc.Terraform_VPC.id
cidr_block = "10.0.0.0/16"
#availability_zone = "ap-south-1a"
tags = {
Name = "Subnet_Terraform_VPC"
}
}
# 6. Create a Security Group to Allow posrts : 22, 80, 443 # Creating a Security group with the baic Inbound rules.
resource "aws_security_group" "Security_grp" {
name = "MySecurityGroup"
description = "Allowing HTTP and HTTPS traffic rules only"
vpc_id = aws_vpc.Terraform_VPC.id
}
我不想创建2个不同的安全组,那么如何避免这种情况,或者我编写的代码或脚本是否需要更改。请帮忙。
这是 apply 命令的结果,以防万一您希望对其进行审查。
aws_vpc_security_group_egress_rule.allow_all_traffic_ipv4: Refreshing state... [id=sgr-0bc100ed982b45496]
aws_vpc.Terraform_VPC: Refreshing state... [id=vpc-0dfc04fc2d8387e2f]
aws_security_group.Security_grp: Refreshing state... [id=sg-04ceaa545798c4fe3]
aws_subnet.Subnet_Terraform_VPC: Refreshing state... [id=subnet-0c3a158bca10e1565]
Note: Objects have changed outside of Terraform
Terraform detected the following changes made outside of Terraform since the last "terraform apply" which may have affected this plan:
# aws_vpc.Terraform_VPC has been deleted
- resource "aws_vpc" "Terraform_VPC" {
- id = "vpc-0dfc04fc2d8387e2f" -> null
tags = {
"Name" = "Terraform_VPC"
}
# (15 unchanged attributes hidden)
}
Unless you have made equivalent changes to your configuration, or ignored the relevant attributes using ignore_changes, the following plan may include actions to undo or respond to these
changes.
──────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────
Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
# aws_security_group.Security_grp will be created
+ resource "aws_security_group" "Security_grp" {
+ arn = (known after apply)
+ description = "Allowing HTTP and HTTPS traffic rules only"
+ egress = (known after apply)
+ id = (known after apply)
+ ingress = (known after apply)
+ name = "MySecurityGroup"
+ name_prefix = (known after apply)
+ owner_id = (known after apply)
+ revoke_rules_on_delete = false
+ tags_all = (known after apply)
+ vpc_id = (known after apply)
}
# aws_subnet.Subnet_Terraform_VPC will be created
+ resource "aws_subnet" "Subnet_Terraform_VPC" {
+ arn = (known after apply)
+ assign_ipv6_address_on_creation = false
+ availability_zone = (known after apply)
+ availability_zone_id = (known after apply)
+ cidr_block = "10.0.0.0/24"
+ enable_dns64 = false
+ enable_resource_name_dns_a_record_on_launch = false
+ enable_resource_name_dns_aaaa_record_on_launch = false
+ id = (known after apply)
+ ipv6_cidr_block_association_id = (known after apply)
+ ipv6_native = false
+ map_public_ip_on_launch = false
+ owner_id = (known after apply)
+ private_dns_hostname_type_on_launch = (known after apply)
+ tags = {
+ "Name" = "Subnet_Terraform_VPC"
}
+ tags_all = {
+ "Name" = "Subnet_Terraform_VPC"
}
+ vpc_id = (known after apply)
}
# aws_vpc.Terraform_VPC will be created
+ resource "aws_vpc" "Terraform_VPC" {
+ arn = (known after apply)
+ cidr_block = "10.0.0.0/16"
+ default_network_acl_id = (known after apply)
+ default_route_table_id = (known after apply)
+ default_security_group_id = (known after apply)
+ dhcp_options_id = (known after apply)
+ enable_dns_hostnames = (known after apply)
+ enable_dns_support = true
+ enable_network_address_usage_metrics = (known after apply)
+ id = (known after apply)
+ instance_tenancy = "default"
+ ipv6_association_id = (known after apply)
+ ipv6_cidr_block = (known after apply)
+ ipv6_cidr_block_network_border_group = (known after apply)
+ main_route_table_id = (known after apply)
+ owner_id = (known after apply)
+ tags = {
+ "Name" = "Terraform_VPC"
}
+ tags_all = {
+ "Name" = "Terraform_VPC"
}
}
Plan: 3 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
aws_vpc.Terraform_VPC: Creating...
aws_vpc.Terraform_VPC: Creation complete after 1s [id=vpc-0d528d4b00fea8a9c]
aws_subnet.Subnet_Terraform_VPC: Creating...
aws_security_group.Security_grp: Creating...
aws_subnet.Subnet_Terraform_VPC: Creation complete after 1s [id=subnet-07d89893b462c9448]
aws_security_group.Security_grp: Creation complete after 2s [id=sg-019cfcfa02dd2d1ab]
Apply complete! Resources: 3 added, 0 changed, 0 destroyed.