Terraform 触发了 cloudformation 错误“资源已存在”

问题描述 投票:0回答:1

我在尝试启用 AWS IOT AccountAuditConfiguration 时遇到错误。不幸的是,AWS Terraform 不支持这一点(如果有,请告诉我)。 cloudformation 支持它。我编写了 terraform 脚本来调用它,但遇到了资源已存在错误。我想我想更新它而不是声明它。 这是文件。

sample.json.tpl 文件

{ 
  "AWSTemplateFormatVersion": "2010-09-09", 
  "Description": "Amazon Web Services IoT AccountAuditConfiguration Template", 
  "Resources": {
    "IoTAuditConfiguration": { 
      "Type": "AWS::IoT::AccountAuditConfiguration",
      "Properties": {
        "AccountId": "${account_id}", 
        "AuditCheckConfigurations": {
          "AuthenticatedCognitoRoleOverlyPermissiveCheck": { "Enabled": true },
          "CaCertificateExpiringCheck": { "Enabled": true }, 
          "CaCertificateKeyQualityCheck": {"Enabled": true }, 
          "ConflictingClientIdsCheck": { "Enabled": true },
          "DeviceCertificateExpiringCheck": { "Enabled": true },
          "DeviceCertificateKeyQualityCheck": { "Enabled": true }, 
          "DeviceCertificateSharedCheck": { "Enabled": true }, 
          "IntermediateCaRevokedForActiveDeviceCertificatesCheck" : {"Enabled" : true},
          "IotPolicyOverlyPermissiveCheck": { "Enabled": true },
          "IoTPolicyPotentialMisConfigurationCheck" : {"Enabled" : true},
          "IotRoleAliasAllowsAccessToUnusedServicesCheck": { "Enabled": true },
          "IotRoleAliasOverlyPermissiveCheck": { "Enabled": true }, 
          "LoggingDisabledCheck": { "Enabled": true }, 
          "RevokedCaCertificateStillActiveCheck": { "Enabled": true },
          "RevokedDeviceCertificateStillActiveCheck": { "Enabled": true },
          "UnauthenticatedCognitoRoleOverlyPermissiveCheck": { "Enabled": true } 
        },
        "AuditNotificationTargetConfigurations": { 
          "Sns":  {
            "TargetArn": "${sns_notifications_arn}",
            "RoleArn": "${role}",
            "Enabled": true
          }
          },
        "RoleArn": "${role}"
      }
    }  
  }
}

cloudformation_deploy.tf

data "template_file" "aws_iot_account_audit_enable" {
    template = "${file("${path.module}/sample.json.tpl")}" 
    vars = {
        account_id = data.aws_caller_identity.current.account_id 
        sns_notifications_arn = aws_sns_topic.iot_topic.arn
        role = aws_iam_role.iot_role.name
    }
}

resource "aws_cloudformation_stack" "stack" {
    name = "stack"
    template_body = "${data.template_file.aws_iot_account_audit_enable.rendered}"
}

这是我遇到的错误。

Error: waiting for CloudFormation Stack (arn:aws:cloudformation:us-east-2:xxxxxxxxxxxx:stack/stack/xxxxxxxxxxxxx) 
create: failed to create CloudFormation stack, rollback requested (ROLLBACK_COMPLETE): 
["The following resource(s) failed to create: [IoTAuditConfiguration]. Rollback requested by user." 
"Resource handler returned message: \"The AccountAuditConfiguration already exists.\" (RequestToken: xxxxxxxxxxxxxxxxxxx, HandlerErrorCode: AlreadyExists)"]

我想我正在尝试创造一些已经存在的东西?我该如何更新/配置它?

amazon-web-services terraform aws-cloudformation terraform-provider-aws
1个回答
0
投票

由于 CloudFormation 和 terraform 都是 IaC 工具,因此我想说这两种情况都适用:如果资源存在,则需要导入它。还有一种方法可以将现有资源“导入”到 CloudFormation 堆栈中。但是,如果您只想使用 terraform,可以使用 AWS CC 提供程序,并且那里存在这样的资源:

https://registry.terraform.io/providers/hashicorp/awscc/latest/docs/resources/iot_account_audit_configuration

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.