When running terraform apply after importing a key pair, terraform wants to destroy (replace) it, why and what does that mean?

huangapple go评论67阅读模式
英文:

When running terraform apply after importing a key pair, terraform wants to destroy (replace) it, why and what does that mean?

问题

我有以下的Terraform配置:

resource "aws_key_pair" "default_key_pair" {
  key_name   = "default_key_pair"
  public_key = file("../../public_keys/default_key.pub")
}

然后,我首先运行了:

terraform import aws_key_pair.default_key_pair default_key_pair

接着是:

terraform apply

然后它说:

# aws_key_pair.default_key_pair 必须被替换
-/+ resource "aws_key_pair" "default_key_pair" {
      ~ arn             = "arn:aws:ec2:place:id:key-pair/default_key_pair" -> (应用后已知)
      ~ fingerprint     = "safasldjfjfljasfjasodjflasjfsdljfasdjf" -> (应用后已知)
      ~ id              = "default_key_pair" -> (应用后已知)
      + key_name_prefix = (应用后已知)
      ~ key_pair_id     = "key-somethin-something" -> (应用后已知)
      ~ key_type        = "ed25519" -> (应用后已知)
      + public_key      = "ssh-ed25519 SNIP SNIP" # 强制替换
      - tags            = {} -> null
        # (隐藏了2个未更改的属性)
    }

这是什么意思?我继续使用它,旧的密钥对似乎确实正常工作。然而,查看Terraform状态数据后,我可以看到key_pair_id(我的意思是看起来像key-0f7664ff3fbd3ed0b的ID)确实已经与以前不同(我之前运行了terraform state rm "aws_key_pair.default_key_pair" && terraform destroy来关闭服务器,当我不再主动使用它们时,我已经记录下了之前的密钥对ID)。所以,到底发生了什么,为什么会这样?我本来只希望导入密钥后不需要做任何更改就可以使用它。

英文:

I have following terraform config:

resource "aws_key_pair" "default_key_pair" {
  key_name   = "default_key_pair"
  public_key = file("../../public_keys/default_key.pub")
}

Then, I've initially run:

terraform import aws_key_pair.default_key_pair default_key_pair

Followed up by

terraform apply

And it says then that

# aws_key_pair.default_key_pair must be replaced
-/+ resource "aws_key_pair" "default_key_pair" {
      ~ arn             = "arn:aws:ec2:place:id:key-pair/default_key_pair" -> (known after apply)
      ~ fingerprint     = "safasldjfjfljasfjasodjflasjfsdljfasdjf" -> (known after apply)
      ~ id              = "default_key_pair" -> (known after apply)
      + key_name_prefix = (known after apply)
      ~ key_pair_id     = "key-somethin-something" -> (known after apply)
      ~ key_type        = "ed25519" -> (known after apply)
      + public_key      = "ssh-ed25519 SNIP SNIP" # forces replacement
      - tags            = {} -> null
        # (2 unchanged attributes hidden)
    }

What does this mean? I went on with it and definitely the old key pair seems to be working fine. However, looking at the terraform state data I can see that the key_pair_id (I mean the id that looks something like key-0f7664ff3fbd3ed0b) has in deed changed from what it was previously (I had previously ran terraform state rm "aws_key_pair.default_key_pair" && terraform destroy, to shut down the servers while I wasn't actively using them and had taken note of the previous key pair id). So, what exactly happened and why? I would have just expected that after importing the key no changes would be needed to use it.

答案1

得分: 4

根据aws_key_pair资源文档的导入部分中的注释:

> AWS API的响应中不包含公钥,因此terraform apply将尝试替换密钥对。目前尚无针对此限制的支持的解决方法。

英文:

As per the note from the import section of the documentation for the aws_key_pair resource:

> The AWS API does not include the public key in the response, so terraform apply will attempt to replace the key pair. There is currently no supported workaround for this limitation.

huangapple
  • 本文由 发表于 2023年6月8日 14:37:08
  • 转载请务必保留本文链接:https://go.coder-hub.com/76429191.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定