英文:
When running terraform apply after importing a key pair, terraform wants to destroy (replace) it, why and what does that mean?
问题
我有以下的Terraform配置:
resource "aws_key_pair" "default_key_pair" {
key_name = "default_key_pair"
public_key = file("../../public_keys/default_key.pub")
}
然后,我首先运行了:
terraform import aws_key_pair.default_key_pair default_key_pair
接着是:
terraform apply
然后它说:
# aws_key_pair.default_key_pair 必须被替换
-/+ resource "aws_key_pair" "default_key_pair" {
~ arn = "arn:aws:ec2:place:id:key-pair/default_key_pair" -> (应用后已知)
~ fingerprint = "safasldjfjfljasfjasodjflasjfsdljfasdjf" -> (应用后已知)
~ id = "default_key_pair" -> (应用后已知)
+ key_name_prefix = (应用后已知)
~ key_pair_id = "key-somethin-something" -> (应用后已知)
~ key_type = "ed25519" -> (应用后已知)
+ public_key = "ssh-ed25519 SNIP SNIP" # 强制替换
- tags = {} -> null
# (隐藏了2个未更改的属性)
}
这是什么意思?我继续使用它,旧的密钥对似乎确实正常工作。然而,查看Terraform状态数据后,我可以看到key_pair_id(我的意思是看起来像key-0f7664ff3fbd3ed0b的ID)确实已经与以前不同(我之前运行了terraform state rm "aws_key_pair.default_key_pair" && terraform destroy来关闭服务器,当我不再主动使用它们时,我已经记录下了之前的密钥对ID)。所以,到底发生了什么,为什么会这样?我本来只希望导入密钥后不需要做任何更改就可以使用它。
英文:
I have following terraform config:
resource "aws_key_pair" "default_key_pair" {
key_name = "default_key_pair"
public_key = file("../../public_keys/default_key.pub")
}
Then, I've initially run:
terraform import aws_key_pair.default_key_pair default_key_pair
Followed up by
terraform apply
And it says then that
# aws_key_pair.default_key_pair must be replaced
-/+ resource "aws_key_pair" "default_key_pair" {
~ arn = "arn:aws:ec2:place:id:key-pair/default_key_pair" -> (known after apply)
~ fingerprint = "safasldjfjfljasfjasodjflasjfsdljfasdjf" -> (known after apply)
~ id = "default_key_pair" -> (known after apply)
+ key_name_prefix = (known after apply)
~ key_pair_id = "key-somethin-something" -> (known after apply)
~ key_type = "ed25519" -> (known after apply)
+ public_key = "ssh-ed25519 SNIP SNIP" # forces replacement
- tags = {} -> null
# (2 unchanged attributes hidden)
}
What does this mean? I went on with it and definitely the old key pair seems to be working fine. However, looking at the terraform state data I can see that the key_pair_id (I mean the id that looks something like key-0f7664ff3fbd3ed0b) has in deed changed from what it was previously (I had previously ran terraform state rm "aws_key_pair.default_key_pair" && terraform destroy, to shut down the servers while I wasn't actively using them and had taken note of the previous key pair id). So, what exactly happened and why? I would have just expected that after importing the key no changes would be needed to use it.
答案1
得分: 4
根据aws_key_pair资源文档的导入部分中的注释:
> AWS API的响应中不包含公钥,因此terraform apply将尝试替换密钥对。目前尚无针对此限制的支持的解决方法。
英文:
As per the note from the import section of the documentation for the aws_key_pair resource:
> The AWS API does not include the public key in the response, so terraform apply will attempt to replace the key pair. There is currently no supported workaround for this limitation.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论