英文:
Manage/import Terraform resource indirectly created by Terraform
问题
我们正在使用Terraform的aws_db_instance来创建一个RDS PostgreSQL实例。当我们设置enabled_cloudwatch_logs_exports时,这会为RDS日志创建一个CloudWatch日志组。
接下来,我们想将此日志组的保留期设置为7天,而不是默认的“永不过期”设置。但是,我们无法使用aws_cloudwatch_log_group来实现这一点,因为日志组已经存在,但不是由Terraform直接管理的。
最小可重现的示例:
# foo.tf
resource "aws_db_instance" "foo" {
allocated_storage = 10
db_name = "mydb"
engine = "postgres"
engine_version = "12"
instance_class = "db.t3.micro"
username = "foo"
password = "foobarbaz"
skip_final_snapshot = true
enabled_cloudwatch_logs_exports = ["postgresql"]
}
resource "aws_cloudwatch_log_group" "bar" {
name = "/aws/rds/instance/${aws_db_instance.foo.id}/postgresql"
retention_in_days = 7
}
这导致以下错误:
> Error: Creating CloudWatch Log Group failed: ResourceAlreadyExistsException: The specified log group already exists: The CloudWatch Log Group '/aws/rds/instance/terraform-<redacted>/postgresql' already exists.
在此模块(foo.tf)内如何告诉terraform管理由aws_db_instance“隐式”创建的日志组?
注意事项:我不能在这里使用terraform import。这必须保持在Terraform模块内部。
英文:
We are using Terraform's aws_db_instance to create an RDS PostgreSQL instance. When we set enabled_cloudwatch_logs_exports, this creates a CloudWatch Log Group for RDS logs.
Next, we'd like to set the retention period for this Log Group to 7 days, rather than its default "Never expire" setting. However, we're unable to do this using aws_cloudwatch_log_group, since the Log Group already exists but is not directly managed by Terraform.
Minimum reproducible example:
# foo.tf
resource "aws_db_instance" "foo" {
allocated_storage = 10
db_name = "mydb"
engine = "postgres"
engine_version = "12"
instance_class = "db.t3.micro"
username = "foo"
password = "foobarbaz"
skip_final_snapshot = true
enabled_cloudwatch_logs_exports = ["postgresql"]
}
resource "aws_cloudwatch_log_group" "bar" {
name = "/aws/rds/instance/${aws_db_instance.foo.id}/postgresql"
retention_in_days = 7
}
This leads to the error below:
> Error: Creating CloudWatch Log Group failed: ResourceAlreadyExistsException: The specified log group already exists: The CloudWatch Log Group '/aws/rds/instance/terraform-<redacted>/postgresql' already exists.
How can we tell terraform within this module (foo.tf) to manage the Log Group that is implicitly created by aws_db_instance?
Caveats: I cannot use terraform import here. This must stay contained within Terraform modules.
答案1
得分: 0
现在 AWS 中已经存在所需资源,无法按您要求执行。现在唯一的选项是使用 terraform import。
如果您想要使此模块可重用,并希望防止将来再次发生此问题,那么您应该向 aws_db_instance 资源添加一个 depends_on,以便在创建数据库资源之前等待 aws_cloudwatch_log_group 资源存在。如果日志组已经存在,那么AWS将直接使用它,而不会自动尝试为您创建它。
英文:
There's no way to do what you want now that the resources already exist in AWS. The only option now is to use terraform import.
If you are trying to make this module reusable, and want to prevent this issue from happening again in the future, then you should add a depends_on to the aws_db_instance resource, so that it waits for the aws_cloudwatch_log_group resource to exist, before creating the database resource. If the log group already exists, then AWS will just use it instead of trying to create it for you automatically.
通过集体智慧和协作来改善编程学习和解决问题的方式。致力于成为全球开发者共同参与的知识库,让每个人都能够通过互相帮助和分享经验来进步。
评论