これは何
Terraformで特定resourceをplanしようとしたが、うまくいかず、resourceの意味を履き違えていたためだ、と気づいたお話です。
内容
まず、resourceについて勘違いしていました。
特定""resource""というわけで、私の脳内では、resource=tfファイルか!と変換していました。
なので…
$ terraform plan -target=vpc.tf -target=securitygroup.tf -target=main.tf -target=variables.tf
これでいけると考えたわけです。
しかし…
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
------------------------------------------------------------------------
No changes. Infrastructure is up-to-date.
This means that Terraform did not detect any differences between your
configuration and real physical resources that exist. As a result, no
actions need to be performed.
vpc.tfとsecuritygroup.tfをデプロイするとしたら、こうなるよ、というplanが示されません。
そこで、実際に世界中のエンジニアはどうコードを書いているのか調べました。
以下のコードだとうまくいくことがわかりました。
$ terraform plan -target=aws_instance.ec2-web01
"aws_iam_policy_document" "instance-assume-role-policy" {
+ id = (known after apply)
+ json = (known after apply)
+ statement {
+ actions = [
+ "sts:AssumeRole",
]
+ effect = "Allow"
+ principals {
+ identifiers = [
+ "ec2.amazonaws.com",
]
+ type = "Service"
}
}
}
# aws_iam_instance_profile.ec2_instance_role_profile_web will be created
+ resource "aws_iam_instance_profile" "ec2_instance_role_profile_web" {
+ arn = (known after apply)
+ create_date = (known after apply)
+ id = (known after apply)
+ name = ""
+ path = "/"
+ role = ""
+ roles = (known after apply)
+ unique_id = (known after apply)
}
# aws_iam_role.ec2_instance_role_web will be created
+ resource "aws_iam_role" "ec2_instance_role_web" {
+ arn = (known after apply)
+ assume_role_policy = (known after apply)
+ create_date = (known after apply)
+ force_detach_policies = false
+ id = (known after apply)
+ max_session_duration = 3600
+ name = ""
+ path = "/"
+ unique_id = (known after apply)
}
# aws_instance.ec2-web01 will be created
+ resource "aws_instance" "ec2-web01" {
+ ami = ""
+ arn = (known after apply)
+ associate_public_ip_address = false
+ availability_zone = (known after apply)
+ cpu_core_count = (known after apply)
+ cpu_threads_per_core = (known after apply)
+ get_password_data = false
+ host_id = (known after apply)
+ iam_instance_profile = ""
+ id = (known after apply)
+ instance_state = (known after apply)
+ instance_type = "t3.micro"
+ ipv6_address_count = (known after apply)
+ ipv6_addresses = (known after apply)
+ key_name = ""
+ network_interface_id = (known after apply)
+ outpost_arn = (known after apply)
+ password_data = (known after apply)
+ placement_group = (known after apply)
+ primary_network_interface_id = (known after apply)
+ private_dns = (known after apply)
+ private_ip = (known after apply)
+ public_dns = (known after apply)
+ public_ip = (known after apply)
+ security_groups = (known after apply)
+ source_dest_check = true
+ subnet_id = (known after apply)
+ tags = {
+ "Name" =
+
}
+ tenancy = (known after apply)
+ volume_tags = {
+ "Name" = ""
}
+ vpc_security_group_ids = (known after apply)
(長いので省略)
と、ec2と、それに関連するresourceがplanされました。
つまり、tfファイル単位でplanではなく、resource単位で、適用される文法でした。
resource=tfファイルと誤変換していました、というお話でした。
またしても、しょうもない気づき…
もし、tfファイル単位でもplanできるよ!という方法があれば、ご教示いただけると嬉しいです。m(__)m
参考
https://www.terraform.io/docs/language/resources/index.html
https://github.com/hashicorp/terraform/issues/13986