首页 > 其他分享 >从零开始的terraform之旅 - 3命令部分- 部署基础架构 (plan apply destroy)

从零开始的terraform之旅 - 3命令部分- 部署基础架构 (plan apply destroy)

时间:2024-03-22 15:59:58浏览次数:29  
标签:Terraform s3 bucket aws terraform 基础架构 plan id

3命令部分- 部署基础架构 (plan apply)

文章目录

部署基础架构

terraform的主要功能就是去部署基础架构,因此使用最多的功能就是plan apply,这里这两个命令默认都是在当前前目录以及当前工作区

plan

terraform plan命令创建一个可以执行的plan,能够看到即将对infrastructure进行修改的部分,默认情况下,当执行命令的时候:

1. 读取真实infra的状态,
1. 比较当前的配置和之前的状态,并且提示出来
1. 提出一系列应该被执行的操作,如果apply的话,就会让远端的infra跟当前配置变成一样

需要注意的是 plan 命令正如其名,不会执行任何修改 如果直接在交互式终端中使用 Terraform,并且希望应用 Terraform 建议的更改,则也可以直接运行 terraform apply

可以使用可选 -out=FILE 选项将生成的计划保存到磁盘上的文件中,稍后可以通过将文件作为额外参数传递到 terraform apply 该文件来执行该文件。

planning modes

除了默认的模式之外,tf有额外两种备选模式

  1. destroy模式 用于生成删除资源的plan,比如:
[waooo!!@terraform providertest]$ terraform plan -destroy
aws_s3_bucket.felixtest: Refreshing state... [id=felixtftestprovider1]
aws_s3_bucket_versioning.this: Refreshing state... [id=felixtftestprovider1]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols:
  - destroy

Terraform will perform the following actions:

  # aws_s3_bucket.felixtest will be destroyed
  - resource "aws_s3_bucket" "felixtest" {
      - arn                         = "arn:aws-cn:s3:::felixtftestprovider1" -> null
      - bucket                      = "felixtftestprovider1" -> null
      - bucket_domain_name          = "felixtftestprovider1.s3.amazonaws.com.cn" -> null
      - bucket_regional_domain_name = "felixtftestprovider1.s3.cn-north-1.amazonaws.com.cn" -> null
      - force_destroy               = false -> null
      - hosted_zone_id              = "Z5CN8UMXT92WN" -> null
      - id                          = "felixtftestprovider1" -> null
      - object_lock_enabled         = false -> null
      - region                      = "cn-north-1" -> null
      - request_payer               = "BucketOwner" -> null
      - tags                        = {} -> null
      - tags_all                    = {} -> null

      - grant {
          - id          = "fb1a0ca5601755fb8c96c5ebb2c49ac0b4ebd732d0bfbd5f55281f3c21ffd5c8" -> null
          - permissions = [
              - "FULL_CONTROL",
            ] -> null
          - type        = "CanonicalUser" -> null
        }

      - server_side_encryption_configuration {
          - rule {
              - bucket_key_enabled = false -> null

              - apply_server_side_encryption_by_default {
                  - sse_algorithm = "AES256" -> null
                }
            }
        }

      - versioning {
          - enabled    = true -> null
          - mfa_delete = false -> null
        }
    }

  # aws_s3_bucket_versioning.this will be destroyed
  - resource "aws_s3_bucket_versioning" "this" {
      - bucket = "felixtftestprovider1" -> null
      - id     = "felixtftestprovider1" -> null

      - versioning_configuration {
          - status = "Enabled" -> null
        }
    }

Plan: 0 to add, 0 to change, 2 to destroy.

─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run
"terraform apply" now.

Refresh-only mode 仅刷新模式,非常有用

如果手动更改了远程对象,同时又想把这个内容更新到terraform中, 这个命令就非常有用

注意:该 -refresh-only 选项仅在 Terraform v0.15.4 及更高版本中可用。

如果希望根据这个内容改代码,则需要使用仅刷新模式同步了state文件之后再对自己的tf文件进行修改。

下边的示例中我手动暂停了我得版本控制:

[waooo!!@terraform providertest]$ terraform plan -refresh-only
aws_s3_bucket.felixtest: Refreshing state... [id=felixtftestprovider1]
aws_s3_bucket_versioning.this: Refreshing state... [id=felixtftestprovider1]

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the last "terraform apply" which may have affected
this plan:

  # aws_s3_bucket.felixtest has changed
  ~ resource "aws_s3_bucket" "felixtest" {
        id                          = "felixtftestprovider1"
        tags                        = {}
        # (10 unchanged attributes hidden)

      ~ versioning {
          ~ enabled    = true -> false
            # (1 unchanged attribute hidden)
        }

        # (2 unchanged blocks hidden)
    }

  # aws_s3_bucket_versioning.this has changed
  ~ resource "aws_s3_bucket_versioning" "this" {
        id     = "felixtftestprovider1"
        # (1 unchanged attribute hidden)

      ~ versioning_configuration {
          ~ status = "Enabled" -> "Suspended"
        }
    }


This is a refresh-only plan, so Terraform will not take any actions to undo these. If you were expecting these changes then
you can apply this plan to record the updated values in the Terraform state without changing any remote objects.

─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run
"terraform apply" now.
[waooo!!@terraform providertest]$ terraform apply -refresh-only
aws_s3_bucket.felixtest: Refreshing state... [id=felixtftestprovider1]
aws_s3_bucket_versioning.this: Refreshing state... [id=felixtftestprovider1]

Note: Objects have changed outside of Terraform

Terraform detected the following changes made outside of Terraform since the last "terraform apply" which may have affected
this plan:

  # aws_s3_bucket.felixtest has changed
  ~ resource "aws_s3_bucket" "felixtest" {
        id                          = "felixtftestprovider1"
        tags                        = {}
        # (10 unchanged attributes hidden)

      ~ versioning {
          ~ enabled    = true -> false
            # (1 unchanged attribute hidden)
        }

        # (2 unchanged blocks hidden)
    }

  # aws_s3_bucket_versioning.this has changed
  ~ resource "aws_s3_bucket_versioning" "this" {
        id     = "felixtftestprovider1"
        # (1 unchanged attribute hidden)

      ~ versioning_configuration {
          ~ status = "Enabled" -> "Suspended"
        }
    }


This is a refresh-only plan, so Terraform will not take any actions to undo these. If you were expecting these changes then
you can apply this plan to record the updated values in the Terraform state without changing any remote objects.

Would you like to update the Terraform state to reflect these detected changes?
  Terraform will write these changes to the state without modifying any real infrastructure.
  There is no undo. Only 'yes' will be accepted to confirm.

  Enter a value: yes


Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

Planning Options 规划选项

一些额外的命令行选项,

-refresh=false 这个选项可以禁用再aply之前terraform对远程对象的查询操作,但是可能会因为这个对象被手动修改了已经跟state文件不一致,导致这个apply出错

测试: 我tf文件里的版本控制是开启, state文件中是暂停,真实环境是开启,执行以下命令:

[waooo!!@terraform providertest]$ terraform apply -refresh=false

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aws_s3_bucket_versioning.this will be updated in-place
  ~ resource "aws_s3_bucket_versioning" "this" {
        id     = "felixtftestprovider1"
        # (1 unchanged attribute hidden)

      ~ versioning_configuration {
          ~ status = "Suspended" -> "Enabled"
        }
    }

Plan: 0 to add, 1 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: ^C

Interrupt received.
Please wait for Terraform to exit or data loss may occur.
Gracefully shutting down...

╷
│ Error: error asking for approval: interrupted
│
│
╵
[waooo!!@terraform providertest]$ terraform apply
aws_s3_bucket.felixtest: Refreshing state... [id=felixtftestprovider1]
aws_s3_bucket_versioning.this: Refreshing state... [id=felixtftestprovider1]

No changes. Your infrastructure matches the configuration.

Terraform has compared your real infrastructure against your configuration and found no differences, so no changes are
needed.

Apply complete! Resources: 0 added, 0 changed, 0 destroyed.

可以看到如果指定了-refresh=false 的话,不会查询我的真实状态,而是直接参考我的state中的状态,因此terraform会尝试修改我得版本控制为enabled(即便真实状态已经是enabled), 这时候直接apply terraform检查了远端是跟当前的配置一致的,直接就是更新了我得state文件为真实状态

[waooo!!@terraform providertest]$ terraform state show aws_s3_bucket_versioning.this
# aws_s3_bucket_versioning.this:
resource "aws_s3_bucket_versioning" "this" {
    bucket = "felixtftestprovider1"
    id     = "felixtftestprovider1"

    versioning_configuration {
        status = "Enabled"
    }
}

-replace=ADDRESS 这个选项用于替换指定的资源,如果远端的资源降级了,可以用这个选项进行替换远端资源 ,相当于删除并重新创建一个远端对象,测试

[waooo!!@terraform providertest]$ terraform state list
aws_s3_bucket.felixtest
aws_s3_bucket_versioning.this
[waooo!!@terraform providertest]$ terraform apply  -replace=aws_s3_bucket.felixtest
aws_s3_bucket.felixtest: Refreshing state... [id=felixtftestprovider1]
aws_s3_bucket_versioning.this: Refreshing state... [id=felixtftestprovider1]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # aws_s3_bucket.felixtest will be replaced, as requested
-/+ resource "aws_s3_bucket" "felixtest" {
      + acceleration_status         = (known after apply)
      + acl                         = (known after apply)
      ~ arn                         = "arn:aws-cn:s3:::felixtftestprovider1" -> (known after apply)
      ~ bucket_domain_name          = "felixtftestprovider1.s3.amazonaws.com.cn" -> (known after apply)
      + bucket_prefix               = (known after apply)
      ~ bucket_regional_domain_name = "felixtftestprovider1.s3.cn-north-1.amazonaws.com.cn" -> (known after apply)
      ~ hosted_zone_id              = "Z5CN8UMXT92WN" -> (known after apply)
      ~ id                          = "felixtftestprovider1" -> (known after apply)
      + policy                      = (known after apply)
      ~ region                      = "cn-north-1" -> (known after apply)
      ~ request_payer               = "BucketOwner" -> (known after apply)
      - tags                        = {} -> null
      ~ tags_all                    = {} -> (known after apply)
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)
        # (3 unchanged attributes hidden)

      - grant {
          - id          = "fb1a0ca5601755fb8c96c5ebb2c49ac0b4ebd732d0bfbd5f55281f3c21ffd5c8" -> null
          - permissions = [
              - "FULL_CONTROL",
            ] -> null
          - type        = "CanonicalUser" -> null
        }

      - server_side_encryption_configuration {
          - rule {
              - bucket_key_enabled = false -> null

              - apply_server_side_encryption_by_default {
                  - sse_algorithm = "AES256" -> null
                }
            }
        }

      - versioning {
          - enabled    = true -> null
          - mfa_delete = false -> null
        }
    }

  # aws_s3_bucket_versioning.this must be replaced
-/+ resource "aws_s3_bucket_versioning" "this" {
      ~ bucket = "felixtftestprovider1" # forces replacement -> (known after apply) # forces replacement
      ~ id     = "felixtftestprovider1" -> (known after apply)

      ~ versioning_configuration {
          + mfa_delete = (known after apply)
            # (1 unchanged attribute hidden)
        }
    }

Plan: 2 to add, 0 to change, 2 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

可以看到输出中的提示:

​ -/+ destroy and then create replacement

之后能看到日志

aws_s3_bucket_versioning.this: Destroying... [id=felixtftestprovider1]
aws_s3_bucket_versioning.this: Destruction complete after 0s
aws_s3_bucket.felixtest: Destroying... [id=felixtftestprovider1]
aws_s3_bucket.felixtest: Destruction complete after 1s
aws_s3_bucket.felixtest: Creating...
aws_s3_bucket.felixtest: Creation complete after 0s [id=felixtftestprovider1]
aws_s3_bucket_versioning.this: Creating...
aws_s3_bucket_versioning.this: Creation complete after 1s [id=felixtftestprovider1]

Apply complete! Resources: 2 added, 0 changed, 2 destroyed.

-target=ADDRESS 选项,这个选项能够很好的用于只更新部分配置,如果tf文件中有很多内容,如果只想更新其中一个小部分的话,用这个就很方便。tf能够自动判断其依赖

-var 'NAME=VALUE' - 为在配置的根模块中声明的单个输入变量设置值。多次使用此选项可设置多个变量。有关详细信息,请参阅命令行上的输入变量。

-var-file=FILENAME - 使用“tfvars”文件中的定义,为在配置的根模块中声明的可能许多输入变量设置值。多次使用此选项可包含来自多个文件的值。

https://developer.hashicorp.com/terraform/language/values/variables#assigning-values-to-root-module-variables

更多引入变量的内容可以参考上述链接

资源定位相关参考文档:

https://developer.hashicorp.com/terraform/cli/state/resource-addressing

后续单独记录

-compact-warnings - 以仅包含摘要消息的紧凑形式显示任何警告消息,除非警告至少附带一个错误,因此警告文本可能是错误的有用上下文。

-detailed-exitcode - 命令退出时返回详细的退出代码。提供时,此参数将更改退出代码及其含义,以提供有关生成的计划包含的内容的更精细的信息:

  • 0 = 成功,但差异为空(无更改)
  • 1 = 错误
  • 2 = 成功,非空差异(存在更改)

这个有意思了,可以通过返回代码判断资源是否一致!!测试一下:

[waooo!!@terraform providertest]$ terraform plan  -detailed-exitcode
aws_s3_bucket.felixtest: Refreshing state... [id=felixtftestprovider1]
aws_s3_bucket_versioning.this: Refreshing state... [id=felixtftestprovider1]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aws_s3_bucket_versioning.this will be updated in-place
  ~ resource "aws_s3_bucket_versioning" "this" {
        id     = "felixtftestprovider1"
        # (1 unchanged attribute hidden)

      ~ versioning_configuration {
          ~ status = "Enabled" -> "Suspended"
        }
    }

Plan: 0 to add, 1 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run
"terraform apply" now.
[waooo!!@terraform providertest]$ echo $?
2
[waooo!!@terraform providertest]$ terraform plan
aws_s3_bucket.felixtest: Refreshing state... [id=felixtftestprovider1]
aws_s3_bucket_versioning.this: Refreshing state... [id=felixtftestprovider1]

Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the
following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aws_s3_bucket_versioning.this will be updated in-place
  ~ resource "aws_s3_bucket_versioning" "this" {
        id     = "felixtftestprovider1"
        # (1 unchanged attribute hidden)

      ~ versioning_configuration {
          ~ status = "Enabled" -> "Suspended"
        }
    }

Plan: 0 to add, 1 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run
"terraform apply" now.
[waooo!!@terraform providertest]$ echo $?
0

-generate-config-out 这个参数可以用于导入一个模块,很方便,在引入一个资源的时候, 官方文档通常会给出import block的写法,但是不会给出具体的资源的写法,这时候用plan加这个参数就能生成一个对应模块 很方便,测试如下:

import {
  to = aws_s3_bucket.bucket
  id = "felixselftest"
}
写一个文件,里边加这句话
[waooo!!@terraform providertest]$ terraform plan -generate-config-out=generated.tf
aws_s3_bucket.bucket: Preparing import... [id=felixselftest]
aws_s3_bucket.bucket: Refreshing state... [id=felixselftest]
aws_s3_bucket.felixtest: Refreshing state... [id=felixtftestprovider1]
aws_s3_bucket_versioning.this: Refreshing state... [id=felixtftestprovider1]

Terraform will perform the following actions:

  # aws_s3_bucket.bucket will be imported
  # (config will be generated)
    resource "aws_s3_bucket" "bucket" {
        arn                         = "arn:aws-cn:s3:::felixselftest"
        bucket                      = "felixselftest"
        bucket_domain_name          = "felixselftest.s3.amazonaws.com.cn"
        bucket_regional_domain_name = "felixselftest.s3.cn-north-1.amazonaws.com.cn"
        hosted_zone_id              = "Z5CN8UMXT92WN"
        id                          = "felixselftest"
        object_lock_enabled         = false
        policy                      = jsonencode(
            {
                Id        = "S3-Console-Auto-Gen-Policy-1701242805895"
                Statement = [
                    {
                        Action    = "s3:PutObject"
                        Condition = {
                            StringEquals = {
                                "aws:SourceAccount" = "AWS_ACCOUNT_ID"
                                "aws:SourceArn"     = "arn:aws-cn:s3:cn-north-1:AWS_ACCOUNT_ID:storage-lens/test"
                                "s3:x-amz-acl"      = "bucket-owner-full-control"
                            }
                        }
                        Effect    = "Allow"
                        Principal = {
                            Service = "storage-lens.s3.amazonaws.com"
                        }
                        Resource  = "arn:aws-cn:s3:::felixselftest/StorageLens/AWS_ACCOUNT_ID/*"
                    },
                ]
                Version   = "2012-10-17"
            }
        )
        region                      = "cn-north-1"
        request_payer               = "BucketOwner"
        tags                        = {}
        tags_all                    = {}

        grant {
            id          = "fb1a0ca5601755fb8c96c5ebb2c49ac0b4ebd732d0bfbd5f55281f3c21ffd5c8"
            permissions = [
                "FULL_CONTROL",
            ]
            type        = "CanonicalUser"
        }

        server_side_encryption_configuration {
            rule {
                bucket_key_enabled = false

                apply_server_side_encryption_by_default {
                    sse_algorithm = "AES256"
                }
            }
        }

        versioning {
            enabled    = false
            mfa_delete = false
        }
    }

Plan: 1 to import, 0 to add, 0 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run
"terraform apply" now.
[waooo!!@terraform providertest]$ cat generated.tf
# __generated__ by Terraform
# Please review these resources and move them into your main configuration files.

# __generated__ by Terraform from "felixselftest"
resource "aws_s3_bucket" "bucket" {
  bucket              = "felixselftest"
  bucket_prefix       = null
  force_destroy       = null
  object_lock_enabled = false
  tags                = {}
  tags_all            = {}
}
[waooo!!@terraform providertest]$ terraform plan
aws_s3_bucket.bucket: Preparing import... [id=felixselftest]
aws_s3_bucket.bucket: Refreshing state... [id=felixselftest]
aws_s3_bucket.felixtest: Refreshing state... [id=felixtftestprovider1]
aws_s3_bucket_versioning.this: Refreshing state... [id=felixtftestprovider1]

Terraform will perform the following actions:

  # aws_s3_bucket.bucket will be imported
    resource "aws_s3_bucket" "bucket" {
        arn                         = "arn:aws-cn:s3:::felixselftest"
        bucket                      = "felixselftest"
        bucket_domain_name          = "felixselftest.s3.amazonaws.com.cn"
        bucket_regional_domain_name = "felixselftest.s3.cn-north-1.amazonaws.com.cn"
        hosted_zone_id              = "Z5CN8UMXT92WN"
        id                          = "felixselftest"
        object_lock_enabled         = false
        policy                      = jsonencode(
            {
                Id        = "S3-Console-Auto-Gen-Policy-1701242805895"
                Statement = [
                    {
                        Action    = "s3:PutObject"
                        Condition = {
                            StringEquals = {
                                "aws:SourceAccount" = "AWS_ACCOUNT_ID"
                                "aws:SourceArn"     = "arn:aws-cn:s3:cn-north-1:AWS_ACCOUNT_ID:storage-lens/test"
                                "s3:x-amz-acl"      = "bucket-owner-full-control"
                            }
                        }
                        Effect    = "Allow"
                        Principal = {
                            Service = "storage-lens.s3.amazonaws.com"
                        }
                        Resource  = "arn:aws-cn:s3:::felixselftest/StorageLens/AWS_ACCOUNT_ID/*"
                    },
                ]
                Version   = "2012-10-17"
            }
        )
        region                      = "cn-north-1"
        request_payer               = "BucketOwner"
        tags                        = {}
        tags_all                    = {}

        grant {
            id          = "fb1a0ca5601755fb8c96c5ebb2c49ac0b4ebd732d0bfbd5f55281f3c21ffd5c8"
            permissions = [
                "FULL_CONTROL",
            ]
            type        = "CanonicalUser"
        }

        server_side_encryption_configuration {
            rule {
                bucket_key_enabled = false

                apply_server_side_encryption_by_default {
                    sse_algorithm = "AES256"
                }
            }
        }

        versioning {
            enabled    = false
            mfa_delete = false
        }
    }

Plan: 1 to import, 0 to add, 0 to change, 0 to destroy.

─────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────

Note: You didn't use the -out option to save this plan, so Terraform can't guarantee to take exactly these actions if you run
"terraform apply" now.
[waooo!!@terraform providertest]$ terraform apply
aws_s3_bucket.bucket: Preparing import... [id=felixselftest]
aws_s3_bucket.bucket: Refreshing state... [id=felixselftest]
aws_s3_bucket.felixtest: Refreshing state... [id=felixtftestprovider1]
aws_s3_bucket_versioning.this: Refreshing state... [id=felixtftestprovider1]

Terraform will perform the following actions:

  # aws_s3_bucket.bucket will be imported
    resource "aws_s3_bucket" "bucket" {
        arn                         = "arn:aws-cn:s3:::felixselftest"
        bucket                      = "felixselftest"
        bucket_domain_name          = "felixselftest.s3.amazonaws.com.cn"
        bucket_regional_domain_name = "felixselftest.s3.cn-north-1.amazonaws.com.cn"
        hosted_zone_id              = "Z5CN8UMXT92WN"
        id                          = "felixselftest"
        object_lock_enabled         = false
        policy                      = jsonencode(
            {
                Id        = "S3-Console-Auto-Gen-Policy-1701242805895"
                Statement = [
                    {
                        Action    = "s3:PutObject"
                        Condition = {
                            StringEquals = {
                                "aws:SourceAccount" = "AWS_ACCOUNT_ID"
                                "aws:SourceArn"     = "arn:aws-cn:s3:cn-north-1:AWS_ACCOUNT_ID:storage-lens/test"
                                "s3:x-amz-acl"      = "bucket-owner-full-control"
                            }
                        }
                        Effect    = "Allow"
                        Principal = {
                            Service = "storage-lens.s3.amazonaws.com"
                        }
                        Resource  = "arn:aws-cn:s3:::felixselftest/StorageLens/AWS_ACCOUNT_ID/*"
                    },
                ]
                Version   = "2012-10-17"
            }
        )
        region                      = "cn-north-1"
        request_payer               = "BucketOwner"
        tags                        = {}
        tags_all                    = {}

        grant {
            id          = "fb1a0ca5601755fb8c96c5ebb2c49ac0b4ebd732d0bfbd5f55281f3c21ffd5c8"
            permissions = [
                "FULL_CONTROL",
            ]
            type        = "CanonicalUser"
        }

        server_side_encryption_configuration {
            rule {
                bucket_key_enabled = false

                apply_server_side_encryption_by_default {
                    sse_algorithm = "AES256"
                }
            }
        }

        versioning {
            enabled    = false
            mfa_delete = false
        }
    }

Plan: 1 to import, 0 to add, 0 to change, 0 to destroy.

Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

aws_s3_bucket.bucket: Importing... [id=felixselftest]
aws_s3_bucket.bucket: Import complete [id=felixselftest]

Apply complete! Resources: 1 imported, 0 added, 0 changed, 0 destroyed.

-input=false - 禁用 Terraform 的默认提示输入变量

-lock=false - 在操作过程中不要保持状态锁定。如果其他人可能同时对同一工作区运行命令,则这很危险。

-lock-timeout=DURATION - 除非使用 -lock=false 禁用锁定,否则指示 Terraform 在返回错误之前重试获取锁定一段时间。持续时间语法是一个数字,后跟一个时间单位字母,例如“3s”表示三秒。

-out=FILENAME - 将生成的计划以不透明的文件格式写入给定的文件名,稍后可以传递到 terraform apply 该文件名以执行计划的更改,以及一些其他可用于保存的计划文件的 Terraform 命令。

Terraform 将允许计划文件的任何文件名,但典型的约定是将其 tfplan 命名为 。不要使用 Terraform 识别为其他文件格式的后缀命名文件;如果使用 .tf 后缀,则 Terraform 将尝试将文件解释为配置文件源文件,这将导致后续命令出现语法错误。

apply 命令

当您在不传递已保存的计划文件的情况下运行 terraform apply 时,Terraform 会自动创建一个新的执行计划,就像您已经运行 terraform plan 一样,提示您批准该计划,并执行指示的操作。可以使用所有计划模式和计划选项来自定义 Terraform 创建计划的方式。

可以传递 -auto-approve 选项以指示 Terraform 应用计划,而无需请求确认。

将保存的计划文件传递给 terraform apply 时,Terraform 会在不提示您确认的情况下执行已保存计划中的操作。在自动化中运行 Terraform 时,可能需要使用此两步工作流。

terraform show 在应用已保存的计划文件之前对其进行检查。

terraform show tfplan

Plan Options

不用plan得情况下,可以使用 -destroy 和-refresh-only 这两个参数,后者会创建一个更新state文件得plan

apply 选项

-auto-approve - 在申请之前跳过计划的交互式批准。传递以前保存的计划文件时,将忽略此选项,因为 Terraform 会将计划文件视为审批,因此在这种情况下永远不会提示。

-compact-warnings - 以仅包含摘要消息的紧凑形式显示任何警告消息,除非警告至少附带一个错误,因此警告文本可能是错误的有用上下文。

-input=false - 禁用 Terraform 的所有交互式提示。请注意,这也会阻止 Terraform 提示对计划进行交互式批准,因此 Terraform 会保守地假设您不希望应用该计划,从而导致操作失败。

-json - 启用机器可读的 JSON UI 输出。这选项包含着 -input=false ,因此配置必须没有未分配的变量值才能继续。若要启用此标志,还必须启用该 -auto-approve 标志或指定以前保存的计划。

-lock=false - 在操作过程中不要保持状态锁定。如果其他人可能同时对同一工作区运行命令,则这很危险。

-lock-timeout=DURATION - 除非使用 -lock=false 禁用锁定,否则指示 Terraform 在返回错误之前重试获取锁定一段时间。持续时间语法是一个数字,后跟一个时间单位字母,例如“3s”表示三秒。

对于仅使用 local 后端的配置, terraform apply 还接受旧选项 -state-state-out-backup

-chdir 全局选项,该选项适用于所有命令,并使 Terraform 在给定目录中一致地查找它通常在当前工作目录中读取或写入的所有文件。

destroy命令

terraform destroy 命令是销毁由特定 Terraform 配置管理的所有远程对象的便捷方法。

此命令只是以下命令的方便别名:
terraform apply -destroy
因此,此命令接受大多数 `terraform apply` 接受的选项,尽管它不接受plan参数并强制选择“销毁”计划模式。

您还可以通过运行以下命令创建推测销毁计划,以查看销毁的效果:

terraform plan -destroy

标签:Terraform,s3,bucket,aws,terraform,基础架构,plan,id
From: https://blog.csdn.net/weizanbin1439/article/details/136943730

相关文章

  • Terraform小知识-字符串拼接
    在Terraform中,可以使用字符串插值来将多个字符串拼接在一起。字符串插值使用${}语法,其中包含要插入的表达式或变量名。使用字符串插值可以将变量的值动态地插入到字符串中,从而构建一个完整的字符串。例如,假设我们有两个变量name和region,我们想要创建一个AWSS3存......
  • Eplan插件 - 修改全局栅格
    前言在工作中,经常使用到窗口宏,尤其是在驱动器比较多的时候,可能一连几十页都是伺服驱动器,但是由于窗口宏是从其他地方获取而来。而窗口宏的制作者使用了过大或过小的栅格就会出现画图连接不齐的情况,那么就需要手动修改栅格的大小。在Eplan中默认修改的是当前页面的栅格。在页数很......
  • Editing Factual Knowledge and Explanatory Ability of Medical Large Language Mode
    本文是LLM系列文章,针对《EditingFactualKnowledgeandExplanatoryAbilityofMedicalLargeLanguageModels》的翻译。医学大语言模型的编辑事实知识与解释能力摘要1引言2相关工作3方法4实验5结论6局限性摘要模型编辑旨在精确地修改大型语言模型......
  • perl 用 XML::LibXML DOM 解析 Freeplane.mm文件,生成测试用例.csv文件
    Freeplane是一款基于Java的开源软件,继承Freemind的思维导图工具软件,它扩展了知识管理功能,在Freemind上增加了一些额外的功能,比如数学公式、节点属性面板等。在云计算中,解析XML元素和属性是一种常见的操作,因为XML是一种常见的数据交换格式,可以用来表示各种不同的数据结......
  • terraform小知识 - 如何取消掉环境变量中设置的身份凭证.md
    terraform小知识-如何取消掉环境变量中设置的身份凭证.md文章目录terraform小知识-如何取消掉环境变量中设置的身份凭证.md需求测试总结需求目前通过环境变量配置了aws的身份凭证,如果直接执行terraform命令,则会调用该身份,但是直接unset取消环境变量又会影响同......
  • 搭建项目前端系统基础架构
    Vue是什么Vue 是一套用于构建用户界面的渐进式框架。与其它大型框架不同的是,Vue 被设计为可以自底向上逐层应用。Vue 的核心库只关注视图层,不仅易于上手,还便于与第三方库或既有项目整合。目前市面上有很多基于Vue重新封装的各种前端UI框架,集成比较容易,如Element,iView等,另外......
  • Doremy's Drying Plan (Hard Version)
    我们先来看看简单版本的想法,非常具有启发性大致的思路见这篇文章下面是对这篇文章具体操作的阐释我们先将所有区间按照左端点单调递增排序,并统计每一个区间中\(c_i=1\)的个数(这个直接用前缀和就好了,设\(sum[i][j]\)表示前\(i\)个数中\(c_k=j\)的个数),枚举其中一个区间(设为\([l,r......
  • Doremy's Connecting Plan
    这道题目。。哎首先,我们对两个连通块进行连边的时候,肯定是选择编号最小的点进行连边,所以下文的\(i,j\)都指代编号最小的\(i,j\)然后我们就没有其他思路了。。但其实样例一的解释给了我们一种猜想:最终的图一定可以长成以\(1\)号点为中心的菊花图要达到这一点,我们肯定是尝试构造......
  • [20240313]toad gather_plan_statistics执行计划相关问题.txt
    [20240313]toadgather_plan_statistics执行计划相关问题.txt--//自己现在已经很少使用toad,使用也是作为辅助功能,毕竟图形界面能更快的操作显示信息.--//昨天遇到一个问题,自己当时没有反映过来,浪费点时间,做一个记录避免以后再次犯浑.--//我一般在toad的sql编辑界面下尽可能看......
  • IDEA - .puml文件是什么?PlantUML基础使用教程
    .puml文件是什么?是根据PlantUML插件生成的一个类图格式。如果需要查看,也必须在插件的帮助下,查看类图 PlantUML基础使用教程一、下载idea插件idea从FIle-->Settings-->Plugins-->Marketplace进入到插件下载界面,搜索PlantUML,点击"install"下载最上面的两个插件PlantUMLInte......