24
4
I have a terraform script that creates a lambda function in a VPC. Because the lambda is deployed to a VPC it creates an ENI and associates it with my security group. However, when I go to change that security group (destroy) it fails due to a timeout of the ENI being in use.
我有一个在VPC中创建lambda函数的terraform脚本。因为lambda部署到私有网络,所以它会创建一个弹性网卡,并将其关联到我的安全组。但是,当我去更换安全组(销毁)时,由于弹性网卡正在使用超时而失败。
What I assume is happening is that Terraform is recognising that the ENI is dependent on the security group but isn't recognising that the lambda function is dependent on the ENI and therefore is not trying to delete the lambda function before trying to delete the ENI.
我假设发生的情况是,Terraform正在认识到网卡依赖于安全组,但没有认识到lambda函数依赖于网卡,因此在尝试删除网卡之前没有尝试删除lambda函数。
The desired outcome would be the ability to change the security group's name and description without having to manually delete the lambda function and ENIs.
期望的结果将是能够更改安全组的名称和描述,而不必手动删除lambda函数和eni。
I have tried creating various 'depends_on' and also settings a lifecycle for the lambda function to be destroyed on changes to the security group but neither has worked. I am using version 1.3.3 of Terraform and version 4.37.0 of the AWS provider.
我尝试创建各种‘Dependent_on’,并为lambda函数设置生命周期,使其在安全组发生变化时被销毁,但这两种方法都不起作用。我使用的是1.3.3版的Terraform和4.37.0版的AWS提供程序。
Error: deleting ENIs using Security Group (sg-01ba40a4b03c5ddd2): 2 errors occurred:
waiting for Lambda ENI (eni-02cd7771540d50f8e) to become available for
detachment: timeout while waiting for state to become 'available'
(last state: 'in-use', timeout: 45m0s)
waiting for Lambda ENI (eni-030c34234a51be116) to become available for
detachment: timeout while waiting for state to become 'available'
(last state: 'in-use', timeout: 45m0s)
个人中心
文章发布
退出# ----------------------------------------------------------------------
# Security group
# ----------------------------------------------------------------------
resource "aws_security_group" "public" {
name = "test-sg"
vpc_id = var.vpc_id
description = "Security group for the lambda functions." # I cant modify this
}
# ----------------------------------------------------------------------
# Lambda Function
# ----------------------------------------------------------------------
resource "aws_lambda_function" "lambda_function" {
function_name = var.name
handler = var.handler
description = var.description
runtime = var.runtime
package_type = "Zip"
filename = var.file_path
source_code_hash = filebase64sha256(var.file_path)
role = aws_iam_role.lambda_execution_role.arn
timeout = 30
memory_size = var.memory_size
vpc_config {
subnet_ids = var.subnet_ids
security_group_ids = [aws_security_group.public.id]
}
}
Thanks.
谢谢。
Take a look here: github.com/hashicorp/terraform-provider-aws/issues/10329.
看看这里:github.com/hashicorp/terraform-provider-aws/issues/10329.
Hi, I've had a look at that resource but in their discussions, they're talking about the ENIs not deleting after the lambda delete call. However, in my example, the lambda function delete call never happens. This is further backed up by the fact I can destroy the whole infrastructure perfectly well, but I am failing to update the individual resource.
嗨,我已经看过该资源了,但在他们的讨论中,他们谈论的是在lambda删除调用之后Eni没有删除。然而,在我的示例中,lambda函数的删除调用从未发生过。我可以很好地销毁整个基础设施,但我无法更新个别资源,这进一步支持了这一点。
Terraform has lots of long-standing issues with attempting to delete security groups before everything using that security group is deleted. It's a known problem with several issues being tracked, like the one linked above. I've just resigned myself to deleting security groups manually when needed.
TerraForm在删除使用该安全组的所有内容之前尝试删除安全组有很多长期存在的问题。这是一个已知的问题,有几个问题正在被跟踪,就像上面链接的那个。我刚刚接受了在需要时手动删除安全组的做法。
The problem isn't with deleting the security per se, it recognises that the ENI is dependent on it and must be destroyed first. However, it's failing to recognise that the lambda function must be deleted before the ENI can be deleted thus allowing the security group to be destroyed.
问题不是删除安全本身,它认识到弹性网卡依赖于它,必须首先摧毁它。然而,它没有认识到,必须先删除lambda函数,然后才能删除弹性网卡,从而允许销毁安全组。
Does the SG get deleted then?
那么SG会被删除吗?
One discovery that helped our org after we encountered a similar issue was that older Lambda versions might hold a reference to the security group (and corresponding ENI) that you wish to delete.
在我们遇到类似问题后,帮助我们组织的一个发现是,较早的Lambda版本可能包含对您希望删除的安全组(和对应的弹性网卡)的引用。
To solve the issue, we had to delete any Lambda version that referenced the security group value before we could delete the security group.
要解决该问题,我们必须先删除引用安全组值的任何Lambda版本,然后才能删除该安全组。
i've run across this as well. it is, as you know, quite frustrating.
我也遇到过这种情况。如你所知,这是相当令人沮丧的。
my workaround (not ideal by any means) is to edit each eni using the aws console to change the security group assigned (add any random security group and delete the offending security group). when the next terraform apply is executed, the security group can be replaced, the eni/nic will be updated and everything is reset.
我的解决办法(无论如何都不理想)是使用AWS控制台编辑每个弹性网卡,以更改分配的安全组(添加任何随机安全组并删除违规的安全组)。当执行下一个Terraform Apply时,可以替换安全组,更新网卡/网卡并重置所有内容。
24
4
0
可以使用 lambda 和函数创建有序对(Lisp 中的缺点),如 Use of lambda for cons/car/cdr definition in SICP 所示。 它也适用于 Python
我正在尝试从另一个调用一个 AWS lambda 并执行 lambda 链接。这样做的理由是 AWS 不提供来自同一个 S3 存储桶的多个触发器。 我创建了一个带有 s3 触发器的 lambda。第一
根据以下源代码,常规 lambda 似乎可以与扩展 lambda 互换。 fun main(args: Array) { val numbers = listOf(1, 2, 3) f
A Tutorial Introduction to the Lambda Calculus 本文介绍乘法函数 The multiplication of two numbers x and y ca
我想弄清楚如何为下面的表达式绘制语法树。首先,这究竟是如何表现的?看样子是以1和2为参数,如果n是 0,它只会返回 m . 另外,有人可以指出解析树的开始,还是一个例子?我一直找不到一个。 最佳答案
在 C++0x 中,我想知道 lambda 函数的类型是什么。具体来说: #include type1 foo(int x){ return [x](int y)->int{return x * y
我在其中一个职位发布中看到了这个问题,它询问什么是 lambda 函数以及它与高阶函数的关系。我已经知道如何使用 lambda 函数,但不太自信地解释它,所以我做了一点谷歌搜索,发现了这个:What
很难说出这里问的是什么。这个问题是含糊的、模糊的、不完整的、过于宽泛的或修辞性的,无法以目前的形式得到合理的回答。如需帮助澄清此问题以便重新打开它,visit the help center 。 已关
Evaluate (((lambda(x y) (lambda (x) (* x y))) 5 6) 10) in Scheme. 我不知道实际上该怎么做! ((lambda (x y) (+ x x
我正在处理 MyCustomType 的实例集合如下: fun runAll(vararg commands: MyCustomType){ commands.forEach { it.myM
Brian 在他对问题 "Are side effects a good thing?" 的论证中的前提很有趣: computers are von-Neumann machines that are
在 Common Lisp 中,如果我希望两个函数共享状态,我将按如下方式执行 let over lambda: (let ((state 1)) (defun inc-state () (in
Evaluate (((lambda(x y) (lambda (x) (* x y))) 5 6) 10) in Scheme. 我不知道实际上该怎么做! ((lambda (x y) (+ x x
作为lambda calculus wiki说: There are several possible ways to define the natural numbers in lambda cal
我有一个数据类,我需要初始化一些 List .我需要获取 JsonArray 的值(我使用的是 Gson)。 我做了这个函数: private fun arrayToList(data: JsonAr
((lambda () )) 的方案中是否有简写 例如,代替 ((lambda () (define x 1) (display x))) 我希望能够做类似的事情 (empty-lam
我在 Java library 中有以下方法: public void setColumnComparator(final int columnIndex, final Comparator colu
我正在研究一个函数来计算国际象棋游戏中棋子的有效移动。 white-pawn-move 函数有效。当我试图将其概括为任一玩家的棋子 (pawn-move) 时,我遇到了非法函数调用。我已经在 repl
考虑这段代码(在 GCC 和 MSVC 上编译): int main() { auto foo = [](auto p){ typedef decltype(p) p_t;
我正在阅读一个在 lambda 内部使用 lambda 的片段,然后我想通过创建一个虚拟函数来测试它,该函数从文件中读取然后返回最大和最小数字。 这是我想出来的 dummy = lambda path
我是一名优秀的程序员,十分优秀!