amazon-web-services - Terraform 不同步

Question

我有一个问题，我的 terraform 与部署的不一样，但我不知道为什么。根据我的 git 历史记录，管理 Cognito 用户池的文件自部署以来没有发生变化，但 terraform 认为它发生了变化，并提示需要更改以强制使用新资源。

terraform 版本:0.11.7

AWS 提供商版本:1.14.1

我的 Terraform 代码:

resource "aws_cognito_user_pool" "my_app" {
  name                          = "My App Pool"

  /* Fields that can work as aliases */
  alias_attributes              = [
    "email"
  ]

  /* Auto-verify these fields */
  auto_verified_attributes      = [
    "email"
  ]

  /* This is the template used to verify addresses / accounts */
  verification_message_template {
    default_email_option        = "CONFIRM_WITH_CODE"
  }

  admin_create_user_config {
    allow_admin_create_user_only = false
    invite_message_template {
      email_message             = <<EOF    
  {####}
  EOF

      email_subject             = "MyApp"
      sms_message               = "Welcome to MyApp.  Your username: {username} and password: {####}  Thank you!"
    }
  }

  email_verification_subject    = "MyApp's Confirmation Code"
  email_verification_message    = "Your confirmation code: {####}   Thank you."

password_policy {
    minimum_length              = 8
    require_lowercase           = true
    require_numbers             = true
    require_symbols             = true
    require_uppercase           = true
}

  schema {
    attribute_data_type         = "String"
    developer_only_attribute    = false
    mutable                     = true
    name                        = "email"
    required                    = true
  }

  schema {
    attribute_data_type         = "String"
    developer_only_attribute    = false
    mutable                     = true
    name                        = "custom1"
    required                    = false
  }

  schema {
    attribute_data_type         = "String"
    developer_only_attribute    = false
    mutable                     = true
    name                        = "custom2"
    required                    = false
  }

  tags {
    "name"                      = "MyApp"
    "Project"                   = "Terraform"
  }
}

我得到以下结果:

  schema.3021841581.attribute_data_type:                              "String" => "" (forces new resource)
  schema.3021841581.developer_only_attribute:                         "false" => "false"
  schema.3021841581.mutable:                                          "true" => "false" (forces new resource)
  schema.3021841581.name:                                             "custom1" => "" (forces new resource)
  schema.3021841581.number_attribute_constraints.#:                   "0" => "0"
  schema.3021841581.required:                                         "false" => "false"
  schema.3021841581.string_attribute_constraints.#:                   "1" => "0" (forces new resource)
  schema.3021841581.string_attribute_constraints.0.max_length:        "" => ""
  schema.3021841581.string_attribute_constraints.0.min_length:        "" => ""

我试过 terraform refresh 但没有成功。

通过执行 terraform state show 显示状态中的内容

 schema.3021841581.attribute_data_type                              = String
 schema.3021841581.developer_only_attribute                         = false
 schema.3021841581.mutable                                          = true
 schema.3021841581.name                                             = custom1
 schema.3021841581.number_attribute_constraints.#                   = 0
 schema.3021841581.required                                         = false
 schema.3021841581.string_attribute_constraints.#                   = 1

所以，我的问题:

1. 我知道这可能并不理想，但有什么方法可以忽略或跳过 Cognito？我不想更改该服务的任何内容，并且为了我们的用户需要保护它。

2. 有什么方法可以弄清楚为什么它认为存在差异并在不破坏我的池的情况下解决它？

Answer 1

1. 您可以在计划/应用操作中使用选项 -target。你应该在这里传递你想要更新/创建的资源。 Terraform 将限制对该资源的操作。如果您有依赖关系或者您打算更新/创建多个资源，您可以根据需要多次使用该选项。
2. 如果由于某种原因它不同步，也许您可​​以针对有问题的资源使用 terraform import 命令。这将尝试引入您已部署的当前配置，但这种方法有一些局限性，并非所有内容都已导入。