Amazon web services Ec2实例已在每个应用程序上取消批准和创建_Amazon Web Services_Amazon Ec2_Terraform_Terraform Provider Aws

Amazon web services Ec2实例已在每个应用程序上取消批准和创建

amazon-web-services amazon-ec2 terraform

Amazon web services Ec2实例已在每个应用程序上取消批准和创建,amazon-web-services,amazon-ec2,terraform,terraform-provider-aws,Amazon Web Services,Amazon Ec2,Terraform,Terraform Provider Aws,我使用Terraform在AWS中管理我的Infra，我使用Terraform启动了一个bastion实例。我的问题是，每次我做一个地形计划时，地形告诉我，它将摧毁并重建堡垒实例，而地形应用会这样做这是我的密码 resource "aws_instance" "bastion" { ami = var.ami_id instance_type = "t2.micro" key_name = var.key_name m

我使用Terraform在AWS中管理我的Infra，我使用Terraform启动了一个bastion实例。我的问题是，每次我做一个地形计划时，地形告诉我，它将摧毁并重建堡垒实例，而地形应用会这样做

这是我的密码

resource "aws_instance" "bastion" {
  ami = var.ami_id
  instance_type = "t2.micro"
  key_name = var.key_name
  monitoring = false
  vpc_security_group_ids = [aws_security_group.`bastion_sg`.id]
  subnet_id = var.subnet_id_private
  iam_instance_profile = aws_iam_instance_profile.instance_profile.name
  user_data = data.template_file.script.rendered

   tags = merge(
    {
      "Name" = local.name_prefix
    },
    var.default_tags,
  )

  ebs_block_device {
    device_name = "/dev/sda1"
    volume_size = 8
    volume_type = "gp2"
    delete_on_termination = true

  }
  
}

这是计划输出的结果

  # module.bastion.aws_instance.bastion must be replaced
-/+ resource "aws_instance" "bastion" {
      ~ arn                          = "arn:aws:ec2:xx-xxxx-x:xxxxx:instance/i-xxxxxxxxxxxxxx" -> (known after apply)
      ~ associate_public_ip_address  = false -> (known after apply)
      ~ availability_zone            = "xx-xxxx-xx" -> (known after apply)
      ~ cpu_core_count               = 1 -> (known after apply)
      ~ cpu_threads_per_core         = 1 -> (known after apply)
      - disable_api_termination      = false -> null
      - ebs_optimized                = false -> null
      - hibernation                  = false -> null
      + host_id                      = (known after apply)
      ~ id                           = "i-xxxxxxxxxxxxxx" -> (known after apply)
      ~ instance_state               = "running" -> (known after apply)
      ~ ipv6_address_count           = 0 -> (known after apply)
      ~ ipv6_addresses               = [] -> (known after apply)
      + outpost_arn                  = (known after apply)
      + password_data                = (known after apply)
      + placement_group              = (known after apply)
      ~ primary_network_interface_id = "eni-xxxxxxxxxxxxxx" -> (known after apply)
      ~ private_dns                  = "ip-xx-xxx-xxx-xxxxx.xx-xxxx-x.compute.internal" -> (known after apply)
      ~ private_ip                   = "xx.xxx.x.xx" -> (known after apply)
      + public_dns                   = (known after apply)
      + public_ip                    = (known after apply)
      ~ secondary_private_ips        = [] -> (known after apply)
      ~ security_groups              = [] -> (known after apply)
      ~ tenancy                      = "default" -> (known after apply)
        # (10 unchanged attributes hidden)

      - credit_specification {
          - cpu_credits = "standard" -> null
        }

      + ebs_block_device { # forces replacement
          + delete_on_termination = true
          + device_name           = "/dev/sda1"
          + encrypted             = (known after apply)
          + iops                  = (known after apply)
          + kms_key_id            = (known after apply)
          + snapshot_id           = (known after apply)
          + throughput            = (known after apply)
          + volume_id             = (known after apply)
          + volume_size           = 8
          + volume_type           = "gp2"
        }
      - ebs_block_device { # forces replacement
          - delete_on_termination = true -> null
          - device_name           = "/dev/sda1" -> null
          - encrypted             = false -> null
          - iops                  = 100 -> null
          - snapshot_id           = "snap-xxxxxxxxxxxxxx" -> null
          - tags                  = {} -> null
          - throughput            = 0 -> null
          - volume_id             = "vol-xxxxxxxxxxxxxx" -> null
          - volume_size           = 8 -> null
          - volume_type           = "gp2" -> null
        }

      ~ enclave_options {
          ~ enabled = false -> (known after apply)
        }

      + ephemeral_block_device {
          + device_name  = (known after apply)
          + no_device    = (known after apply)
          + virtual_name = (known after apply)
        }

      ~ metadata_options {
          ~ http_endpoint               = "enabled" -> (known after apply)
          ~ http_put_response_hop_limit = 1 -> (known after apply)
          ~ http_tokens                 = "optional" -> (known after apply)
        }

      + network_interface {
          + delete_on_termination = (known after apply)
          + device_index          = (known after apply)
          + network_interface_id  = (known after apply)
        }

      ~ root_block_device {
          ~ delete_on_termination = true -> (known after apply)
          ~ device_name           = "/dev/sda1" -> (known after apply)
          ~ encrypted             = false -> (known after apply)
          ~ iops                  = 100 -> (known after apply)
          + kms_key_id            = (known after apply)
          ~ tags                  = {} -> (known after apply)
          ~ throughput            = 0 -> (known after apply)
          ~ volume_id             = "vol-xxxxxxxxxxxxxx" -> (known after apply)
          ~ volume_size           = 8 -> (known after apply)
          ~ volume_type           = "gp2" -> (known after apply)
        }
    }

因此，导致更换的是EBS卷

最可能的原因是它无法连接到

/dev/sda1

，因此当Terraform查看计划时，它会发现其磁盘不在sda1上，并决定需要更换实例

您需要在实例运行时确认这一点，以查看卷已连接到的位置（可以在实例上或控制台中）

根卷可能已连接到sda1，并将您的卷推到其他位置

如果是这种情况，那么您需要更改此卷的装载点，或者如果您打算将此卷作为根卷，则使用

根块设备
您能否共享地形平面图
输出，因为这将说明导致更换的原因。谢谢@apr\u 1985