如何将现有资源导入 terraform答案

【问题标题】：How can I import an existing resource already into terraform如何将现有资源导入 terraform
【发布时间】：2020-01-23 01:03:24
【问题描述】：

我正在使用 Terraform v0.12.6 来管理 AWS 基础设施。将配置部署到 AWS 时出现此错误。我知道我需要导入现有资源，但我不知道我应该使用的参数 ID。

Error: Error creating Security Group: InvalidGroup.Duplicate: The security group 'SecuritySearchElasticSearchencr' already exists for VPC 'vpc-0cce833ea304b0215'
    status code: 400, request id: c3bef103-023a-4d6f-888b-bcb8d024eff8

  on deploy/infra/modules/elasticsearch/security-groups.tf line 1, in resource "aws_security_group" "es":
   1: resource "aws_security_group" "es" {

当我运行terraform import aws_security_group.es vpc-0cce833ea304b0215 时出现此错误：

Error: resource address "aws_security_group.es" does not exist in the configuration.

Before importing this resource, please create its configuration in the root module. For example:

resource "aws_security_group" "es" {
  # (resource arguments)
}

我也尝试过导入安全组ID，但还是同样的错误：

#terraform import aws_security_group.es sg-0227291ba8162542d

Error: resource address "aws_security_group.es" does not exist in the configuration.

Before importing this resource, please create its configuration in the root module. For example:

resource "aws_security_group" "es" {
  # (resource arguments)
}

当我运行terraform plan 时，我得到了：

 + resource "aws_security_group" "es" {
      + arn                    = (known after apply)
      + description            = "Allow HTTPS inbound traffic"
      + egress                 = [
          + {
              + cidr_blocks      = [
                  + "0.0.0.0/0",
                ]
              + description      = ""
              + from_port        = 0
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "-1"
              + security_groups  = []
              + self             = false
              + to_port          = 0
            },
        ]
      + id                     = (known after apply)
      + ingress                = [
          + {
              + cidr_blocks      = []
              + description      = ""
              + from_port        = 443
              + ipv6_cidr_blocks = []
              + prefix_list_ids  = []
              + protocol         = "tcp"
              + security_groups  = [
                  + "sg-08e48ea67d2f8ebd6",
                  + "sg-0bdc3d7ce660183d8",
                ]
              + self             = false
              + to_port          = 443
            },
        ]
      + name                   = "SecuritySearchElasticSearchencr"
      + owner_id               = (known after apply)
      + revoke_rules_on_delete = false
      + tags                   = {
          + "Application"            = "Security Search"
          + "Client"                 = "IRESS"
          + "DataClassification"     = "NoData"
          + "Name"                   = "Security Search ElasticSearch"
          + "Owner"                  = "platform"
          + "Product"                = "SharedServices"
          + "Schedule"               = "False"
          + "Service"                = "Elastic Search Cluster"
          + "TaggingStandardVersion" = "3"
        }
      + vpc_id                 = "vpc-0cce833ea304b0215"
    }

我想知道应该使用什么命令来导入现有资源？

【问题讨论】：

标签： amazon-web-services terraform

【解决方案1】：

可以使用安全组 ID 导入安全组，而您使用 VPC ID 导入。

如果您获取 SecuritySearchElasticSearchencr 的 ID 并将其传递给 terraform import 命令，它应该可以工作。

 terraform import aws_security_group.es sg-xxxxxx

【讨论】：

它似乎也不起作用，我已经更新了我的帖子以包含此命令的错误。
您的 terraform 脚本是否真的定义了一个安全组调用“es”？这必须存在于您的 terraform 脚本中，以便 terraform 能够将现有资源的状态导入到状态文件中。
请注意，这会将现有资源置于 terraform 脚本的控制之下。如果这不是您想要的（它在其他地方进行管理），那么您可能希望在脚本中将其定义为 数据源，这样您就可以在不管理它的情况下访问它的属性terraform.io/docs/providers/aws/d/security_group.html