为什么 Terraform 要销毁这个导入的 aws_organizations_organizational_unit？

Question

我们正在尝试使用 Terraform v1.0.9 和 aws provider v3.64.2 为最近部署的 AWS 组织资源构建状态文件。

aws_organizations_organization 已更正为使用 terraform import aws_organizations_organization.my_organisation [id] 导入。 Terraform 不想在导入后破坏组织。

但是，当单元被导入 - AWS_DEFAULT_REGION=eu-west-2 terraform import -config=tf/units/infrastructure -var 'organisation_root=[id]' aws_organizations_organizational_unit.my-ou-infrastructure ou-abc0-ab0cdefg 时，它似乎导入成功，但在 terraform plan 上，它想要销毁 OU 并重新创建它。

# aws_organizations_organizational_unit.my-ou-infrastructure will be destroyed
- resource "aws_organizations_organizational_unit" "my-ou-infrastructure" {
    - accounts  = [] -> null
    - arn       = "arn:aws:organizations::000000000000:ou/o-xxxxx/ou-xxxx-xxxxxx" -> null
    - id        = "ou-xxxx-xxxxxx" -> null
    - name      = "name" -> null
    - parent_id = "id" -> null
    - tags      = {} -> null
  }

...

# module.my_organisation_units.module.my_organisation_unit_infrastructure.aws_organizations_organizational_unit.my-ou-infrastructure will be created
  + resource "aws_organizations_organizational_unit" "my-ou-infrastructure" {
      + accounts  = (known after apply)
      + arn       = (known after apply)
      + id        = (known after apply)
      + name      = "name"
      + parent_id = "id"
    }

...

Plan: 31 to add, 0 to change, 1 to destroy.

这应该发生吗？从文档来看，导入 OU 看起来非常简单。

Answer 1

我们需要将资源作为模块导入terraform import module.my_organisation_units.module.my_organisation_unit_infrastructure.aws_organizations_organizational_unit.my-ou-infrastructure ou-abc0-ab0cdefg。