地图资源的 Terraform 导入

Question

我有一个标识现有 s3 存储桶的映射变量：

resource "aws_s3_bucket" "bucket" {
  for_each = var.s3_replication
  bucket   = each.value.source
  #other configuration
}

variable "s3_replication" {
  description = "Map of buckets to replicate"
  type        = map
  default = {
    logs = {
      source = "logs_bucket",
      destination = "central_logs_bucket"
    },
    security = {
      source = "cloudtrail_bucket",
      destination = "central_security_bucket"
    }
  }
}

由于这些存储桶已经存在，我正在尝试导入它们，然后将配置应用到它们以更新资源。不幸的是，我无法弄清楚如何对这些进行 terraform 导入。我试过了：

terraform import aws_s3_bucket.bucket["logs"] logs_bucket
terraform import aws_s3_bucket.bucket[logs] logs_bucket
terraform import aws_s3_bucket.bucket[0] logs_bucket
terraform import aws_s3_bucket.bucket[0].source logs_bucket
terraform import aws_s3_bucket.bucket[0[source]] logs_bucket

所有失败并出现不同的错误。关于如何导入地图上列出的现有资源的任何想法？

Answer 1

terraform import 子命令依赖于资源命名空间内映射键中的字符串，这些字符串是第一类表达式，这会导致 shell 解释器出现问题，其中资源不是第一类表达式，因为它们不是 Terraform DSL。您可以通过将整个资源名称转换为文字字符串来解决此问题：

terraform import 'aws_s3_bucket.bucket["logs"]' logs_bucket

这将解决您的问题。

Answer 2

在进行 import 之前，我建议先进行 terraform plan。计划的输出如下所示：

Terraform will perform the following actions:

  # aws_s3_bucket.bucket["logs"] will be created
  + resource "aws_s3_bucket" "bucket" {
      + acceleration_status         = (known after apply)
      + acl                         = "private"
      + arn                         = (known after apply)
      + bucket                      = "logs_bucket"
      + bucket_domain_name          = (known after apply)
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = false
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + tags_all                    = (known after apply)
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)

      + versioning {
          + enabled    = (known after apply)
          + mfa_delete = (known after apply)
        }
    }

  # aws_s3_bucket.bucket["security"] will be created
  + resource "aws_s3_bucket" "bucket" {
      + acceleration_status         = (known after apply)
      + acl                         = "private"
      + arn                         = (known after apply)
      + bucket                      = "cloudtrail_bucket"
      + bucket_domain_name          = (known after apply)
      + bucket_regional_domain_name = (known after apply)
      + force_destroy               = false
      + hosted_zone_id              = (known after apply)
      + id                          = (known after apply)
      + region                      = (known after apply)
      + request_payer               = (known after apply)
      + tags_all                    = (known after apply)
      + website_domain              = (known after apply)
      + website_endpoint            = (known after apply)

      + versioning {
          + enabled    = (known after apply)
          + mfa_delete = (known after apply)
        }
    }

Plan: 2 to add, 0 to change, 0 to destroy.

有了这个计划，我们可以看到将要创建的资源可以引用为aws_s3_bucket.bucket["logs"] 和aws_s3_bucket.bucket["security"]。我们可以按如下方式导入它们，而不是 apply：

重击：

terraform import 'aws_s3_bucket.bucket["security"]' cloudtrail-bucket
terraform import 'aws_s3_bucket.bucket["logs"]' logs-bucket

Windows CMD：

terraform import 'aws_s3_bucket.bucket[\"security\"]' cloudtrail-bucket
terraform import 'aws_s3_bucket.bucket[\"logs\"]' logs-bucket

Answer 3

发布的答案中的语法是正确的。我的代码只是因为找不到 varsfile 而出错。我需要添加 -var-file={{ path to tfvars }}。所以最终的语法看起来像：

terraform import -var-file={{ path to tfvars}} 'aws_s3_bucket.bucket["logs"]' logs_bucket