问题
I am using terraform v0.12.6 and I run into many errors like:
Error: Error creating Security Group: InvalidGroup.Duplicate: The security group 'security-search-populate' already exists for VPC 'vpc-003e06e33a87c22f5'
status code: 400, request id: 82acdc81-c324-4672-b9fe-531eb8283ed3
Error: Error creating IAM Role PopulateTaskRole: EntityAlreadyExists: Role with name PopulateTaskRole already exists.
status code: 409, request id: 49aac94c-d52b-11e9-a535-c19e5ed20660
I know I can solve them by deleting these resources from aws. But I wonder whether there is any better way to solve them.
回答1:
Yes. All duplicates should be imported into terraform and each resource's import may be different.
To import security group sg-903004f8 to terraform resource aws_security_group.elb_sg using your dev profile. You'll need to find the security group id of security-search-populate security group.
AWS_PROFILE=dev terraform import aws_security_group.elb_sg sg-903004f8
To import IAM role PopulateTaskRole to terraform resource aws_iam_role.developer using your dev profile.
AWS_PROFILE=dev terraform import aws_iam_role.developer PopulateTaskRole
After these are imported, you can do a targetted terraform plan to see the differences between what's in source controlled terraform and what's upstream in AWS
AWS_PROFILE=dev terraform plan -target aws_security_group.elb_sg -target aws_iam_role.developer
来源:https://stackoverflow.com/questions/57903408/what-is-the-best-way-to-solve-entityalreadyexists-error-in-terraform