これは何
Terraformで特定resourceをplanしようとしたが、うまくいかず、resourceの意味を履き違えていたためだ、と気づいたお話です。
内容
まず、resourceについて勘違いしていました。
特定””resource””というわけで、私の脳内では、resource=tfファイルか!と変換していました。
なので…
$ terraform plan -target=vpc.tf -target=securitygroup.tf -target=main.tf -target=variables.tf
これでいけると考えたわけです。
しかし…
Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage. ------------------------------------------------------------------------ No changes. Infrastructure is up-to-date. This means that Terraform did not detect any differences between your configuration and real physical resources that exist. As a result, no actions need to be performed.
vpc.tfとsecuritygroup.tfをデプロイするとしたら、こうなるよ、というplanが示されません。
そこで、実際に世界中のエンジニアはどうコードを書いているのか調べました。
以下のコードだとうまくいくことがわかりました。
$ terraform plan -target=aws_instance.ec2-web01
"aws_iam_policy_document" "instance-assume-role-policy" { + id = (known after apply) + json = (known after apply) + statement { + actions = [ + "sts:AssumeRole", ] + effect = "Allow" + principals { + identifiers = [ + "ec2.amazonaws.com", ] + type = "Service" } } } # aws_iam_instance_profile.ec2_instance_role_profile_web will be created + resource "aws_iam_instance_profile" "ec2_instance_role_profile_web" { + arn = (known after apply) + create_date = (known after apply) + id = (known after apply) + name = "" + path = "/" + role = "" + roles = (known after apply) + unique_id = (known after apply) } # aws_iam_role.ec2_instance_role_web will be created + resource "aws_iam_role" "ec2_instance_role_web" { + arn = (known after apply) + assume_role_policy = (known after apply) + create_date = (known after apply) + force_detach_policies = false + id = (known after apply) + max_session_duration = 3600 + name = "" + path = "/" + unique_id = (known after apply) } # aws_instance.ec2-web01 will be created + resource "aws_instance" "ec2-web01" { + ami = "" + arn = (known after apply) + associate_public_ip_address = false + availability_zone = (known after apply) + cpu_core_count = (known after apply) + cpu_threads_per_core = (known after apply) + get_password_data = false + host_id = (known after apply) + iam_instance_profile = "" + id = (known after apply) + instance_state = (known after apply) + instance_type = "t3.micro" + ipv6_address_count = (known after apply) + ipv6_addresses = (known after apply) + key_name = "" + network_interface_id = (known after apply) + outpost_arn = (known after apply) + password_data = (known after apply) + placement_group = (known after apply) + primary_network_interface_id = (known after apply) + private_dns = (known after apply) + private_ip = (known after apply) + public_dns = (known after apply) + public_ip = (known after apply) + security_groups = (known after apply) + source_dest_check = true + subnet_id = (known after apply) + tags = { + "Name" = + } + tenancy = (known after apply) + volume_tags = { + "Name" = "" } + vpc_security_group_ids = (known after apply)
(長いので省略)
と、ec2と、それに関連するresourceがplanされました。
つまり、tfファイル単位でplanではなく、resource単位で、適用される文法でした。
resource=tfファイルと誤変換していました、というお話でした。
またしても、しょうもない気づき…
もし、tfファイル単位でもplanできるよ!という方法があれば、ご教示いただけると嬉しいです。m(__)m
参考
https://www.terraform.io/docs/language/resources/index.html https://github.com/hashicorp/terraform/issues/13986