从AWS导入VPC配置

Question

无法从Terraform导入现有VPC配置。

创建这个网络的原始代码是：

module "vpc" {
  source  = "terraform-aws-modules/vpc/aws"
  version = "~> v2.66"

  name = "my-vpc"
  cidr = var.vpc_cidr

  azs              = var.availability_zones
  private_subnets  = var.vpc_private_subnets
  public_subnets   = var.vpc_public_subnets
  database_subnets = var.vpc_database_subnets
  redshift_subnets = var.vpc_redshift_subnets

  enable_nat_gateway     = true
  enable_vpn_gateway     = true
  enable_public_redshift = true

  enable_dns_hostnames = true

  tags = merge(
    tomap({
      "kubernetes.io/cluster/my-production-cluster-" = "shared"
      "kubernetes.io/role/internal-elb"              = ""
      "kubernetes.io/role/elb"                       = ""
  }))
  public_subnet_tags  = merge(tomap({ "kubernetes.io/role/elb" = "1" }))
  private_subnet_tags = merge(tomap({ "kubernetes.io/role/internal-elb" = "1" }))
}

每个网络变量由两个子网组成。

现在，我需要为该模块创建一个新的terraform config，并将其绑定到现有的VPC。在规划之后，Terraform建议我重新创建所有与VPC相关的基础设施。

因此，我尝试像这样导入它：

terraform import module.vpc.aws_vpc.this vpc-XXXXX

没有错误地通过，所有的rest命令都给了我一个相同的画面：

$ terraform import module.vpc.aws_vpn_gateway.this igw-XXX
module.vpc.aws_vpn_gateway.this: Importing from ID "igw-XXX"...
module.vpc.aws_vpn_gateway.this: Import prepared!
  Prepared aws_vpn_gateway for import
module.vpc.aws_vpn_gateway.this: Refreshing state... [id=igw-XXX]

Error: Cannot import non-existent remote object
│ 
│ While attempting to import an existing object to "module.vpc.aws_vpn_gateway.this", the provider detected that no object exists with the given id. Only pre-existing objects can be imported; check that the id is correct and that it is associated with the provider's
│ configured region or endpoint, or use "terraform apply" to create a new remote object for this resource.

或

$ terraform import module.vpc.aws_db_subnet_group.database my-production-vpc-db-us-east-2a
module.vpc.aws_db_subnet_group.database: Importing from ID "my-production-vpc-db-us-east-2a"...
module.vpc.aws_db_subnet_group.database: Import prepared!
  Prepared aws_db_subnet_group for import
module.vpc.aws_db_subnet_group.database: Refreshing state... [id=my-production-vpc-db-us-east-2a]

Error: Cannot import non-existent remote object
│ 
│ While attempting to import an existing object to "module.vpc.aws_db_subnet_group.database", the provider detected that no object exists with the given id. Only pre-existing objects can be imported; check that the id is correct and that it is associated with the
│ provider's configured region or endpoint, or use "terraform apply" to create a new remote object for this resource.

我尝试过使用其他方法来键入这样的资源名称：

terraform import module.vpc.aws_vpn_gateway.this[0] igw-XXX
terraform import module.vpc.aws_vpn_gateway.this[\"0\"] igw-XXX
terraform import 'module.vpc.aws_vpn_gateway.this[0]' igw-XXX

terraform import module.vpc.aws_db_subnet_group.database[0] my-production-vpc-db-us-east-2a
terraform import module.vpc.aws_db_subnet_group.database[\"0\"] my-production-vpc-db-us-east-2a
terraform import 'module.vpc.aws_db_subnet_group.database[0]' my-production-vpc-db-us-east-2a

一切都不走运。

以下是地形平面图的片段：

 # module.vpc.aws_db_subnet_group.database[0] will be created
  + resource "aws_db_subnet_group" "database" {
      + arn         = (known after apply)
      + description = "Database subnet group for adboost-production-vpc"
      + id          = (known after apply)
      + name        = "my-vpc"
      + name_prefix = (known after apply)
      + subnet_ids  = (known after apply)
      + tags        = {
          + "Name"                                                  = "my-vpc"
          + "kubernetes.io/cluster/my-production-cluster-"          = "shared"    
          + "kubernetes.io/role/elb"                                = ""
          + "kubernetes.io/role/internal-elb"                       = ""
        }
      + tags_all    = {
          + "Name"                                                  = "my-vpc"
          + "kubernetes.io/cluster/my-production-cluster-"          = "shared"    
          + "kubernetes.io/role/elb"                                = (known after apply)
          + "kubernetes.io/role/internal-elb"                       = (known after apply)
        }
    }

...

 # module.vpc.aws_vpn_gateway.this[0] will be created
  + resource "aws_vpn_gateway" "this" {
      + amazon_side_asn = "64512"
      + arn             = (known after apply)
      + id              = (known after apply)
      + tags            = {
          + "Name"                                                  = "my-vpc"
          + "kubernetes.io/cluster/my-production-cluster-"          = "shared"    
          + "kubernetes.io/role/elb"                                = ""
          + "kubernetes.io/role/internal-elb"                       = ""
        }
      + tags_all        = {
          + "Name"                                                  = "my-vpc"
          + "kubernetes.io/cluster/my-production-cluster-"          = "shared"    
          + "kubernetes.io/role/elb"                                = (known after apply)
          + "kubernetes.io/role/internal-elb"                       = (known after apply)
        }
      + vpc_id          = "vpc-XXX"
    }

VPC模块的其他部分在导入时也会出现相同的错误

Answer 1

VPN网关和Internet网关不是一回事，这就解释了该资源无法导入的原因。

根据the documentation，您应该在导入时指定DB子网组的“名称”。那么，现有DB子网组的名称是什么？是像您在import命令中尝试的那样使用"my-production-vpc-db-us-east-2a“，还是像您在Terraform文件中配置的那样使用"my-vpc”？