为什么在通过Terraform删除一个EC2实例时删除所有卷？

Question

我使用这个模板来创建AWS资源。

我的计数是2，而且一切都是按照计划创建的，我在这两台机器上附加了一个1GB的EBS卷，这也很好，但是唯一的问题是当我尝试删除一个低于cmd的EC2实例时，两个1GB的EBS卷都被销毁了。我检查过了，它们是在不同的实例上连接的。

$ terraform destroy -target=aws_instance.jumpserver[1]
aws_vpc.main_vpc: Refreshing state... (ID: vpc-06b59734024ad6adc)
aws_key_pair.ProdKeypair: Refreshing state... (ID: ProdKeypair)
aws_security_group.sg_internet_facing: Refreshing state... (ID: sg-05a2739733f4f8a32)
aws_subnet.public_subnet: Refreshing state... (ID: subnet-0a8c6ea2718a44224)
aws_instance.jumpserver[1]: Refreshing state... (ID: i-05646d53baa34a988)

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
  - destroy

Terraform will perform the following actions:

  - aws_ebs_volume.vol_generic_data[0]

  - aws_ebs_volume.vol_generic_data[1]

  - aws_instance.jumpserver[1]

  - aws_volume_attachment.generic_data_vol_att[0]

  - aws_volume_attachment.generic_data_vol_att[1]

这是main.tf

# Define webserver inside the public subnets 
resource "aws_instance" "jumpserver" {
  count                       = "${var.num_of_instances}"
  ami                         = "${var.ami}"
  instance_type               = "t2.micro"
  key_name                    = "${aws_key_pair.ProdKeypair.id}"
  subnet_id                   = "${aws_subnet.public_subnet.id}"
  vpc_security_group_ids      = ["${aws_security_group.sg_internet_facing.id}"]
  associate_public_ip_address = true
  source_dest_check           = false
  #   user_data = "${file("install.sh")}"

  root_block_device = {
    volume_type           = "gp2"
    volume_size           =  "8"  
    delete_on_termination = "${var.delete_on_termincation}"
  }

  tags {
    Name = "${format("jump-%01d",count.index+1)}"
  }

  provisioner "remote-exec" {
    inline = ["sudo apt-get  -y install python"]

    connection {
      type        = "ssh"
      user        = "ubuntu"
      private_key = "${file(var.private_key_path)}"
    }
  }
}

resource "aws_ebs_volume" "vol_generic_data" {
  size              = "1"
  count             = "${var.num_of_instances}"
  type              = "gp2"
  availability_zone = "${element(aws_instance.jumpserver.*.availability_zone, count.index)}"

 tags = {
    Name = "${format("jump-%01d",count.index+1)}"
  }
}


resource "aws_volume_attachment" "generic_data_vol_att" {
  device_name = "/dev/xvdf"
  volume_id   = "${element(aws_ebs_volume.vol_generic_data.*.id, count.index)}"
  instance_id = "${element(aws_instance.jumpserver.*.id, count.index)}"
  count       = "${var.num_of_instances}"
}


# Define webserver inside the private subnet
resource "aws_instance" "backendserver" {
  ami                         = "${var.ami}"
  instance_type               = "t2.micro"
  key_name                    = "${aws_key_pair.ProdKeypair.id}"
  subnet_id                   = "${aws_subnet.private_subnet.id}"
  vpc_security_group_ids      = ["${aws_security_group.sg_backend.id}"]
  associate_public_ip_address = false
  source_dest_check           = false
  user_data                   = "${file("install.sh")}"

  tags {
    Name = "backendserver"
  }
}

Answer 1

问题在于availability_zone上的aws_ebs_volume资源。这取决于aws_instance，所以当Terraform破坏EC2时，它认为没有它就无法生存。即使它是一个EC2自变量。

有关更多信息，请查看非常详细的描述：https://github.com/hashicorp/terraform/issues/30614#issuecomment-1058769588

如果您有对VPC的引用，请使用它。对我来说是module.vpc-prod.azs[0]