Terraform에서 AWS VPC 삭제

Terraform에서 AWS VPC를 삭제하는 코드 (명령)

실행 환경


  • Windows 10 Home (1919)
  • Git Bash (git version 2.25.1.windows.1)
  • AWS CLI (aws-cli/2.0.3 Python/3.7.5 Windows/10 botocore/2.0.0dev7)
  • Terraform (v0.12.26)

  • 삭제할 구성



    정확히 하나의 VPC만 있는 상태에서 VPC 삭제



    마인. tf



    main.tf
    provider "aws" {
      profile = "prj01-profile"
      region = "us-west-2"
    }
    
    resource "aws_vpc" "prj01VPC" {
      cidr_block = "10.10.0.0/16"
      instance_tenancy = "default"
      tags = {
        Name = "prj01VPC"
        CostGroup = "prj01"
      }
    }
    

    VPC를 만들 때 main.tf와 동일합니다. 여기 .

    실행



    실행 전 상태 확인


    $ aws ec2 describe-vpcs  --region=us-west-2
    {
        "Vpcs": [
            {
                "CidrBlock": "10.10.0.0/16",
                "DhcpOptionsId": "dopt-0ebee8b328487036e",
                "State": "available",
                "VpcId": "vpc-085c4a097408d438d",
                "OwnerId": "679788997248",
                "InstanceTenancy": "default",
                "CidrBlockAssociationSet": [
                    {
                        "AssociationId": "vpc-cidr-assoc-05db0b29ba54e1edc",
                        "CidrBlock": "10.10.0.0/16",
                        "CidrBlockState": {
                            "State": "associated"
                        }
                    }
                ],
                "IsDefault": false,
                "Tags": [
                    {
                        "Key": "CostGroup",
                        "Value": "prj01"
                    },
                    {
                        "Key": "Name",
                        "Value": "prj01VPC"
                    }
                ]
            }
        ]
    }
    

    삭제 대상 VPC가 존재하는지 확인.

    전제


    $ aws configure list --profile prj01-profile
          Name                    Value             Type    Location
          ----                    -----             ----    --------
       profile            prj01-profile           manual    --profile
    access_key     ****************FCES shared-credentials-file
    secret_key     ****************4Idw shared-credentials-file
        region                us-west-2      config-file    ~/.aws/config
    

    전제로 aws cli의 profile은 작성이 끝났습니다.

    우선 plan


    $ ../terraform.exe plan -destroy
    Refreshing Terraform state in-memory prior to plan...
    The refreshed state will be used to calculate this plan, but will not be
    persisted to local or remote state storage.
    
    aws_vpc.prj01VPC: Refreshing state... [id=vpc-085c4a097408d438d]
    
    ------------------------------------------------------------------------
    
    An execution plan has been generated and is shown below.
    Resource actions are indicated with the following symbols:
      - destroy
    
    Terraform will perform the following actions:
    
      # aws_vpc.prj01VPC will be destroyed
      - resource "aws_vpc" "prj01VPC" {
          - arn                              = "arn:aws:ec2:us-west-2:679788997248:vpc/vpc-085c4a097408d438d" -> null
          - assign_generated_ipv6_cidr_block = false -> null
          - cidr_block                       = "10.10.0.0/16" -> null
          - default_network_acl_id           = "acl-005cda038798e1246" -> null
          - default_route_table_id           = "rtb-0ef695f3a63eff9a7" -> null
          - default_security_group_id        = "sg-0a7fa0eabf509911d" -> null
          - dhcp_options_id                  = "dopt-0ebee8b328487036e" -> null
          - enable_classiclink               = false -> null
          - enable_classiclink_dns_support   = false -> null
          - enable_dns_hostnames             = false -> null
          - enable_dns_support               = true -> null
          - id                               = "vpc-085c4a097408d438d" -> null
          - instance_tenancy                 = "default" -> null
          - main_route_table_id              = "rtb-0ef695f3a63eff9a7" -> null
          - owner_id                         = "679788997248" -> null
          - tags                             = {
              - "CostGroup" = "prj01"
              - "Name"      = "prj01VPC"
            } -> null
        }
    
    Plan: 0 to add, 0 to change, 1 to destroy.
    
    ------------------------------------------------------------------------
    
    Note: You didn't specify an "-out" parameter to save this plan, so Terraform
    can't guarantee that exactly these actions will be performed if
    "terraform apply" is subsequently run.
    

    지우고 싶은 VPC만이, destroy가 되어 있는 것을 확인.

    확인할 수 있었으므로 destroy


    $ ../terraform.exe destroy
    aws_vpc.prj01VPC: Refreshing state... [id=vpc-085c4a097408d438d]
    
    An execution plan has been generated and is shown below.
    Resource actions are indicated with the following symbols:
      - destroy
    
    Terraform will perform the following actions:
    
      # aws_vpc.prj01VPC will be destroyed
      - resource "aws_vpc" "prj01VPC" {
          - arn                              = "arn:aws:ec2:us-west-2:679788997248:vpc/vpc-085c4a097408d438d" -> null
          - assign_generated_ipv6_cidr_block = false -> null
          - cidr_block                       = "10.10.0.0/16" -> null
          - default_network_acl_id           = "acl-005cda038798e1246" -> null
          - default_route_table_id           = "rtb-0ef695f3a63eff9a7" -> null
          - default_security_group_id        = "sg-0a7fa0eabf509911d" -> null
          - dhcp_options_id                  = "dopt-0ebee8b328487036e" -> null
          - enable_classiclink               = false -> null
          - enable_classiclink_dns_support   = false -> null
          - enable_dns_hostnames             = false -> null
          - enable_dns_support               = true -> null
          - id                               = "vpc-085c4a097408d438d" -> null
          - instance_tenancy                 = "default" -> null
          - main_route_table_id              = "rtb-0ef695f3a63eff9a7" -> null
          - owner_id                         = "679788997248" -> null
          - tags                             = {
              - "CostGroup" = "prj01"
              - "Name"      = "prj01VPC"
            } -> null
        }
    
    Plan: 0 to add, 0 to change, 1 to destroy.
    
    Do you really want to destroy all resources?
      Terraform will destroy all your managed infrastructure, as shown above.
      There is no undo. Only 'yes' will be accepted to confirm.
    
      Enter a value: yes
    
    aws_vpc.prj01VPC: Destroying... [id=vpc-085c4a097408d438d]
    aws_vpc.prj01VPC: Destruction complete after 1s
    
    Destroy complete! Resources: 1 destroyed.
    

    확인 포인트
    - yes를 입력하기 전에 지우고 싶은 VPC만이 destroy가 되어 있는 것
    - create와 change가 '0'으로 되어 있는 것
    - 기타 오류나 경고가 발생하지 않음

    실행 후 확인


    $ aws ec2 describe-vpcs  --region=us-west-2
    {
        "Vpcs": []
    }
    

    VPC가 사라지고 있는지 확인.

    지우려는 대상을 명확하게 지정



    지울 때 target을 지정하고 싶은 기분


    $ ../terraform.exe plan -destroy -target=aws_vpc.prj01VPC
    Refreshing Terraform state in-memory prior to plan...
    The refreshed state will be used to calculate this plan, but will not be
    persisted to local or remote state storage.
    
    aws_vpc.prj01VPC: Refreshing state... [id=vpc-0f54ed2c26b44b69f]
    
    ------------------------------------------------------------------------
    
    An execution plan has been generated and is shown below.
    Resource actions are indicated with the following symbols:
      - destroy
    
    Terraform will perform the following actions:
    
      # aws_vpc.prj01VPC will be destroyed
      - resource "aws_vpc" "prj01VPC" {
          - arn                              = "arn:aws:ec2:us-west-2:679788997248:vpc/vpc-0f54ed2c26b44b69f" -> null
          - assign_generated_ipv6_cidr_block = false -> null
          - cidr_block                       = "10.10.0.0/16" -> null
          - default_network_acl_id           = "acl-06e41dd4dac36b4b0" -> null
          - default_route_table_id           = "rtb-0c683ac40dcdc13d0" -> null
          - default_security_group_id        = "sg-059f2992d43bd7002" -> null
          - dhcp_options_id                  = "dopt-0ebee8b328487036e" -> null
          - enable_classiclink               = false -> null
          - enable_classiclink_dns_support   = false -> null
          - enable_dns_hostnames             = false -> null
          - enable_dns_support               = true -> null
          - id                               = "vpc-0f54ed2c26b44b69f" -> null
          - instance_tenancy                 = "default" -> null
          - main_route_table_id              = "rtb-0c683ac40dcdc13d0" -> null
          - owner_id                         = "679788997248" -> null
          - tags                             = {
              - "CostGroup" = "prj01"
              - "Name"      = "prj01VPC"
            } -> null
        }
    
    Plan: 0 to add, 0 to change, 1 to destroy.
    
    Warning: Resource targeting is in effect
    
    You are creating a plan with the -target option, which means that the result
    of this plan may not represent all of the changes requested by the current
    configuration.
    
    The -target option is not for routine use, and is provided only for
    exceptional situations such as recovering from errors or mistakes, or when
    Terraform specifically suggests to use it as part of an error message.
    
    
    ------------------------------------------------------------------------
    
    Note: You didn't specify an "-out" parameter to save this plan, so Terraform
    can't guarantee that exactly these actions will be performed if
    "terraform apply" is subsequently run.
    

    Warning이 나왔다.

    【google 번역】
    -target 옵션은 일상적으로 사용하기 위한 것이 아니며 오류나 오류에서 복구와 같은 예외적인 상황에서 또는 Terraform이 오류 메시지의 일부로 사용할 것을 명확하게 제안한 경우에만 제공 됩니다.

    그런가. . . 글쎄요!
    $ ../terraform.exe destroy -target=aws_vpc.prj01VPC
    aws_vpc.prj01VPC: Refreshing state... [id=vpc-0f54ed2c26b44b69f]
    
    An execution plan has been generated and is shown below.
    Resource actions are indicated with the following symbols:
      - destroy
    
    Terraform will perform the following actions:
    
      # aws_vpc.prj01VPC will be destroyed
      - resource "aws_vpc" "prj01VPC" {
          - arn                              = "arn:aws:ec2:us-west-2:679788997248:vpc/vpc-0f54ed2c26b44b69f" -> null
          - assign_generated_ipv6_cidr_block = false -> null
          - cidr_block                       = "10.10.0.0/16" -> null
          - default_network_acl_id           = "acl-06e41dd4dac36b4b0" -> null
          - default_route_table_id           = "rtb-0c683ac40dcdc13d0" -> null
          - default_security_group_id        = "sg-059f2992d43bd7002" -> null
          - dhcp_options_id                  = "dopt-0ebee8b328487036e" -> null
          - enable_classiclink               = false -> null
          - enable_classiclink_dns_support   = false -> null
          - enable_dns_hostnames             = false -> null
          - enable_dns_support               = true -> null
          - id                               = "vpc-0f54ed2c26b44b69f" -> null
          - instance_tenancy                 = "default" -> null
          - main_route_table_id              = "rtb-0c683ac40dcdc13d0" -> null
          - owner_id                         = "679788997248" -> null
          - tags                             = {
              - "CostGroup" = "prj01"
              - "Name"      = "prj01VPC"
            } -> null
        }
    
    Plan: 0 to add, 0 to change, 1 to destroy.
    
    
    Warning: Resource targeting is in effect
    
    You are creating a plan with the -target option, which means that the result
    of this plan may not represent all of the changes requested by the current
    configuration.
    
    The -target option is not for routine use, and is provided only for
    exceptional situations such as recovering from errors or mistakes, or when
    Terraform specifically suggests to use it as part of an error message.
    
    Do you really want to destroy all resources?
      Terraform will destroy all your managed infrastructure, as shown above.
      There is no undo. Only 'yes' will be accepted to confirm.
    
      Enter a value: yes
    
    aws_vpc.prj01VPC: Destroying... [id=vpc-0f54ed2c26b44b69f]
    aws_vpc.prj01VPC: Destruction complete after 1s
    
    Warning: Applied changes may be incomplete
    
    The plan was created with the -target option in effect, so some changes
    requested in the configuration may have been ignored and the output values may
    not be fully updated. Run the following command to verify that no other
    changes are pending:
        terraform plan
    
    Note that the -target option is not suitable for routine use, and is provided
    only for exceptional situations such as recovering from errors or mistakes, or
    when Terraform specifically suggests to use it as part of an error message.
    
    
    Destroy complete! Resources: 1 destroyed.
    

    실패 패턴



    target의 지정은 type.resource


    $ ../terraform.exe plan -destroy -target=prj01VPC
    Usage: terraform plan [options] [DIR]
    
      Generates an execution plan for Terraform.
    
      This execution plan can be reviewed prior to running apply to get a
      sense for what Terraform will do. Optionally, the plan can be saved to
      a Terraform plan file, and apply can take this plan file to execute
      this plan exactly.
    
    Options:
      :(略)
    

    targate를 지정할 때 리소스 이름 앞에 type(이번은 "aws_vpc")을 지정하지 않으면 오류가 발생합니다.
    매뉴얼

    -target=resource - A Resource Address to target. This flag can be used multiple times. See below for more information.

    라고 적혀있다. 이해하기 어렵습니다. . .

    이쪽 보면 제대로 써 있다.

    Resource spec:
    A resource spec addresses a specific resource in the config. It takes the form:
    resource_type.resource_name[resource index]

    좋은 웹페이지 즐겨찾기