Soumettre la recherche
Mettre en ligne
How to get rid of terraform plan diffs
•
0 j'aime
•
687 vues
Yukiya Hayashi
Suivre
Terraform meetup tokyo#1 でのLT資料です。
Lire moins
Lire la suite
Technologie
Signaler
Partager
Signaler
Partager
1 sur 43
Télécharger maintenant
Télécharger pour lire hors ligne
Recommandé
Hack ASP.NET website
Hack ASP.NET website
Positive Hack Days
ChromeからMacBookのTouchIDでWebAuthenticationする ~Idance vol1~
ChromeからMacBookのTouchIDでWebAuthenticationする ~Idance vol1~
5 6
Reutov, yunusov, nagibin random numbers take ii
Reutov, yunusov, nagibin random numbers take ii
DefconRussia
WebCamp: Developer Day: Web Security: Cookies, Domains and CORS - Юрий Чайков...
WebCamp: Developer Day: Web Security: Cookies, Domains and CORS - Юрий Чайков...
GeeksLab Odessa
OAuth 2.0 – A standard is coming of age by Uwe Friedrichsen
OAuth 2.0 – A standard is coming of age by Uwe Friedrichsen
Codemotion
Nko workshop - node js crud & deploy
Nko workshop - node js crud & deploy
Simon Su
MongoDB .local Houston 2019: Using Client Side Encryption in MongoDB 4.2
MongoDB .local Houston 2019: Using Client Side Encryption in MongoDB 4.2
MongoDB
9 password security
9 password security
drewz lin
Recommandé
Hack ASP.NET website
Hack ASP.NET website
Positive Hack Days
ChromeからMacBookのTouchIDでWebAuthenticationする ~Idance vol1~
ChromeからMacBookのTouchIDでWebAuthenticationする ~Idance vol1~
5 6
Reutov, yunusov, nagibin random numbers take ii
Reutov, yunusov, nagibin random numbers take ii
DefconRussia
WebCamp: Developer Day: Web Security: Cookies, Domains and CORS - Юрий Чайков...
WebCamp: Developer Day: Web Security: Cookies, Domains and CORS - Юрий Чайков...
GeeksLab Odessa
OAuth 2.0 – A standard is coming of age by Uwe Friedrichsen
OAuth 2.0 – A standard is coming of age by Uwe Friedrichsen
Codemotion
Nko workshop - node js crud & deploy
Nko workshop - node js crud & deploy
Simon Su
MongoDB .local Houston 2019: Using Client Side Encryption in MongoDB 4.2
MongoDB .local Houston 2019: Using Client Side Encryption in MongoDB 4.2
MongoDB
9 password security
9 password security
drewz lin
Cargo Cult Security UJUG Sep2015
Cargo Cult Security UJUG Sep2015
Derrick Isaacson
BlockChain implementation by python
BlockChain implementation by python
wonyong hwang
Geth important commands
Geth important commands
NexThoughts Technologies
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
Svetlin Nakov
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Svetlin Nakov
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)
Svetlin Nakov
Authorization with oAuth
Authorization with oAuth
Vivastream
MongoDB Europe 2016 - Enabling the Internet of Things at Proximus - Belgium's...
MongoDB Europe 2016 - Enabling the Internet of Things at Proximus - Belgium's...
MongoDB
MongoDB .local Chicago 2019: Using Client Side Encryption in MongoDB 4.2
MongoDB .local Chicago 2019: Using Client Side Encryption in MongoDB 4.2
MongoDB
CIS14: Developing with OAuth and OIDC Connect
CIS14: Developing with OAuth and OIDC Connect
CloudIDSummit
Cache is King - RailsConf 2019
Cache is King - RailsConf 2019
Molly Struve
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
OWASP Russia
Da APK al Golden Ticket
Da APK al Golden Ticket
Giuseppe Trotta
MongoDB World 2019: Using Client Side Encryption in MongoDB 4.2 Link
MongoDB World 2019: Using Client Side Encryption in MongoDB 4.2 Link
MongoDB
dotSwift - From Problem to Solution
dotSwift - From Problem to Solution
soroushkhanlou
MongoDB Online Conference: Introducing MongoDB 2.2
MongoDB Online Conference: Introducing MongoDB 2.2
MongoDB
Cache is King - RubyHACK 2019
Cache is King - RubyHACK 2019
Molly Struve
Peggy elasticsearch應用
Peggy elasticsearch應用
LearningTech
Encryption: It's For More Than Just Passwords
Encryption: It's For More Than Just Passwords
John Congdon
Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB
MongoDB
CloudFormation vs. Elastic Beanstalk & Use cases
CloudFormation vs. Elastic Beanstalk & Use cases
Wayland Zhang
Arp
Arp
Ebsil Sherly
Contenu connexe
Tendances
Cargo Cult Security UJUG Sep2015
Cargo Cult Security UJUG Sep2015
Derrick Isaacson
BlockChain implementation by python
BlockChain implementation by python
wonyong hwang
Geth important commands
Geth important commands
NexThoughts Technologies
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
Svetlin Nakov
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Svetlin Nakov
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)
Svetlin Nakov
Authorization with oAuth
Authorization with oAuth
Vivastream
MongoDB Europe 2016 - Enabling the Internet of Things at Proximus - Belgium's...
MongoDB Europe 2016 - Enabling the Internet of Things at Proximus - Belgium's...
MongoDB
MongoDB .local Chicago 2019: Using Client Side Encryption in MongoDB 4.2
MongoDB .local Chicago 2019: Using Client Side Encryption in MongoDB 4.2
MongoDB
CIS14: Developing with OAuth and OIDC Connect
CIS14: Developing with OAuth and OIDC Connect
CloudIDSummit
Cache is King - RailsConf 2019
Cache is King - RailsConf 2019
Molly Struve
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
OWASP Russia
Da APK al Golden Ticket
Da APK al Golden Ticket
Giuseppe Trotta
MongoDB World 2019: Using Client Side Encryption in MongoDB 4.2 Link
MongoDB World 2019: Using Client Side Encryption in MongoDB 4.2 Link
MongoDB
dotSwift - From Problem to Solution
dotSwift - From Problem to Solution
soroushkhanlou
MongoDB Online Conference: Introducing MongoDB 2.2
MongoDB Online Conference: Introducing MongoDB 2.2
MongoDB
Cache is King - RubyHACK 2019
Cache is King - RubyHACK 2019
Molly Struve
Peggy elasticsearch應用
Peggy elasticsearch應用
LearningTech
Encryption: It's For More Than Just Passwords
Encryption: It's For More Than Just Passwords
John Congdon
Tendances
(19)
Cargo Cult Security UJUG Sep2015
Cargo Cult Security UJUG Sep2015
BlockChain implementation by python
BlockChain implementation by python
Geth important commands
Geth important commands
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
Blockchain Cryptography for Developers (Nakov @ BlockWorld 2018, San Jose)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Java Developers: Nakov jProfessionals (Jan 2019)
Cryptography for Absolute Beginners (May 2019)
Cryptography for Absolute Beginners (May 2019)
Authorization with oAuth
Authorization with oAuth
MongoDB Europe 2016 - Enabling the Internet of Things at Proximus - Belgium's...
MongoDB Europe 2016 - Enabling the Internet of Things at Proximus - Belgium's...
MongoDB .local Chicago 2019: Using Client Side Encryption in MongoDB 4.2
MongoDB .local Chicago 2019: Using Client Side Encryption in MongoDB 4.2
CIS14: Developing with OAuth and OIDC Connect
CIS14: Developing with OAuth and OIDC Connect
Cache is King - RailsConf 2019
Cache is King - RailsConf 2019
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
[1.2] Трюки при анализе защищенности веб приложений – продвинутая версия - С...
Da APK al Golden Ticket
Da APK al Golden Ticket
MongoDB World 2019: Using Client Side Encryption in MongoDB 4.2 Link
MongoDB World 2019: Using Client Side Encryption in MongoDB 4.2 Link
dotSwift - From Problem to Solution
dotSwift - From Problem to Solution
MongoDB Online Conference: Introducing MongoDB 2.2
MongoDB Online Conference: Introducing MongoDB 2.2
Cache is King - RubyHACK 2019
Cache is King - RubyHACK 2019
Peggy elasticsearch應用
Peggy elasticsearch應用
Encryption: It's For More Than Just Passwords
Encryption: It's For More Than Just Passwords
Similaire à How to get rid of terraform plan diffs
Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB
MongoDB
CloudFormation vs. Elastic Beanstalk & Use cases
CloudFormation vs. Elastic Beanstalk & Use cases
Wayland Zhang
Arp
Arp
Ebsil Sherly
Grokking Grok: Monitorama PDX 2015
Grokking Grok: Monitorama PDX 2015
GregMefford
PHP Secure Programming
PHP Secure Programming
Balavignesh Kasinathan
OpenSSL Basic Function Call Flow
OpenSSL Basic Function Call Flow
William Lee
CONFidence 2015: DTrace + OSX = Fun - Andrzej Dyjak
CONFidence 2015: DTrace + OSX = Fun - Andrzej Dyjak
PROIDEA
Webinar: Architecting Secure and Compliant Applications with MongoDB
Webinar: Architecting Secure and Compliant Applications with MongoDB
MongoDB
Py conkr 20150829_docker-python
Py conkr 20150829_docker-python
Eric Ahn
Py conkr 20150829_docker-python
Py conkr 20150829_docker-python
Eric Ahn
Pycon - Python for ethical hackers
Pycon - Python for ethical hackers
Mohammad Reza Kamalifard
Lab
Lab
puneetsingh232
Log mining
Log mining
Fan Jiang
Trust boundaries - Confidence 2015
Trust boundaries - Confidence 2015
Logicaltrust pl
ZeroMQ: Messaging Made Simple
ZeroMQ: Messaging Made Simple
Ian Barber
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB
Gaztea Tech Robotica 2016
Gaztea Tech Robotica 2016
Svet Ivantchev
SSL Failing, Sharing, and Scheduling
SSL Failing, Sharing, and Scheduling
David Evans
HashiConf Digital 2020: HashiCorp Vault configuration as code via HashiCorp T...
HashiConf Digital 2020: HashiCorp Vault configuration as code via HashiCorp T...
Andrey Devyatkin
Logstash for SEO: come monitorare i Log del Web Server in realtime
Logstash for SEO: come monitorare i Log del Web Server in realtime
Andrea Cardinale
Similaire à How to get rid of terraform plan diffs
(20)
Architecting Secure and Compliant Applications with MongoDB
Architecting Secure and Compliant Applications with MongoDB
CloudFormation vs. Elastic Beanstalk & Use cases
CloudFormation vs. Elastic Beanstalk & Use cases
Arp
Arp
Grokking Grok: Monitorama PDX 2015
Grokking Grok: Monitorama PDX 2015
PHP Secure Programming
PHP Secure Programming
OpenSSL Basic Function Call Flow
OpenSSL Basic Function Call Flow
CONFidence 2015: DTrace + OSX = Fun - Andrzej Dyjak
CONFidence 2015: DTrace + OSX = Fun - Andrzej Dyjak
Webinar: Architecting Secure and Compliant Applications with MongoDB
Webinar: Architecting Secure and Compliant Applications with MongoDB
Py conkr 20150829_docker-python
Py conkr 20150829_docker-python
Py conkr 20150829_docker-python
Py conkr 20150829_docker-python
Pycon - Python for ethical hackers
Pycon - Python for ethical hackers
Lab
Lab
Log mining
Log mining
Trust boundaries - Confidence 2015
Trust boundaries - Confidence 2015
ZeroMQ: Messaging Made Simple
ZeroMQ: Messaging Made Simple
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
MongoDB .local San Francisco 2020: Using Client Side Encryption in MongoDB 4.2
Gaztea Tech Robotica 2016
Gaztea Tech Robotica 2016
SSL Failing, Sharing, and Scheduling
SSL Failing, Sharing, and Scheduling
HashiConf Digital 2020: HashiCorp Vault configuration as code via HashiCorp T...
HashiConf Digital 2020: HashiCorp Vault configuration as code via HashiCorp T...
Logstash for SEO: come monitorare i Log del Web Server in realtime
Logstash for SEO: come monitorare i Log del Web Server in realtime
Plus de Yukiya Hayashi
I have a problem when operating AWS with multiple accounts
I have a problem when operating AWS with multiple accounts
Yukiya Hayashi
My misstake on Ansible’s lineinfile module
My misstake on Ansible’s lineinfile module
Yukiya Hayashi
AWS SSO x On-Prem AD Easy IAM user management on Jtf2021
AWS SSO x On-Prem AD Easy IAM user management on Jtf2021
Yukiya Hayashi
AWS Cognito makes old web apps available from anywhere
AWS Cognito makes old web apps available from anywhere
Yukiya Hayashi
アドベントカレンダー から学ぶOCIの空気感
アドベントカレンダー から学ぶOCIの空気感
Yukiya Hayashi
オンボーディングを楽しむ
オンボーディングを楽しむ
Yukiya Hayashi
事前アンケート集計 Terraform meetup tokyo#2
事前アンケート集計 Terraform meetup tokyo#2
Yukiya Hayashi
I want the power of onboarding!
I want the power of onboarding!
Yukiya Hayashi
How did you start learning Azure
How did you start learning Azure
Yukiya Hayashi
My feelings of going to the first conference overseas
My feelings of going to the first conference overseas
Yukiya Hayashi
Let's split text by awk command
Let's split text by awk command
Yukiya Hayashi
What i feel when began use AWS CodePipeline as GitLab Ci user
What i feel when began use AWS CodePipeline as GitLab Ci user
Yukiya Hayashi
Task and Time monitoring with Backlog and Toggl
Task and Time monitoring with Backlog and Toggl
Yukiya Hayashi
Oiradaichi's Akamai Journey
Oiradaichi's Akamai Journey
Yukiya Hayashi
What does the monitoring tool use at oisix ra daichi?
What does the monitoring tool use at oisix ra daichi?
Yukiya Hayashi
We love backlog ! in reCap event.
We love backlog ! in reCap event.
Yukiya Hayashi
What we expect of neo4j
What we expect of neo4j
Yukiya Hayashi
Backlog World 2019 LT - We love backlog !
Backlog World 2019 LT - We love backlog !
Yukiya Hayashi
20190116 neo4jug-lt
20190116 neo4jug-lt
Yukiya Hayashi
Introduce that Best practices for writing Dockerfiles
Introduce that Best practices for writing Dockerfiles
Yukiya Hayashi
Plus de Yukiya Hayashi
(20)
I have a problem when operating AWS with multiple accounts
I have a problem when operating AWS with multiple accounts
My misstake on Ansible’s lineinfile module
My misstake on Ansible’s lineinfile module
AWS SSO x On-Prem AD Easy IAM user management on Jtf2021
AWS SSO x On-Prem AD Easy IAM user management on Jtf2021
AWS Cognito makes old web apps available from anywhere
AWS Cognito makes old web apps available from anywhere
アドベントカレンダー から学ぶOCIの空気感
アドベントカレンダー から学ぶOCIの空気感
オンボーディングを楽しむ
オンボーディングを楽しむ
事前アンケート集計 Terraform meetup tokyo#2
事前アンケート集計 Terraform meetup tokyo#2
I want the power of onboarding!
I want the power of onboarding!
How did you start learning Azure
How did you start learning Azure
My feelings of going to the first conference overseas
My feelings of going to the first conference overseas
Let's split text by awk command
Let's split text by awk command
What i feel when began use AWS CodePipeline as GitLab Ci user
What i feel when began use AWS CodePipeline as GitLab Ci user
Task and Time monitoring with Backlog and Toggl
Task and Time monitoring with Backlog and Toggl
Oiradaichi's Akamai Journey
Oiradaichi's Akamai Journey
What does the monitoring tool use at oisix ra daichi?
What does the monitoring tool use at oisix ra daichi?
We love backlog ! in reCap event.
We love backlog ! in reCap event.
What we expect of neo4j
What we expect of neo4j
Backlog World 2019 LT - We love backlog !
Backlog World 2019 LT - We love backlog !
20190116 neo4jug-lt
20190116 neo4jug-lt
Introduce that Best practices for writing Dockerfiles
Introduce that Best practices for writing Dockerfiles
Dernier
Architecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
Elevate Developer Efficiency & build GenAI Application with Amazon Q
Elevate Developer Efficiency & build GenAI Application with Amazon Q
Bhuvaneswari Subramani
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Edi Saputra
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
rafiqahmad00786416
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
Zilliz
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
The Digital Insurer
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
WSO2
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Khushali Kathiriya
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
Christopher Logan Kennedy
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
apidays
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Safe Software
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
Nanddeep Nachan
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
Zilliz
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Dropbox
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Juan lago vázquez
presentation ICT roal in 21st century education
presentation ICT roal in 21st century education
jfdjdjcjdnsjd
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
apidays
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Jeffrey Haguewood
Dernier
(20)
Architecting Cloud Native Applications
Architecting Cloud Native Applications
Elevate Developer Efficiency & build GenAI Application with Amazon Q
Elevate Developer Efficiency & build GenAI Application with Amazon Q
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
FWD Group - Insurer Innovation Award 2024
FWD Group - Insurer Innovation Award 2024
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
Understanding the FAA Part 107 License ..
Understanding the FAA Part 107 License ..
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
MS Copilot expands with MS Graph connectors
MS Copilot expands with MS Graph connectors
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
Exploring Multimodal Embeddings with Milvus
Exploring Multimodal Embeddings with Milvus
DBX First Quarter 2024 Investor Presentation
DBX First Quarter 2024 Investor Presentation
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
presentation ICT roal in 21st century education
presentation ICT roal in 21st century education
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Apidays New York 2024 - Passkeys: Developing APIs to enable passwordless auth...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
Web Form Automation for Bonterra Impact Management (fka Social Solutions Apri...
How to get rid of terraform plan diffs
1.
私がterraform planの 差分に怯えなくなった訳 オイシックス・ラ・大地(株)@morihaya55 Photo
by Alexandr Podvalny on Unsplash: https://unsplash.com/photos/WOxddhzhC1w LT at Terraform meetup tokyo #1 2019-08-01
2.
本日の流れ ● Who am
I ? ● 結論を最初に言うと「出力を読もう」 ● 差分具体例 ● 差分を取り込もう ● まとめ
3.
簡単な自己紹介 林 如弥(Yukiya Hayashi)
@morihaya55 ● これまで、インフラエンジニアとしてSier、ゲーム会 社等を経験してきました ● terraform歴は直近のシステムで4ヶ月程 ● 今は安全・安心な野菜をお届けするオイラ大地の システムの運用、改善をするSREです
4.
最初に結論を言います
5.
結論 terraform planの差分は 「ちゃんと出力を読めば怖く ない」></
6.
...だけだと怒られが発生し ますので
7.
具体例を挙げます
8.
差分例: Security Group ~
resource "aws_security_group" "digdag" { id = "sg-07ee4c2hogehoge" ~ ingress = [ - { - cidr_blocks = [ - "10.150.0.0/16", ] - description = "SSH Allow from private" - from_port = 22 - ipv6_cidr_blocks = [] - prefix_list_ids = [] - protocol = "tcp" - security_groups = [] - self = false - to_port = 22 }, - { - cidr_blocks = [ - "10.150.0.0/16", ] - description = "" - from_port = 65432 - ipv6_cidr_blocks = [] - prefix_list_ids = [] - protocol = "tcp" - security_groups = [] - self = false - to_port = 65432 }, + { + cidr_blocks = [ + "10.150.0.0/16", ] + description = null + from_port = 65432 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "tcp" + security_groups = [] + self = false + to_port = 65432 }, ] 注: ID,サブネットは適当なものに変換してます
9.
よく(?)ある AWSのSGを手動で 更新したケース 「あー、あの時は急いでたからさー(^^;」
10.
差分例: Security Group ~
resource "aws_security_group" "digdag" { id = "sg-07ee4c2hogehoge" ~ ingress = [ - { - cidr_blocks = [ - "10.150.0.0/16", ] - description = "SSH Allow from private" - from_port = 22 - ipv6_cidr_blocks = [] - prefix_list_ids = [] - protocol = "tcp" - security_groups = [] - self = false - to_port = 22 }, - { - cidr_blocks = [ - "10.150.0.0/16", ] - description = "" - from_port = 65432 - ipv6_cidr_blocks = [] - prefix_list_ids = [] - protocol = "tcp" - security_groups = [] - self = false - to_port = 65432 }, + { + cidr_blocks = [ + "10.150.0.0/16", ] + description = null + from_port = 65432 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "tcp" + security_groups = [] + self = false + to_port = 65432 }, ]
11.
差分例: Security Group ~
resource "aws_security_group" "digdag" { id = "sg-07ee4c2hogehoge" ~ ingress = [ - { - cidr_blocks = [ - "10.150.0.0/16", ] - description = "SSH Allow from private" - from_port = 22 - ipv6_cidr_blocks = [] - prefix_list_ids = [] - protocol = "tcp" - security_groups = [] - self = false - to_port = 22 }, - { - cidr_blocks = [ - "10.150.0.0/16", ] - description = "" - from_port = 65432 - ipv6_cidr_blocks = [] - prefix_list_ids = [] - protocol = "tcp" - security_groups = [] - self = false - to_port = 65432 }, + { + cidr_blocks = [ + "10.150.0.0/16", ] + description = null + from_port = 65432 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "tcp" + security_groups = [] + self = false + to_port = 65432 }, ] 削除される内容
12.
差分例: Security Group ~
resource "aws_security_group" "digdag" { id = "sg-07ee4c2hogehoge" ~ ingress = [ - { - cidr_blocks = [ - "10.150.0.0/16", ] - description = "SSH Allow from private" - from_port = 22 - ipv6_cidr_blocks = [] - prefix_list_ids = [] - protocol = "tcp" - security_groups = [] - self = false - to_port = 22 }, - { - cidr_blocks = [ - "10.150.0.0/16", ] - description = "" - from_port = 65432 - ipv6_cidr_blocks = [] - prefix_list_ids = [] - protocol = "tcp" - security_groups = [] - self = false - to_port = 65432 }, + { + cidr_blocks = [ + "10.150.0.0/16", ] + description = null + from_port = 65432 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "tcp" + security_groups = [] + self = false + to_port = 65432 }, ] 適用される内容
13.
差分例: Security Group ~
resource "aws_security_group" "digdag" { id = "sg-07ee4c2hogehoge" ~ ingress = [ - { - cidr_blocks = [ - "10.150.0.0/16", ] - description = "SSH Allow from private" - from_port = 22 - ipv6_cidr_blocks = [] - prefix_list_ids = [] - protocol = "tcp" - security_groups = [] - self = false - to_port = 22 }, - { - cidr_blocks = [ - "10.150.0.0/16", ] - description = "" - from_port = 65432 - ipv6_cidr_blocks = [] - prefix_list_ids = [] - protocol = "tcp" - security_groups = [] - self = false - to_port = 65432 }, + { + cidr_blocks = [ + "10.150.0.0/16", ] + description = null + from_port = 65432 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "tcp" + security_groups = [] + self = false + to_port = 65432 }, ] 適用される内容削除される内容
14.
ここまで見ての通り そして
15.
差分例: Security Group ~
resource "aws_security_group" "digdag" { id = "sg-07ee4c2hogehoge" ~ ingress = [ - { - cidr_blocks = [ - "10.150.0.0/16", ] - description = "SSH Allow from private" - from_port = 22 - ipv6_cidr_blocks = [] - prefix_list_ids = [] - protocol = "tcp" - security_groups = [] - self = false - to_port = 22 }, - { - cidr_blocks = [ - "10.150.0.0/16", ] - description = "" - from_port = 65432 - ipv6_cidr_blocks = [] - prefix_list_ids = [] - protocol = "tcp" - security_groups = [] - self = false - to_port = 65432 }, + { + cidr_blocks = [ + "10.150.0.0/16", ] + description = null + from_port = 65432 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "tcp" + security_groups = [] + self = false + to_port = 65432 }, ] 適用される内容削除される内容
16.
差分例: Security Group ~
resource "aws_security_group" "digdag" { id = "sg-07ee4c2hogehoge" ~ ingress = [ - { - cidr_blocks = [ - "10.150.0.0/16", ] - description = "SSH Allow from private" - from_port = 22 - ipv6_cidr_blocks = [] - prefix_list_ids = [] - protocol = "tcp" - security_groups = [] - self = false - to_port = 22 }, - { - cidr_blocks = [ - "10.150.0.0/16", ] - description = "" - from_port = 65432 - ipv6_cidr_blocks = [] - prefix_list_ids = [] - protocol = "tcp" - security_groups = [] - self = false - to_port = 65432 }, + { + cidr_blocks = [ + "10.150.0.0/16", ] + description = null + from_port = 65432 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "tcp" + security_groups = [] + self = false + to_port = 65432 }, ] 適用される内容削除される内容
17.
差分例: Security Group ~
resource "aws_security_group" "digdag" { id = "sg-07ee4c2hogehoge" ~ ingress = [ - { - cidr_blocks = [ - "10.150.0.0/16", ] - description = "SSH Allow from private" - from_port = 22 - ipv6_cidr_blocks = [] - prefix_list_ids = [] - protocol = "tcp" - security_groups = [] - self = false - to_port = 22 }, - { - cidr_blocks = [ - "10.150.0.0/16", ] - description = "" - from_port = 65432 - ipv6_cidr_blocks = [] - prefix_list_ids = [] - protocol = "tcp" - security_groups = [] - self = false - to_port = 65432 }, + { + cidr_blocks = [ + "10.150.0.0/16", ] + description = null + from_port = 65432 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "tcp" + security_groups = [] + self = false + to_port = 65432 }, ] 適用される内容削除される内容
18.
2つ目のルールは 完全に一致
19.
つまり
20.
差分例: Security Group ~
resource "aws_security_group" "digdag" { id = "sg-07ee4c2hogehoge" ~ ingress = [ - { - cidr_blocks = [ - "10.150.0.0/16", ] - description = "SSH Allow from private" - from_port = 22 - ipv6_cidr_blocks = [] - prefix_list_ids = [] - protocol = "tcp" - security_groups = [] - self = false - to_port = 22 }, 削除される内容 このルールが 消えるだけ
21.
ここでTerraformの 仕組みのおさらい
22.
Terraform超ざっくり図 クラウドサービス (実際の状態) tfstateファイル (Terraformが管理 する状態) 参考: https://www.terraform.io/docs/state/ tfファイル (コードとして宣言し た状態) 管理/開発者 書く
23.
Terraform超ざっくり図 クラウドサービス (実際の状態) tfstateファイル (Terraformが管理 する状態) 参考: https://www.terraform.io/docs/state/ tfファイル (コードとして宣言し た状態) 管理/開発者 plan/apply指示
24.
Terraform超ざっくり図 クラウドサービス (実際の状態) tfstateファイル (Terraformが管理 する状態) 参考: https://www.terraform.io/docs/state/ tfファイル (コードとして宣言し た状態) 管理/開発者 コードを読み込み
25.
Terraform超ざっくり図 クラウドサービス (実際の状態) tfstateファイル (Terraformが管理 する状態) 参考: https://www.terraform.io/docs/state/ tfファイル (コードとして宣言し た状態) 管理/開発者 突き合せ
26.
Terraform超ざっくり図 クラウドサービス (実際の状態) tfstateファイル (Terraformが管理 する状態) 参考: https://www.terraform.io/docs/state/ tfファイル (コードとして宣言し た状態) 管理/開発者 コードとして宣言した状態に、 実際の状態を変更する
27.
差分がある= コードが正しい or 実際の状態が正しい
28.
差分を見て、 どちらが正しいのか判断す る必要がある
29.
コードが正しいなら (これが普通) terraform apply
30.
実際の状態が正しいなら コードに取り込む必要があ る
31.
ここでもう一度 plan の差分を見ましょう
32.
差分例: Security Group ~
resource "aws_security_group" "digdag" { id = "sg-07ee4c2hogehoge" ~ ingress = [ - { - cidr_blocks = [ - "10.150.0.0/16", ] - description = "SSH Allow from private" - from_port = 22 - ipv6_cidr_blocks = [] - prefix_list_ids = [] - protocol = "tcp" - security_groups = [] - self = false - to_port = 22 }, - { - cidr_blocks = [ - "10.150.0.0/16", ] - description = "" - from_port = 65432 - ipv6_cidr_blocks = [] - prefix_list_ids = [] - protocol = "tcp" - security_groups = [] - self = false - to_port = 65432 }, + { + cidr_blocks = [ + "10.150.0.0/16", ] + description = null + from_port = 65432 + ipv6_cidr_blocks = [] + prefix_list_ids = [] + protocol = "tcp" + security_groups = [] + self = false + to_port = 65432 }, ] 適用される内容削除される内容 再掲
33.
あれ? よく見るとこの出力、 ほぼHCLでは?
34.
差分からコードへ - 1 ~
resource "aws_security_group" "digdag" { id = "sg-07ee4c2hogehoge" ~ ingress = [ - { - cidr_blocks = [ - "10.150.0.0/16", ] - description = "SSH Allow from private" - from_port = 22 - ipv6_cidr_blocks = [] - prefix_list_ids = [] - protocol = "tcp" - security_groups = [] - self = false - to_port = 22 }, - { - cidr_blocks = [ - "10.150.0.0/16", ] - description = "" - from_port = 65432 - ipv6_cidr_blocks = [] - prefix_list_ids = [] - protocol = "tcp" - security_groups = [] - self = false - to_port = 65432 }, 再掲
35.
差分からコードへ - 2 { cidr_blocks
= [ "10.150.0.0/16", ] description = "" from_port = 65432 ipv6_cidr_blocks = [] prefix_list_ids = [] protocol = "tcp" security_groups = [] self = false to_port = 65432 }, ~ resource "aws_security_group" "digdag" { id = "sg-07ee4c2hogehoge" ingress = [ { cidr_blocks = [ "10.150.0.0/16", ] description = "SSH Allow from private" from_port = 22 ipv6_cidr_blocks = [] prefix_list_ids = [] protocol = "tcp" security_groups = [] self = false to_port = 22 }, 再掲
36.
‘~’と’-’を置換で消して コードへ反映し、 terraform fmtで整える だけ!
37.
反映したら plan !!!
38.
No changes ! Mission
Complete!
39.
と言うのが簡単な パターン (こんなのばかりなら楽)
40.
簡単じゃないケースもある ● モジュールが対応してない ● プロバイダのバージョンが不足 ●
不具合 etc...
41.
立ち向かうには... ● terraform state
list/show/pull/push... ● terraform show ● terraform console ● terraform import ...
42.
正直難しいケースもあるけど Slackで相談してみては?!
43.
結論(再掲) terraform planの差分は 「ちゃんと出力を読めば怖く ない」></ (基本的には)
Télécharger maintenant