Terraform wants to replace existing resources

0
votes

TF Version: 0.12.28 and 0.13.3

My Goal:

  • Have an AWS S3 bucket for PROD env to store tf state
  • Have an AWS S3 bucket for NONPROD env to store tf state

Following this tutorial I successfully accomplished the following:

  • a AWS S3 bucket and a dynamodb from a folder called TEST:
provider "aws" {
  region = var.aws_region_id
}

resource "aws_s3_bucket" "terraform_state" {
    bucket = var.aws_bucket_name
    versioning {
      enabled = true
    }
    server_side_encryption_configuration {
      rule {
        apply_server_side_encryption_by_default {
          sse_algorithm = "AES256"
        }
      }
    }
}

resource "aws_dynamodb_table" "terraform_locks" {
  name         = var.aws_bucket_name
  billing_mode = "PAY_PER_REQUEST"
  hash_key     = "LockID"
  attribute {
    name = "LockID"
    type = "S"
  }
}

terraform {
  backend "s3" {
    bucket         = "test-myproject-poc"
    key            = "global/s3/terraform.tfstate"
    region         = "us-east-1"
    dynamodb_table = "test-myproject-poc"
    encrypt        = true
  }
}

Up to this point everything was successfully deployed

However when I wanted to have another S3 bucket/Dynamodb for PROD env the following happened:

  • I went to another folder called PRODUCTION, I did terraform init (initialization was ok)
  • copied the same module I have on PROD to this folder. And I renamed PROD with TEST to match the env

Terrarom plan now says it wants to replace my actual deployment to create the new one:

➜  S3 tf plan
Acquiring state lock. This may take a few moments...
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.

aws_dynamodb_table.terraform_locks: Refreshing state... [id=test-myproject-poc]
aws_s3_bucket.terraform_state: Refreshing state... [id=test-myproject-poc]

------------------------------------------------------------------------

An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement

Terraform will perform the following actions:

  # aws_dynamodb_table.terraform_locks must be replaced
-/+ resource "aws_dynamodb_table" "terraform_locks" {
      ~ arn              = "arn:aws:dynamodb:us-east-1:1234567890:table/test-myproject-poc" -> (known after apply)
        billing_mode     = "PAY_PER_REQUEST"
        hash_key         = "LockID"
      ~ id               = "test-myproject-poc" -> (known after apply)
      ~ name             = "test-myproject-poc" -> "prod-myproject-poc" # forces replacement
  • The state is actually on global/s3/terraform.tfstate
  • I'm not using workspaces

What is the proper way to create S3_PROD without deleting the first one?

1
amazon-s3terraform

1 Answers

0
votes

I solved the issue! Just found out that I needed to remove this block:

terraform {
  backend "s3" {
    bucket         = "test-myproject-poc"
    key            = "global/s3/terraform.tfstate"
    region         = "us-east-1"
    dynamodb_table = "test-myproject-poc"
    encrypt        = true
  }
}

dropped .terraform folder and run init again.

After doing these steps, plan ran as expected (it didn't try to remove my deployment).

What I think, but not sure tough, is that it was trying to use the same state file previously deployed. So I just left tf to create the bucket and dynamo table to finally run the process of storing the new state of the new folder (PROD) in S3.

HTH