在 Terraform 销毁期间，terraform 在销毁 Auto-scaling 组之前尝试销毁 ECS 集群并且失败了 [英] During Terraform destroy, terraform is trying to destroy the ECS cluster before destroying the Auto-scaling group and is failing

问题描述

我已将 ECS 与容量提供程序一起用于部署我的应用程序，并为容量提供程序使用的 ASG 启用了缩减保护.在 Terraform destroy 期间，我看到 terraform 试图破坏 ECS 集群，尝试 10 分钟后失败并输出，错误:删除 ECS 集群时出错:ClusterContainsContainerInstancesException:当容器实例处于活动或耗尽状态时，无法删除集群.

I have used ECS with capacity provider for deployment of my application and have enabled scale-in protection for ASG used by capacity provider. During Terraform destroy I see terraform trying to destroy ECS cluster and after trying for 10 minutes it fails and outputs, Error: Error deleting ECS cluster: ClusterContainsContainerInstancesException: The Cluster cannot be deleted while Container Instances are active or draining.

我在这里做错了什么，

相关的 Terraform 脚本，

Relevant Terraform script,

适用于 ECS

#ecs auto-scaling
resource "aws_appautoscaling_target" "ecs_target" {
  max_capacity       = var.ecs_max_size -- (8)
  min_capacity       = var.ecs_min_size -- (2)
  resource_id        = "service/${aws_ecs_cluster.kong.name}/${aws_ecs_service.kong.name}"
  scalable_dimension = "ecs:service:DesiredCount"
  service_namespace  = "ecs"
}

resource "aws_appautoscaling_policy" "ecs_asg_cpu_policy" {
  name               = local.name
  policy_type        = "TargetTrackingScaling"
  resource_id        = aws_appautoscaling_target.ecs_target.resource_id
  scalable_dimension = aws_appautoscaling_target.ecs_target.scalable_dimension
  service_namespace  = aws_appautoscaling_target.ecs_target.service_namespace

  target_tracking_scaling_policy_configuration {
    predefined_metric_specification {
      predefined_metric_type = "ECSServiceAverageCPUUtilization"
    }

    target_value = 70
  }
}

FOR 容量提供者

resource "aws_autoscaling_group" "kong" {
  name                 = local.name
  launch_configuration = aws_launch_configuration.kong.name
  vpc_zone_identifier  = data.aws_subnet_ids.private.ids
  min_size             = var.asg_min_size --(1)
  max_size             = var.asg_max_size --(4) 
  desired_capacity     = var.asg_desired_capacity --(2)
  protect_from_scale_in = true
  tags = [
    {
      "key"                 = "Name"
      "value"               = local.name
      "propagate_at_launch" = true
    },
    {
      "key"                 = "AmazonECSManaged"
      "value"               = ""
      "propagate_at_launch" = true 
    }
  ]
}


resource "aws_ecs_capacity_provider" "capacity_provider" {
   name = local.name

   auto_scaling_group_provider {
      auto_scaling_group_arn         = aws_autoscaling_group.kong.arn
      managed_termination_protection = "ENABLED"

      managed_scaling {
           maximum_scaling_step_size = 4
           minimum_scaling_step_size = 1
           instance_warmup_period    = 120
           status                    = "ENABLED"
           target_capacity           = 75
      }
   }

  
}

resource "aws_ecs_cluster" "kong" {
  name      = local.name
  capacity_providers = [
    aws_ecs_capacity_provider.capacity_provider.name,
  ]
  tags = merge(
    {
      "Name"        = local.name,
      "Environment" = var.environment,
      "Description" = var.description,
      "Service"     = var.service,
    },
    var.tags
  )

   
   provisioner "local-exec" {
    when    = destroy
    command = "aws autoscaling update-auto-scaling-group --auto-scaling-group-name ${self.name} --min-size 0 --desired-capacity 0"

  }
}

Terraform 版本:Terraform v0.14.7

Terraform version: Terraform v0.14.7

• 提供者 registry.terraform.io/hashicorp/aws v3.46.0

推荐答案

这是 GitHub 中报告的长期存在的问题:

This is a long lasting issue reported in GitHub:

• terraform 在删除 ECS 服务之前尝试破坏 AWS ECS 集群

目前，似乎没有任何解决方案，除了手动干预或使用带有 AWS CLI 的 local-exec 临时来帮助 TF.

For now, there does not seem to be any solution to that, except manual interventions or using local-exec provisional with AWS CLI to aid TF.

这篇关于在 Terraform 销毁期间，terraform 在销毁 Auto-scaling 组之前尝试销毁 ECS 集群并且失败了的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！