在 Terraform 销毁期间，terraform 在销毁 Auto-scaling 组之前尝试销毁 ECS 集群并且失败了

Posted 2023-03-24

【中文标题】在 Terraform 销毁期间，terraform 在销毁 Auto-scaling 组之前尝试销毁 ECS 集群并且失败了

【英文标题】：During Terraform destroy, terraform is trying to destroy the ECS cluster before destroying the Auto-scaling group and is failing

【发布时间】：2021-09-08 00:46:35

【问题描述】：

我已将 ECS 与容量提供程序一起用于部署我的应用程序，并为容量提供程序使用的 ASG 启用了缩减保护。在 Terraform 破坏期间，我看到 terraform 试图破坏 ECS 集群，尝试 10 分钟后失败并输出， 错误：删除 ECS 集群时出错：ClusterContainsContainerInstancesException：当容器实例处于活动状态或耗尽时，无法删除集群。

我在这里做错了什么，

相关的 Terraform 脚本，

适用于 ECS

#ecs auto-scaling
resource "aws_appautoscaling_target" "ecs_target" 
  max_capacity       = var.ecs_max_size -- (8)
  min_capacity       = var.ecs_min_size -- (2)
  resource_id        = "service/$aws_ecs_cluster.kong.name/$aws_ecs_service.kong.name"
  scalable_dimension = "ecs:service:DesiredCount"
  service_namespace  = "ecs"


resource "aws_appautoscaling_policy" "ecs_asg_cpu_policy" 
  name               = local.name
  policy_type        = "TargetTrackingScaling"
  resource_id        = aws_appautoscaling_target.ecs_target.resource_id
  scalable_dimension = aws_appautoscaling_target.ecs_target.scalable_dimension
  service_namespace  = aws_appautoscaling_target.ecs_target.service_namespace

  target_tracking_scaling_policy_configuration 
    predefined_metric_specification 
      predefined_metric_type = "ECSServiceAverageCPUUtilization"
    

    target_value = 70
  

FOR 容量提供者

resource "aws_autoscaling_group" "kong" 
  name                 = local.name
  launch_configuration = aws_launch_configuration.kong.name
  vpc_zone_identifier  = data.aws_subnet_ids.private.ids
  min_size             = var.asg_min_size --(1)
  max_size             = var.asg_max_size --(4) 
  desired_capacity     = var.asg_desired_capacity --(2)
  protect_from_scale_in = true
  tags = [
    
      "key"                 = "Name"
      "value"               = local.name
      "propagate_at_launch" = true
    ,
    
      "key"                 = "AmazonECSManaged"
      "value"               = ""
      "propagate_at_launch" = true 
    
  ]



resource "aws_ecs_capacity_provider" "capacity_provider" 
   name = local.name

   auto_scaling_group_provider 
      auto_scaling_group_arn         = aws_autoscaling_group.kong.arn
      managed_termination_protection = "ENABLED"

      managed_scaling 
           maximum_scaling_step_size = 4
           minimum_scaling_step_size = 1
           instance_warmup_period    = 120
           status                    = "ENABLED"
           target_capacity           = 75
      
   

  


resource "aws_ecs_cluster" "kong" 
  name      = local.name
  capacity_providers = [
    aws_ecs_capacity_provider.capacity_provider.name,
  ]
  tags = merge(
    
      "Name"        = local.name,
      "Environment" = var.environment,
      "Description" = var.description,
      "Service"     = var.service,
    ,
    var.tags
  )

   
   provisioner "local-exec" 
    when    = destroy
    command = "aws autoscaling update-auto-scaling-group --auto-scaling-group-name $self.name --min-size 0 --desired-capacity 0"

  

Terraform 版本： Terraform v0.14.7

提供者 registry.terraform.io/hashicorp/aws v3.46.0

【参考方案1】：

这是 GitHub 中报告的长期存在的问题：

terraform attempts to destroy AWS ECS cluster before Deleting ECS Service

目前，似乎没有任何解决方案，除了手动干预或使用带有 AWS CLI 的 local-exec 临时来帮助 TF。

【讨论】：

我应该在 local-exec 中使用什么，使用 aws autoscaling update-auto-scaling-group --auto-scaling-group-name $self.name --min- size 0 --desired-capacity 0 不起作用，因为启用了扩展保护。我在 ASG 的活动日志中看到了这一点