Introduction
If you use Terraform to manage AWS network resources, you will likely see that Terraform would like to delete the "cit:" tags on those resources when you next run a Terraform plan/apply. See example Terraform plan output:
# tf plan
aws_vpc.blank-vpc: Refreshing state... [id=vpc-cde7e0a8]
...
aws_route_table_association.v2-private-1: Refreshing state... [id=rtbassoc-08f9e7ea923cc8454]
Terraform used the selected providers to generate the following execution plan. Resource actions are
indicated with the following symbols:
~ update in-place
Terraform will perform the following actions:
# aws_subnet.example will be updated in-place
~ resource "aws_subnet" "example" {
id = "subnet-0d705338215b4d08b"
~ tags = {
- "cit:dc-arch-migration-description" = "No change." -> null
- "cit:dc-arch-migration-target" = "no" -> null
- "cit:dc-arch-version" = "v1" -> null
- "cit:subnet-type" = "public" -> null
# (1 unchanged element hidden)
}
~ tags_all = {
- "cit:dc-arch-migration-description" = "No change." -> null
- "cit:dc-arch-migration-target" = "no" -> null
- "cit:dc-arch-version" = "v1" -> null
- "cit:subnet-type" = "public" -> null
# (1 unchanged element hidden)
}
# (14 unchanged attributes hidden)
}
Plan: 0 to add, 1 to change, 0 to destroy.
Please don't delete those tags–they are important to the migration to the v2 Direct Connect architecture. If you delete the tags, they will be recreated before the migration proceeds.
You can tell Terraform to ignore those tags by adding a lifecycle stanza to the resource and using the ignore_changes attribute as shown below:
resource "aws_subnet" "example" {
cidr_block = "10.92.117.128/25"
vpc_id = aws_vpc.example.id
...
tags = {
Name = "example-subnet"
}
lifecycle {
ignore_changes = [
tags["cit:dc-arch-migration-description"],
tags["cit:dc-arch-migration-target"],
tags["cit:dc-arch-version"],
tags["cit:dc-vgw"],
tags["cit:subnet-type"],
tags["cit:tgw-attachment-target"],
]
}
}
References
- Terraform