You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 4 Next »

Introduction

Part of the 2023 Cornell AWS Direct Connect Architecture Migration process creates new tags on Cornell AWS VPCs that use Direct Connect. Those tags, prefixed by "cit:", can cause Terraform to hiccup if you use Terraform to manage AWS network resources.

Please don't allow Terraform to delete the "cit:" tags! They are important for the migration to the v2 Direct Connect architecture. And your (or Terraform) deletes those tags, they will be recreated before the migration proceeds.

This is what it looks like when Terraform finds those tags, and makes a plan to delete them:

# tf plan
aws_vpc.blank-vpc: Refreshing state... [id=vpc-cde7e0a8]
...
aws_route_table_association.v2-private-1: Refreshing state... [id=rtbassoc-08f9e7ea923cc8454]

Terraform used the selected providers to generate the following execution plan. Resource actions are
indicated with the following symbols:
  ~ update in-place

Terraform will perform the following actions:

  # aws_subnet.example will be updated in-place
  ~ resource "aws_subnet" "example" {
        id                                             = "subnet-0d705338215b4d08b"
      ~ tags                                           = {
          - "cit:dc-arch-migration-description" = "No change." -> null
          - "cit:dc-arch-migration-target"      = "no" -> null
          - "cit:dc-arch-version"               = "v1" -> null
          - "cit:subnet-type"                   = "public" -> null
            # (1 unchanged element hidden)
        }
      ~ tags_all                                       = {
          - "cit:dc-arch-migration-description" = "No change." -> null
          - "cit:dc-arch-migration-target"      = "no" -> null
          - "cit:dc-arch-version"               = "v1" -> null
          - "cit:subnet-type"                   = "public" -> null
            # (1 unchanged element hidden)
        }
        # (14 unchanged attributes hidden)
    }

Plan: 0 to add, 1 to change, 0 to destroy.


Tell Terraform to Ignore the Tags

You can tell Terraform to ignore those tags by adding a lifecycle stanza to the resource and setting the ignore_changes attribute as shown below:

resource "aws_subnet" "example" {
  cidr_block        = "10.92.117.128/25"
  vpc_id            = aws_vpc.example.id

  ... 

  tags = {
    Name = "example-subnet"
  }

  lifecycle {
    ignore_changes = [
      tags["cit:dc-arch-migration-description"],
      tags["cit:dc-arch-migration-target"],
      tags["cit:dc-arch-version"],
      tags["cit:dc-vgw"],
      tags["cit:subnet-type"],
      tags["cit:tgw-attachment-target"],
    ]
  }
}

The next time you run Terraform plan/apply, Terraform will ignore any of those tags.

References

  • No labels