Part of the 2023 Cornell AWS Direct Connect Architecture Migration process creates new tags on Cornell AWS VPCs that use Direct Connect. Those tags, prefixed by "cit:", can cause Terraform to hiccup if you use Terraform to manage AWS network resources.
Please don't allow Terraform to delete the "cit:" tags! They are important for the migration to the v2 Direct Connect architecture. If you (or Terraform) delete those tags, they will be recreated before the migration proceeds. |
This is what it looks like when Terraform finds those tags, and makes a plan to delete them:
# terraform plan aws_vpc.blank-vpc: Refreshing state... [id=vpc-cde7e0a8] ... aws_route_table_association.v2-private-1: Refreshing state... [id=rtbassoc-08f9e7ea923cc8454] Terraform used the selected providers to generate the following execution plan. Resource actions are indicated with the following symbols: ~ update in-place Terraform will perform the following actions: # aws_subnet.example will be updated in-place ~ resource "aws_subnet" "example" { id = "subnet-0d705338215b4d08b" ~ tags = { - "cit:dc-arch-migration-description" = "No change." -> null - "cit:dc-arch-migration-target" = "no" -> null - "cit:dc-arch-version" = "v1" -> null - "cit:subnet-type" = "public" -> null # (1 unchanged element hidden) } ~ tags_all = { - "cit:dc-arch-migration-description" = "No change." -> null - "cit:dc-arch-migration-target" = "no" -> null - "cit:dc-arch-version" = "v1" -> null - "cit:subnet-type" = "public" -> null # (1 unchanged element hidden) } # (14 unchanged attributes hidden) } Plan: 0 to add, 1 to change, 0 to destroy. |
You can tell Terraform to ignore those tags by adding a lifecycle
stanza to the resource and setting the ignore_changes
attribute as shown below. The next time you run Terraform plan/apply, Terraform will ignore any of those tags.
resource "aws_subnet" "example" { cidr_block = "10.92.117.128/25" vpc_id = aws_vpc.example.id ... tags = { Name = "example-subnet" } lifecycle { ignore_changes = [ tags["cit:dc-arch-migration-description"], tags["cit:dc-arch-migration-target"], tags["cit:dc-arch-version"], tags["cit:dc-vgw"], tags["cit:subnet-type"], tags["cit:tgw-attachment-target"], ] } } |
TBD
resource "aws_subnet" "example" { cidr_block = "10.92.117.128/25" vpc_id = aws_vpc.example.id ... tags = { Name = "example-subnet" } lifecycle { ignore_changes = [ "tags.%", "tags.cit:dc-arch-migration-description", "tags.cit:dc-arch-migration-target", "tags.cit:dc-arch-version", "tags.cit:dc-vgw", "tags.cit:subnet-type", "tags.cit:tgw-attachment-target", ] } } |
If your Terraform version doesn't allow you to name specific tags, you can tell it to ignore all tag changes:
Or
|