Terraform has this great concept of “modules” which have a ton of uses. One of the most common is to have a resource-specific module that builds a resource with the required security and operational settings your org has standardized on. That lets your module receive just the bare minimum of values (making life easier for developers), and still building things appropriately and securely.
Terraform’s behavior with most resources and calls works well in this way, but interestingly, AWS EC2 is not in that list. There is a significant bug with how Terraform (and the AWS API) handles building ec2 modules. Here’s the GitHub bug report (opened fully 3.5 years ago at time of this blog’s publication):
The problem arises when a user attempts to update a non-root EBS volume, which is the way AWS manages additional disks for your hosts. Rather than supporting an uptime change (like the AWS console does), Terraform requires you to destroy the host and rebuild from scratch.
#devops #aws #terraform