網頁

2021/12/17

Terraform Error: error creating Secrets Manager Secret: InvalidRequestException: You can't create this secert because a secret with this name is already schedule for deletion

Terraform建立resource aws_secretsmanager_secret時出現錯誤訊息:


Error: error creating Secrets Manager Secret: InvalidRequestException: You can't create this secert because a secret with this name is already schedule for deletion.


錯誤原因是之前曾經刪除的Secrets Manager的secret其實不會立刻被AWS刪除,而是放在刪除排程中等待recovery window時間過後才會真正刪除,因此Terraform再次建立同名的secret時出現以上錯誤訊息。


強制刪除secret

可在AWS CLI輸入下面指令強制立刻刪除secret來解決此問題:

aws secretsmanager delete-secret --secret-id your-secret --force-delete-without-recovery --region your-region

your-secret改成要立刻刪除的secret名稱;
your-region改成要立刻刪除secret所在的region。


設定recovery window

或一開始設定resouce aws_secretsmanager_secret的屬性recovery_window_in_days可設定recovery window的天數,也就是要等多少天後secret才會真正被刪除,若未設定預設為30天,若要立即刪除則可設為0。

resource "aws_secretsmanager_secret" "mysecret" {
    name                    = "mysecert"
    recovery_window_in_days = 0
}


沒有留言:

張貼留言