Home > OS >  Terraform redeploys EC2 instance
Terraform redeploys EC2 instance

Time:10-23

I'm sure this one is an easy fix. I'm working with Terraform in AWS, deploying a VPC, Subnets, a Security Group (this looks like the issue) along with a single EC2 instance.

Symptoms

When deploying using terraform apply the first time everything creates as expected, however, immediately following up with another terraform apply or terraform plan shows that there are changes to the EC2 instance that required a redeploy of the EC2 instances. There are no changes to the underlying Terraform Code.

Upon applying again the EC2 instance is redeployed as reported by a terraform plan.

I would like this to not re-deploy every EC2 instance when running additional terraform apply commands. I'm not sure if it's possible, but I'm sure if it is it's something easy I'm just missing in the documentation.

Terraform files

vpc.tf

# Create a VPC
resource "aws_vpc" "vpcSandbox" {
  cidr_block = var.vpcSandboxCIDR
  tags = {
    Name      = "vpcSandbox"
    Terraform = "True"
  }
}

# Create DHCP Options for VPC
resource "aws_vpc_dhcp_options" "dhcpOptSandbox" {
  domain_name         = var.searchDomain
  domain_name_servers = ["208.67.220.220", "208.67.222.222"]

  tags = {
    Name      = "dhcpOptSandbox"
    Terraform = "True"
  }
}

# Associated DHCP Options for VPC
resource "aws_vpc_dhcp_options_association" "dhcpOptAssocSandbox" {
  vpc_id          = aws_vpc.vpcSandbox.id
  dhcp_options_id = aws_vpc_dhcp_options.dhcpOptSandbox.id
}

# Create all Subnets
resource "aws_subnet" "sub-sandbox1a" {
  vpc_id            = aws_vpc.vpcSandbox.id
  availability_zone = "us-east-1a"
  cidr_block        = "10.11.1.0/24"
  tags = {
    Terraform = "True"
  }
}
resource "aws_subnet" "sub-sandbox1b" {
  vpc_id            = aws_vpc.vpcSandbox.id
  availability_zone = "us-east-1b"
  cidr_block        = "10.11.2.0/24"
  tags = {
    Terraform = "True"
  }
}
resource "aws_subnet" "sub-sandbox1c" {
  vpc_id            = aws_vpc.vpcSandbox.id
  availability_zone = "us-east-1c"
  cidr_block        = "10.11.3.0/24"
  tags = {
    Terraform = "True"
  }
}
resource "aws_subnet" "sub-sandbox1d" {
  vpc_id            = aws_vpc.vpcSandbox.id
  availability_zone = "us-east-1d"
  cidr_block        = "10.11.4.0/24"
  tags = {
    Terraform = "True"
  }
}
resource "aws_subnet" "sub-sandbox1e" {
  vpc_id            = aws_vpc.vpcSandbox.id
  availability_zone = "us-east-1e"
  cidr_block        = "10.11.5.0/24"
  tags = {
    Terraform = "True"
  }
}
resource "aws_subnet" "sub-sandbox1f" {
  vpc_id            = aws_vpc.vpcSandbox.id
  availability_zone = "us-east-1f"
  cidr_block        = "10.11.6.0/24"
  tags = {
    Terraform = "True"
  }
}

# Create Internet Gateway for VPC
resource "aws_internet_gateway" "gwSandbox" {
  vpc_id = aws_vpc.vpcSandbox.id

  tags = {
    Name      = "gwSandbox"
    Terraform = "True"
  }
}

# Adding some routes to the sandbox VPC
resource "aws_route" "default-v4-sandbox" {
  route_table_id         = aws_vpc.vpcSandbox.default_route_table_id
  destination_cidr_block = "0.0.0.0/0"
  gateway_id             = aws_internet_gateway.gwSandbox.id
}
resource "aws_route" "default-v6-sandbox" {
  route_table_id              = aws_vpc.vpcSandbox.default_route_table_id
  destination_ipv6_cidr_block = "::/0"
  gateway_id                  = aws_internet_gateway.gwSandbox.id
}

securitygroup.tf

# Create security groups for test server
resource "aws_security_group" "sandbox" {
  name        = "sandbox"
  description = "Allow SSH inbound traffic from Trusted Internet Addresses and all Outbound Traffic"
  vpc_id      = aws_vpc.vpcSandbox.id
  tags = {
    Name      = "sandbox"
    Terraform = "True"
  }
}

resource "aws_security_group_rule" "workHQOfficeInbound" {
  type        = "ingress"
  from_port   = 0
  to_port     = 0
  protocol    = "-1"
  cidr_blocks = [var.workOfficeWAN]
  security_group_id = aws_security_group.sandbox.id
}

resource "aws_security_group_rule" "tgs_office_inbound" {
  type              = "ingress"
  from_port         = 0
  to_port           = 65535
  protocol          = "-1"
  cidr_blocks       = [var.devOfficeWAN]
  security_group_id = aws_security_group.sandbox.id
}

resource "aws_security_group_rule" "alloutbound" {
  type              = "egress"
  from_port         = 0
  to_port           = 0
  protocol          = "-1"
  cidr_blocks       = ["0.0.0.0/0"]
  ipv6_cidr_blocks  = ["::/0"]
  security_group_id = aws_security_group.sandbox.id
}

ec2.tf

## Adding a test server
# Create a new Keypair
resource "aws_key_pair" "deployer" {
  key_name   = "deployer-key"
  public_key = var.certDeployerPub
  tags = {
    Name      = "deployer"
    Terraform = "True"
  }
}

# Creating an interface for the test server
resource "aws_network_interface" "int-tc-amazlinux" {
  subnet_id = aws_subnet.sub-sandbox1a.id
  # private_ips = ["172.16.10.100"]

  tags = {
    Name      = "int-tc-amazlinux"
    Terraform = "True"
  }
}

# Adding a test Server
resource "aws_instance" "tc-amazlinux01" {
  ami                         = "ami-0e341fcaad89c3650"
  instance_type               = "t4g.small"
  key_name                    = aws_key_pair.deployer.key_name
  subnet_id                   = aws_subnet.sub-sandbox1a.id
  associate_public_ip_address = "true"
  security_groups = [
    aws_security_group.sandbox.id
  ]

  tags = {
    Name      = "tc-amazlinux01"
    Terraform = "True"
  }
}

Output

The following is an output example from running a terraform apply immediately followed by another terraform plan without any modification to the terraform files.

For length sake, it's here: https://pastebin.com/raw/2Ly0NmVr

CodePudding user response:

This probably happens because your security groups are incorrect.

So it should be:

resource "aws_instance" "tc-amazlinux01" {
  ami                         = "ami-0e341fcaad89c3650"
  instance_type               = "t4g.small"
  key_name                    = aws_key_pair.deployer.key_name
  subnet_id                   = aws_subnet.sub-sandbox1a.id
  associate_public_ip_address = "true"
  vpc_security_group_ids = [
    aws_security_group.sandbox.id
  ]

  tags = {
    Name      = "tc-amazlinux01"
    Terraform = "True"
  }
}
  • Related