Edit: I just noticed the error seems to be about the filesystem arn I have specified and not the subnet arn so I've edited the question. Good grief.
I'm trying to define an aws_datasync_location_efs object in Terraform using the example here
The datasync location wants a efs_file_system_arn so this seems like it should work but why am I getting this error?
Error: creating DataSync Location EFS: ValidationException: 1
validation error detected: Value
'arn:aws:elasticfilesystem:us-east-1::file-system/fs-0d5b67a50ea988fb6'
at 'efsFilesystemArn' failed to satisfy constraint: Member must
satisfy regular expression pattern:
^arn:(aws|aws-cn|aws-us-gov|aws-iso|aws-iso-b):elasticfilesystem:[a-z-0-9]+:[0-9]{12}:file-system/fs-[0-9a-f]{8,40}$
status code: 400, request id:
e5f906d9-068b-4250-a9d7-63dd5dc813d1 with
aws_datasync_location_efs.example, on efs.tf line 71, in resource
"aws_datasync_location_efs" "example": 71: resource
"aws_datasync_location_efs" "example" {
private subnet variables in variables.tf
variable "my_private_subnets" {
type = list
description = "private subnet within vpc cidr block"
default = ["10.0.100.0/24", "10.0.102.0/24"]
}
the vpc in main.tf
module "vpc" {
source = "terraform-aws-modules/vpc/aws"
name = "${var.my_project}-vpc"
cidr = "${var.my_cidr}"
azs = ["${var.my_region}a", "${var.my_region}b"]
private_subnets = [for subnet in var.my_private_subnets: subnet]
public_subnets = [for subnet in var.my_public_subnets: subnet]
enable_nat_gateway = true
enable_dns_hostnames = true
enable_dns_support = true
}
my datasync declaration in efs.tf
resource "aws_efs_mount_target" "my_target1" {
file_system_id = aws_efs_file_system.my_efs.id
subnet_id = module.vpc.private_subnets[0]
security_groups = [aws_security_group.my_efs-sg.id]
}
resource "aws_efs_mount_target" "my_target2" {
file_system_id = aws_efs_file_system.my_efs.id
subnet_id = module.vpc.private_subnets[1]
security_groups = [aws_security_group.my_efs-sg.id]
}
resource "aws_datasync_location_efs" "example" {
efs_file_system_arn = aws_efs_mount_target.my_target1.file_system_arn
ec2_config {
security_group_arns = [aws_security_group.my_efs-sg.arn]
subnet_arn = module.vpc.public_subnet_arns[0]
}
}
Related
I am trying to map my ENI to my subnet and its throwing an error.
Because there is a for_each loop on the subnet the ENI pointing to it must also have a looped key/value added to it hence the problem
main.tf
# VPC
resource "aws_vpc" "main" {
cidr_block = local.json.vpc.cidr
tags = {
Name = "vpc"
}
}
# Subnet
resource "aws_subnet" "public" {
for_each = local.api
vpc_id = aws_vpc.main.id
cidr_block = each.value.subnet_cidr
availability_zone = each.value.subnet_az
}
# ENI
resource "aws_network_interface" "eni" {
for_each = local.api
subnet_id = aws_subnet.public[each.key].id
private_ips = ["172.16.10.100"] # Might need to add another IP
tags = {
Name = "primary_network_interface"
}
}
my locals look like this
locals {
json = jsondecode(file("API.json"))
api = merge([
for vpc in local.json : {
for subnet in vpc.subnets :
"${vpc.name}-${subnet.name}" => {
vpc_name = vpc.name
vpc_cidr = vpc.cidr
subnet_name = subnet.name
subnet_cidr = subnet.cidr
subnet_az = subnet.az
}
}
]...)
}
their output (local.api) from terraform console
{
"vpc-subnet-one" = {
"subnet_az" = "eu-central-1a"
"subnet_cidr" = "192.168.1.0/24"
"subnet_name" = "subnet-one"
"vpc_cidr" = "192.168.0.0/16"
"vpc_name" = "vpc"
}
"vpc-subnet-two" = {
"subnet_az" = "eu-central-1b"
"subnet_cidr" = "192.168.4.0/24"
"subnet_name" = "subnet-two"
"vpc_cidr" = "192.168.0.0/16"
"vpc_name" = "vpc"
}
}
error message
status code: 400, request id: 64e031e5-11ea-4f6d-a03c-9a36a1ff56af
with aws_network_interface.eni["vpc-subnet-one"],
on main.tf line 20, in resource "aws_network_interface" "eni":
20: resource "aws_network_interface" "eni" {
Error: creating EC2 Network Interface: InvalidParameterValue: Address does not fall within the subnet's address range
status code: 400, request id: 7842f089-08b4-4042-b928-7830a37ffe28
with aws_network_interface.eni["vpc-subnet-two"],
on main.tf line 20, in resource "aws_network_interface" "eni":
20: resource "aws_network_interface" "eni" {
I've followed this documenation and validated everything else is correct. I still can't seem to figure out what value should be set on subnet_id
Bonus cheeky points - I am trying to configure 2 EC2's, Should i give our eni a secondary private_ips?
The error means that your IP 172.16.10.100 is invalid for your subnet CIDR range 192.168.1.0/24 and 192.168.4.0/24. Obviously this is correct because your IP should be in the correct range. For example:
private_ips = ["192.168.1.100"] # for the first subnet
private_ips = ["192.168.4.100"] # for the second subnet
I create modules for creating AWS vpc, security group and EC2. I make EC2 module depend on vpc and the security group module.
but I get that error:
no matching EC2 Security Group found
on .terraform/modules/main_ec2/modules/EC2Module/main.tf line 26, in data "aws_security_group" "security_group_id":
26: data "aws_security_group" "security_group_id" {
EC2 module
data "aws_subnet" "subnet_id" {
vpc_id = var.vpc_id
count = length(var.subnet_name)
depends_on = [var.subnet_id_depends_on]
filter {
name = "tag:Name"
values = ["VPC0${var.vpc_number}-${element(var.subnet_name, count.index)}"]
}
}
data "aws_security_group" "security_group_id" {
count = length(var.Server_Group_Name)
depends_on = [var.security_group_depends_on]
filter {
name = "tag:Name"
values = ["${local.name}-SG-${var.Server_Group_Name[count.index]}-${format("%02d", count.index + 1)}"]
}
}
resource "aws_instance" "create_instance" {
ami = "${element(data.aws_ami_ids.ami_id.*.id, count.index)}"
instance_type = var.EC2_Type[count.index]
subnet_id = "${element(data.aws_subnet.subnet_id.*.id, count.index)}"
associate_public_ip_address = "true"
vpc_security_group_ids = [ data.aws_security_group.security_group_id[count.index].id ]
key_name = "${local.name}-KP-${var.Server_Name[count.index]}"
depends_on = [var.EC2_depends_on]
}
sg module
resource "aws_security_group" "SGS" {
count = length(var.Server_Group_Name)
name = "${local.name}-SG-${var.Server_Group_Name[count.index]}-${format("%02d", count.index + 1)}"
description = "${local.name}-SG-${var.Server_Group_Name[count.index]}-${format("%02d", count.index + 1)}"
vpc_id = var.vpc_id
tags = {
name = "tag:Name"
values = "${local.name}-SG-${var.Server_Group_Name[count.index]}-${format("%02d", count.index + 1)}"
}
varibles.tf
variable "subnet_id_depends_on" {
type = list(string)
default = ["module.vpc_main"]
}
variable "security_group_depends_on" {
type = list(string)
default = ["module.sg"]
}
variable "EC2_depends_on" {
type = list(string)
default = [ "module.vpc_main", "module.sg", "module.key_pair" ]
}
for example, I call modules like that:
module "main_ec2" {
source = "/home/reham/Data/projectes/terraform//modules/EC2Module"
subnet_id_depends_on = var.subnet_id_depends_on
security_group_depends_on = var.security_group_depends_on
ami_name = var.ami_name
EC2_depends_on = var.EC2_depends_on
}
Outputs defined in the sg module:
output "vpc_id" {
description = "VPC ID"
value = aws_vpc.vpc.id
}
output "primary_public_subnets_id" {
description = "public subnet ID"
value = aws_subnet.primary_public_subnets.*.id
}
output "secondary_public_subnets_id" {
description = "public subnet ID"
value = aws_subnet.secondary_public_subnets.*.id
}
output "primary_private_subnets_id" {
description = "public subnet ID"
value = aws_subnet.primary_private_subnets.*.id
}
output "security-groups" {
value = aws_security_group.SGS[*].id
}
what must I do to solve this problem?
There is more than one issue with the code and it is a result of probably not understanding how the module outputs work [1]. The second part of the issue is that there are many explicit dependencies defined with depends_on which are not required to be there since implicit dependencies are good enough [2]. Furthermore, as per comments, data sources in the EC2 module are not required as information about VPC, subnets and security groups can be provided with the outputs. Additionally, the EC2 instance resource is using count, but there is no count meta-argument there, so it will not work even if all the inputs are fixed. So here are my suggestions:
Redefine variables in the EC2 module (no need for depdends_on) and remove data sources (except possibly the one for the AMI)
Decide which variable you are going to use for the count meta-argument in the EC2 instance resource
I am going to give you an example with one subnet and security groups and then you can build from there. The EC2 module fixes:
resource "aws_instance" "create_instance" {
ami = data.aws_ami_ids.ami_id[0].id
instance_type = var.EC2_Type
subnet_id = var.subnet_id
associate_public_ip_address = "true"
vpc_security_group_ids = var.security_group_ids
key_name = "${local.name}-KP-${var.Server_Name[0]}"
}
In EC2 module, the variables would have to be changed to:
variable "subnet_id" {}
variable "security_group_ids" {}
Then, in the root module:
module "main_ec2" {
source = "/home/reham/Data/projectes/terraform//modules/EC2Module"
subnet_id = module.sg.primary_public_subnets_id[0]
security_group_ids = module.sg.security-groups
ami_name = var.ami_name
}
Referencing the module outputs in the EC2 module will make sure that the SG module is created first (that is an implicit dependency). At best this should give you a result for one EC2 instance as it seems there are many resources that rely on using the count meta-argument and that code is not in the question.
[1] https://www.terraform.io/language/values/outputs#accessing-child-module-outputs
[2] https://www.terraform.io/language/resources/behavior#resource-dependencies
I am trying to create nat gateway from terraform by using AWS as provider but subnet_id in resource aws_nat_gateway always gives me error. I am trying to assign public subnet in subnet_id on resource "aws_nat_gateway" "sample_nat_gateway" from variables.tf file but failing in doing so and need support if someone can assist ?
Below is my vpc.tf file of vpc module
resource "aws_subnet" "public-subnet" {
for_each = var.prefix
availability_zone_id = each.value["az"]
cidr_block = each.value["cidr"]
vpc_id = aws_vpc.sample_vpc.id
tags = {
Name = "${var.name}-${each.value["az"]}"
}
}
resource "aws_nat_gateway" "sample_nat_gateway" {
allocation_id = aws_eip.sample_eip.id
subnet_id = ""
tags = {
Name = "${var.name}-sample-nat-gateway"
Environment = var.environment
}
depends_on = [aws_internet_gateway.sample_igw]
}
variables.tf
variable "prefix" {
type = map
default = {
sub-1 = {
az = "use2-az1"
cidr = "10.0.1.0/16"
}
sub-2 = {
az = "use2-az2"
cidr = "10.0.2.0/24"
}
}
}
Subent's can't be empty You have to provide valid subnet id where the NAT is going to be placed. For example:
resource "aws_nat_gateway" "sample_nat_gateway" {
allocation_id = aws_eip.sample_eip.id
subnet_id = aws_subnet.public-subnet["sub-1"].id
tags = {
Name = "${var.name}-sample-nat-gateway"
Environment = var.environment
}
depends_on = [aws_internet_gateway.sample_igw]
}
where aws_subnet.example is one of the public subnets in your VPC.
I just started with Terraform infrastructure. Trying to create a vpc module that will contain code for vpc, subnets, internet gateway, rout table. Also creating a separate tf file for rds , which will refer to the vpc module and utilize the private subnets declared in vpc module.
Created a vpc module that has vpc.tf with following
provider "aws" {
region = var.region
}
terraform {
backend "s3" {}
}
resource "aws_vpc" "production-vpc" {
cidr_block = var.vpc_cidr
enable_dns_hostnames = true
tags = {
Name = "Dev-VPC"
}
}
// Private Subnets
resource "aws_subnet" "private-subnet-1" {
cidr_block = var.private_subnet_1_cidr
vpc_id = aws_vpc.production-vpc.id
availability_zone = "us-east-1a"
tags = {
Name = "Private-Subnet-1"
}
}
resource "aws_subnet" "private-subnet-2" {
cidr_block = var.private_subnet_2_cidr
vpc_id = aws_vpc.production-vpc.id
availability_zone = "us-east-1b"
tags = {
Name = "Private-Subnet-2"
}
}
The output.tf has following
output "private-subnet1-id" {
description = "Private Subnet1 Id"
value = aws_subnet.private-subnet-1.*.id
}
output "private-subnet2-id" {
description = "Private Subnet2 Id"
value = aws_subnet.private-subnet-2.*.id
}
The file is saved in folder \module\vpc folder
Created rds.tf as follows in folder \rds
provider "aws" {
region = var.region
}
terraform {
backend "s3" {}
}
module "vpc" {
source = "../module/vpc"
}
resource "aws_db_subnet_group" "subnetgrp" {
name = "dbsubnetgrp"
subnet_ids = [module.vpc.private-subnet1-id.id, module.vpc.private-subnet2-id.id]
}
When I run terraform plan , I get following error
Error: Unsupported attribute
on rds.tf line 16, in resource "aws_db_subnet_group" "subnetgrp":
16: subnet_ids = [module.vpc.private-subnet1-id.id, module.vpc.private-subnet2-id.id]
|----------------
| module.vpc.private-subnet1-id is tuple with 1 element
This value does not have any attributes.
Error: Unsupported attribute
on rds.tf line 16, in resource "aws_db_subnet_group" "subnetgrp":
16: subnet_ids = [module.vpc.private-subnet1-id.id, module.vpc.private-subnet2-id.id]
|----------------
| module.vpc.private-subnet2-id is tuple with 1 element
This value does not have any attributes.
You don't need the splat expression in the output.tf. Try the following,
output "private-subnet1-id" {
description = "Private Subnet1 Id"
value = aws_subnet.private-subnet-1.id
}
output "private-subnet2-id" {
description = "Private Subnet2 Id"
value = aws_subnet.private-subnet-2.id
}
I am using a module my coworker wrote, but for some reason, I am getting subnet not found -- and the identifier begins with vpc-. Why is this returning a VPC and not a subnet?
data "aws_subnet_ids" "app" {
vpc_id = "${data.aws_vpc.default.id}"
tags = {
SubnetType = "app"
}
}
Which is being passed through to the module as
private_subnets = "${data.aws_subnet_ids.app.*.id}"
and used here:
resource "aws_autoscaling_group" "default-alb" {
name = "${chomp(data.template_file.standard_name.rendered)}"
launch_configuration = tostring(element(aws_launch_configuration.default,count.index).name)
min_size = "${var.min_instances}"
max_size = "${var.min_instances}"
target_group_arns = [
tostring(element(aws_alb_target_group.default-http,count.index).arn),
]
vpc_zone_identifier = var.private_subnets
lifecycle {
create_before_destroy = true
}
}
But I get the error:
Error: Error creating AutoScaling Group: ValidationError: The subnet ID 'vpc-004[redacted]' does not exist
status code: 400, request id: 73e98545-975c-11e9-bd63-fd4915ceeabf
on .terraform/modules/core-api/alb.tf line 1, in resource "aws_autoscaling_group" "default-alb":
1: resource "aws_autoscaling_group" "default-alb" {
Shouldn't the subnet identifier begin with subnet-?
The aws_subnet_ids data source doesn't have an id argument or attribute so Terraform should throw an exception there and I'm a little surprised it isn't doing so.
Also you don't appear to be using a count on that so don't need the splat operator you have there.
So instead of:
private_subnets = "${data.aws_subnet_ids.app.*.id}"
You should be using the ids attribute to return a list of all the subnet IDs that match your filter:
private_subnets = "${data.aws_subnet_ids.app.ids}"