We Keep Coding

no matching EC2 Security Group found

I create modules for creating AWS vpc, security group and EC2. I make EC2 module depend on vpc and the security group module.
but I get that error:
no matching EC2 Security Group found
on .terraform/modules/main_ec2/modules/EC2Module/main.tf line 26, in data "aws_security_group" "security_group_id":
26: data "aws_security_group" "security_group_id" {
EC2 module
data "aws_subnet" "subnet_id" {
vpc_id = var.vpc_id
count = length(var.subnet_name)
depends_on = [var.subnet_id_depends_on]
filter {
name = "tag:Name"
values = ["VPC0${var.vpc_number}-${element(var.subnet_name, count.index)}"]
}
}
data "aws_security_group" "security_group_id" {
count = length(var.Server_Group_Name)
depends_on = [var.security_group_depends_on]
filter {
name = "tag:Name"
values = ["${local.name}-SG-${var.Server_Group_Name[count.index]}-${format("%02d", count.index + 1)}"]
}
}
resource "aws_instance" "create_instance" {
ami = "${element(data.aws_ami_ids.ami_id.*.id, count.index)}"
instance_type = var.EC2_Type[count.index]
subnet_id = "${element(data.aws_subnet.subnet_id.*.id, count.index)}"
associate_public_ip_address = "true"
vpc_security_group_ids = [ data.aws_security_group.security_group_id[count.index].id ]
key_name = "${local.name}-KP-${var.Server_Name[count.index]}"
depends_on = [var.EC2_depends_on]
}
sg module
resource "aws_security_group" "SGS" {
count = length(var.Server_Group_Name)
name = "${local.name}-SG-${var.Server_Group_Name[count.index]}-${format("%02d", count.index + 1)}"
description = "${local.name}-SG-${var.Server_Group_Name[count.index]}-${format("%02d", count.index + 1)}"
vpc_id = var.vpc_id
tags = {
name = "tag:Name"
values = "${local.name}-SG-${var.Server_Group_Name[count.index]}-${format("%02d", count.index + 1)}"
}
varibles.tf
variable "subnet_id_depends_on" {
type = list(string)
default = ["module.vpc_main"]
}
variable "security_group_depends_on" {
type = list(string)
default = ["module.sg"]
}
variable "EC2_depends_on" {
type = list(string)
default = [ "module.vpc_main", "module.sg", "module.key_pair" ]
}
for example, I call modules like that:
module "main_ec2" {
source = "/home/reham/Data/projectes/terraform//modules/EC2Module"
subnet_id_depends_on = var.subnet_id_depends_on
security_group_depends_on = var.security_group_depends_on
ami_name = var.ami_name
EC2_depends_on = var.EC2_depends_on
}
Outputs defined in the sg module:
output "vpc_id" {
description = "VPC ID"
value = aws_vpc.vpc.id
}
output "primary_public_subnets_id" {
description = "public subnet ID"
value = aws_subnet.primary_public_subnets.*.id
}
output "secondary_public_subnets_id" {
description = "public subnet ID"
value = aws_subnet.secondary_public_subnets.*.id
}
output "primary_private_subnets_id" {
description = "public subnet ID"
value = aws_subnet.primary_private_subnets.*.id
}
output "security-groups" {
value = aws_security_group.SGS[*].id
}
what must I do to solve this problem?

There is more than one issue with the code and it is a result of probably not understanding how the module outputs work [1]. The second part of the issue is that there are many explicit dependencies defined with depends_on which are not required to be there since implicit dependencies are good enough [2]. Furthermore, as per comments, data sources in the EC2 module are not required as information about VPC, subnets and security groups can be provided with the outputs. Additionally, the EC2 instance resource is using count, but there is no count meta-argument there, so it will not work even if all the inputs are fixed. So here are my suggestions:
Redefine variables in the EC2 module (no need for depdends_on) and remove data sources (except possibly the one for the AMI)
Decide which variable you are going to use for the count meta-argument in the EC2 instance resource
I am going to give you an example with one subnet and security groups and then you can build from there. The EC2 module fixes:
resource "aws_instance" "create_instance" {
ami = data.aws_ami_ids.ami_id[0].id
instance_type = var.EC2_Type
subnet_id = var.subnet_id
associate_public_ip_address = "true"
vpc_security_group_ids = var.security_group_ids
key_name = "${local.name}-KP-${var.Server_Name[0]}"
}
In EC2 module, the variables would have to be changed to:
variable "subnet_id" {}
variable "security_group_ids" {}
Then, in the root module:
module "main_ec2" {
source = "/home/reham/Data/projectes/terraform//modules/EC2Module"
subnet_id = module.sg.primary_public_subnets_id[0]
security_group_ids = module.sg.security-groups
ami_name = var.ami_name
}
Referencing the module outputs in the EC2 module will make sure that the SG module is created first (that is an implicit dependency). At best this should give you a result for one EC2 instance as it seems there are many resources that rely on using the count meta-argument and that code is not in the question.
[1] https://www.terraform.io/language/values/outputs#accessing-child-module-outputs
[2] https://www.terraform.io/language/resources/behavior#resource-dependencies

Terraform multiple instances but by separate execution

I am trying to create AWS instances with load balancer, security group and three instances ---> GROUP 1
I can do this by declaring appropriate resources.
Now I want to create multiples of such instances which are independent of previous instances ---> GROUP 2
I want this because of security of the GROUPS that one group's information should not overlap with other's.
I tried to look up a lot, but couldn't find an approach.
Below is an example of instance:
resource "aws_instance" "node" {
ami = data.aws_ami.ubuntu.id
subnet_id = aws_subnet.development-private-1a.id
key_name = aws_key_pair.nodes.key_name
instance_type = var.instance_type
vpc_security_group_ids = [aws_security_group.dev-ec2-sg.id]
tags = {
Name = "${var.app_name}"
#Environment = "production"
}
root_block_device {
volume_type = "gp2"
volume_size = 8
delete_on_termination = true
}
user_data = file("install_apache.sh")
}
resource "aws_lb_target_group_attachment" "node" {
target_group_arn = aws_lb_target_group.dev.arn
target_id = aws_instance.node.id
port = 80
}
I want to add multiple of these instances with different security groups and load balancers and all other stuff. but I dont want to add additional copies of the same in the terraform file. I want that those instances are independent of this one but then the problem I am facing is that terraform manipulates this instance only.

Based on the comments, you could consider organization of your instance code and its dependents (e.g. target group attachment) as terraform (TF) modules. Also since you are wish to create multiple instance of the same type, you could consider using aws_autoscaling_group which would allow you to not only easily create multiple instance but also easily to manage them.
Subsequently, you could define a module as followed. Below is only partial example. I also do not use aws_autoscaling_group, but create multiple instance using count:
./module/ec2/main.tf
variable "subnet_id" {}
variable "app_name" {}
variable "key_pair" {}
variable "security_group_id" {}
variable "target_group_arn" {}
variable "instance_count" {
default = 1
}
data "aws_ami" "ubuntu" {
# ...
}
resource "aws_instance" "node" {
count = var.instance_count
ami = data.aws_ami.ubuntu.id
subnet_id = var.subnet_id
key_name = var.key_pair
instance_type = var.instance_type
vpc_security_group_ids = [var.security_group_id]
tags = {
Name = "${var.app_name}"
#Environment = "production"
}
root_block_device {
volume_type = "gp2"
volume_size = 8
delete_on_termination = true
}
user_data = file("install_apache.sh")
}
resource "aws_lb_target_group_attachment" "node" {
count = var.instance_count
target_group_arn = var.target_group_arn
target_id = aws_instance.node[count.index].id
port = 80
}
# some outputs skipped
Having such module, in your parent file/module you would create GROUP 1 and 2 instance as follows (again, just partial example):
./main.tf
# resoruces such as LB, SGs, subnets, etc.
module "group1" {
source = "./module/ec2/"
instance_count = 3
security_group_id = <security-group-id1>
target_group_arn = aws_lb_target_group.dev.arn
# other parameters
}
module "group2" {
source = "./module/ec2/"
instance_count = 3
security_group_id = <security-group-id2>
target_group_arn = aws_lb_target_group.dev.arn
# other parameters
}

How to create ansible inventory from terraform?

I relay stack with that simple question.
Assume i need create few instance resources so how can i iterate from from tf variables to gather all private ips and pass it to ansible inventory file.
As i found i have to use * like here:
k8s_master_name = "${join("\n", azurerm_virtual_machine.k8s-master.*.name)}"
But i as think for me it will look like:
inst_ip = "${join("\n", ${aws_instance.*.private_ip})}"
But i got error:
Error: Invalid reference
on crc.cloud.connect.tf line 72, in resource "local_file" "servers1":
72: inst_ip = "${join("\n", aws_instance.*.private_ip)}"
A reference to a resource type must be followed by at least one attribute
access, specifying the resource name.
Full tf file:
resource "aws_instance" "sp-1" {
ami = "cmi-993E674A"
instance_type = "c5.large"
monitoring = true
source_dest_check = false
user_data = file("user_data.sh")
subnet_id = "subnet-F6C45280"
private_ip = "172.31.16.18"
vpc_security_group_ids = ["sg-230C7615"]
key_name = "mmk-key"
#network_interface {
# network_interface_id = "${aws_network_interface.ni-sp-1.id}"
# device_index = 0
#}
tags = {
desc = "sp-1"
group_name = "sp"
}
}
resource "aws_instance" "sp-2" {
ami = "cmi-993E674A"
instance_type = "c5.large"
monitoring = true
source_dest_check = false
user_data = file("user_data.sh")
subnet_id = "subnet-F6C45280"
private_ip = "172.31.16.19"
vpc_security_group_ids = ["sg-230C7615"]
key_name = "mmk-key"
tags = {
desc = "sp-2"
group_name = "sp"
}
}
resource "local_file" "servers1" {
content = templatefile("${path.module}/templates/servers1.tpl",
{
inst_ip = "${join("\n", ${aws_instance.*.private_ip})}"
}
)
filename = "../ansible/inventory/servers1"
}

Per the Terraform documentation, you need to reference the resource type and its associated name.
In your configuration file, you have an aws_instance resource with the name sp-1. If you wish to access the private_ip attribute of the resource, you need to do it like so: aws_instance.sp-1[*].private_ip.

You are creating a single instance aws_instance.sp-1, not multiple instances. To create multiple instance you would need to use count or for_each, or provision instances through aws_autoscaling_group.
Therefore, to access private_ip you don't really need splat * and join in your case (but still can use them if you want) as you have only one instance and will have only one private_ip. The following should be enough instead:
inst_ip = aws_instance.sp-1.private_ip

Incorrect attribute value type error in terraform when passing ec2 instance ids

I am using below code to create 3 ec2 instances and register them with a load balancer,
variables
instance_type = "t3.large"
root_block_volume_type = "standard"
root_block_volume_size = "50"
instance_count = "3"
ec2 creation
resource "aws_instance" "ec2" {
count = "${var.instance_count}"
ami = "${var.ami_id}"
instance_type = "${var.instance_type}"
key_name = "${var.key_pair_name}"
subnet_id = "${var.private_subnet_id}"
iam_instance_profile = "${aws_iam_instance_profile.iam_instance_profile.name}"
/*
* CAUTION: changing value of below fields will cause the EC2 instance to be terminated and
* re-created. Think before running the "apply" command.
*/
associate_public_ip_address = false
tags = {
Environment = "${var.env}"
Project = "${var.project}"
Provisioner="different-box"
Name = "${local.name}-1"
}
root_block_device {
volume_type = "${var.root_block_volume_type}"
volume_size = "${var.root_block_volume_size}"
}
}
resource "aws_network_interface_sg_attachment" "sg_attachment" {
count = "${var.instance_count}"
security_group_id = "${aws_security_group.ec2_sg.id}"
network_interface_id = "${aws_instance.ec2[count.index].primary_network_interface_id}"
}
Registering with load balancer
resource "aws_alb_target_group_attachment" "alb_target_group_attachment" {
count = length("${var.ec2_instance_ids}")
target_group_arn = "${aws_alb_target_group.alb_target_group.arn}"
target_id = "${var.ec2_instance_ids[count.index]}"
port = "${var.alb_target_group_port}"
}
But however when I pass ec2 instance ids as below,
module "alb_engine-ui" {
source = "./modules/load-balancer"
env = "${lower(var.env)}"
project = "engine-ui"
vpc_id = "${data.aws_vpc.main.id}"
public_subnet1_id = "${var.public_subnet1_id}"
public_subnet2_id = "${var.public_subnet2_id}"
health_check_target_group_path = "/"
certificate_arn = "${var.certificate_arn}"
alb_target_group_port = "2016"
ec2_instance_ids = ["${aws_instance.ec2[*].id}"]
}
variable "ec2_instance_ids" {
description = "the ec2 instance ids to be used for alb target group"
type = "list"
}
I'm getting the below error,
Error: Incorrect attribute value type
on provisioners/different-box/modules/load-balancer/resources.tf line 109, in resource "aws_alb_target_group_attachment" "alb_target_group_attachment":
109: target_id = "${var.ec2_instance_ids[count.index]}"
Inappropriate value for attribute "target_id": string required.
Is there a way to avoid this error and pass ec2 ids to the list?

"${aws_instance.ec2[*].id}" is already a list of IDs so if you wrap it in square brackets it makes it a list of lists.
Removing the square brackets instead leaves it as a list of strings so when you index it you get a single string which is what the target_id parameter wants.

Not able to add multiple target_id inside targer group using terraform

I'm trying to create target groups and attach multiple machines to the target groups using terraform script.
I'm not able to attach multiple target_id please help me to achieve this.

As of Terraform 0.12, this could simply be
resource "aws_alb_target_group_attachment" "test" {
count = length(aws_instance.test)
target_group_arn = aws_alb_target_group.test.arn
target_id = aws_instance.test[count.index].id
}
assuming aws_instance.test returns a list.
https://blog.gruntwork.io/terraform-tips-tricks-loops-if-statements-and-gotchas-f739bbae55f9 is an excellent reference.

Below code actually works for me.
resource "aws_alb_target_group_attachment" "test" {
count = 3 #This can be passed as variable.
target_group_arn = "${aws_alb_target_group.test.arn}"
target_id = "${element(split(",", join(",", aws_instance.web.*.id)), count.index)}"
}
Ref:
https://github.com/terraform-providers/terraform-provider-aws/issues/357
https://groups.google.com/forum/#!msg/terraform-tool/Mr7F3W8WZdk/ouVR3YsrAQAJ

Thanks for your quick reply.
Actually giving seperate tag like test1 and test2 for aws_alb_target_group_attachment helped me to add multiple target instances inside one taget group.
resource "aws_alb_target_group_attachment" "test1" {
target_group_arn = "${aws_alb_target_group.test.arn}"
port = 8080
target_id = "${aws_instance.inst1.id}"
}
resource "aws_alb_target_group_attachment" "test2" {
target_group_arn = "${aws_alb_target_group.test.arn}"
port = 8080
target_id = "${aws_instance.inst2.id}"
}

Try creating a list of instance ID's and then iterate over using the count index.
For example:
variable "instance_list" {
description = "Push these instances to ALB"
type = "list"
default = ["i00001", "i00002", "i00003"]
}
resource "aws_alb_target_group_attachment" "test" {
count = "${var.instance_list}"
target_group_arn = "${aws_alb_target_group.test.arn}"
target_id = "${element(var.instance_list, count.index)}"
port = 80
}

I created an EMR from terraform and attached multiple "CORE" type EC2 instances to a target group.
The first step would be to retrieve existing instances (which are in "running" state)
data "aws_instances" "core_instances" {
instance_state_names = ["running"]
instance_tags = {
"aws:elasticmapreduce:instance-group-role" = "CORE"
"terraform" = "true"
}
}
Next, retrieve an existing VPC
data "aws_vpc" "test_vpc" {
filter {
name = "tag:Name"
values = ["your-vpc-name"]
}
}
Use the above data to create a target group and then attach instances to it:
resource "aws_lb_target_group" "core_lb" {
name = "core-emr-target-group"
port = 8765
protocol = "TCP"
target_type = "instance"
vpc_id = data.aws_vpc.test_vpc.id
}
resource "aws_lb_target_group_attachment" "core_lb_instances" {
for_each = toset(data.aws_instances.core_instances.ids)
target_group_arn = aws_lb_target_group.core_lb.arn
target_id = each.value
}
Note that you would have to convert the value returned by aws_instances, which is a list, to a set.

From my side I found this solution:
Define a data to collect EC2 IDs from an autoscaling security group:
data "aws_instances" "team_deployment" {
instance_tags = {
Name = local.ec2_name
}
instance_state_names = ["running"]
}
And be sure that instances IDs are the right ones with and evidence (like output)
output "autoscaling_group_ec2_ids" {
value = data.aws_instances.team_deployment.ids
}
Create as many attachments as IDs has found. Use count parameter:
resource "aws_lb_target_group_attachment" "team_deployment" {
count = length(data.aws_instances.team_deployment.ids)
target_group_arn = data.terraform_remote_state.common_resources.outputs.target_group_api.arn
target_id = data.aws_instances.team_deployment.ids[count.index]
port = var.ecr_image_port
depends_on = [data.aws_instances.team_deployment]
}
And problem solved!