I am new to terraform and trying to make an instance of AWS (t2.nano) by the image below.
this is my tf file:
provider "aws" {
profile = "default"
region = "us-west-2"
}
resource "aws_s3_bucket" "prod_tf_course" {
bucket = "tf-course-20210607"
acl = "private"
}
resource "aws_default_vpc" "default" {}
resource "aws_security_group" "group_web"{
name = "prod_web"
description = "allow standard http and https ports inbound and everithing outbound"
ingress{
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
ingress{
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress{
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
"Terraform" : "true"
}
}
resource "aws_instance" "prod_web"{
ami = "ami-05105e44227712eb6"
instance_type ="t2.nano"
vpc_security_group_ids = [
aws_security_group.prod_web.id
]
tags = {
"Terraform" : "true"
}
}
When I run the command terraform plan, its produces the following error:
$ terraform plan
╷
│ Error: Reference to undeclared resource
│
│ on prod.tf line 50, in resource "aws_instance" "prod_web":
│ 50: aws_security_group.prod_web.id
│
│ A managed resource "aws_security_group" "prod_web" has not been declared in
│ the root module.
╵
if someone can help me fix it , i will be so happy.
It should be:
vpc_security_group_ids = [
aws_security_group.group_web.id
]
as your aws_security_group is called group_web, not prod_web.
Related
I'm new to terraform.. I'm getting the below error when I run terraform plan,
Error: Unsupported argument
> │
on 4_data_vpc.tf line 6, in data "aws_subnets" "subnets":
6: vpc_id = data.aws_vpc.default_vpc.id
> │
An argument named "vpc_id" is not expected here.
This is the data_vpc.tf file
data "aws_vpc" "default_vpc" {
default = true
}
# subnet list in the "default" VPC
# The "default" VPC has all "public subnets"
data "aws_subnet_ids" "default_public" {
vpc_id = "${data.aws_vpc.default_vpc.id}"
}
I've updated aws_subnet_ids to aws_subnets as aws_subnet_ids data source has been deprecated
provider.tf file
provider "aws" {
region = "us-east-1"
shared_credentials_file = "~/.aws/credentials"
profile = "dev"
}
securityGroups.tf
# Security Group:
resource "aws_security_group" "jenkins_server" {
name = "jenkins_server"
description = "Jenkins Server: created by Terraform for [dev]"
# legacy name of VPC ID
vpc_id = "${data.aws_vpc.default_vpc.id}"
tags {
Name = "jenkins_server"
env = "dev"
}
}
###############################################################################
# ALL INBOUND
###############################################################################
# ssh
resource "aws_security_group_rule" "jenkins_server_from_source_ingress_ssh" {
type = "ingress"
from_port = 22
to_port = 22
protocol = "tcp"
security_group_id = "${aws_security_group.jenkins_server.id}"
cidr_blocks = ["<Your Public IP>/32", "172.0.0.0/8"]
description = "ssh to jenkins_server"
}
# web
resource "aws_security_group_rule" "jenkins_server_from_source_ingress_webui" {
type = "ingress"
from_port = 8080
to_port = 8080
protocol = "tcp"
security_group_id = "${aws_security_group.jenkins_server.id}"
cidr_blocks = ["0.0.0.0/0"]
description = "jenkins server web"
}
# JNLP
resource "aws_security_group_rule" "jenkins_server_from_source_ingress_jnlp" {
type = "ingress"
from_port = 33453
to_port = 33453
protocol = "tcp"
security_group_id = "${aws_security_group.jenkins_server.id}"
cidr_blocks = ["172.31.0.0/16"]
description = "jenkins server JNLP Connection"
}
###############################################################################
# ALL OUTBOUND
###############################################################################
resource "aws_security_group_rule" "jenkins_server_to_other_machines_ssh" {
type = "egress"
from_port = 22
to_port = 22
protocol = "tcp"
security_group_id = "${aws_security_group.jenkins_server.id}"
cidr_blocks = ["0.0.0.0/0"]
description = "allow jenkins servers to ssh to other machines"
}
resource "aws_security_group_rule" "jenkins_server_outbound_all_80" {
type = "egress"
from_port = 80
to_port = 80
protocol = "tcp"
security_group_id = "${aws_security_group.jenkins_server.id}"
cidr_blocks = ["0.0.0.0/0"]
description = "allow jenkins servers for outbound yum"
}
resource "aws_security_group_rule" "jenkins_server_outbound_all_443" {
type = "egress"
from_port = 443
to_port = 443
protocol = "tcp"
security_group_id = "${aws_security_group.jenkins_server.id}"
cidr_blocks = ["0.0.0.0/0"]
description = "allow jenkins servers for outbound yum"
}
When I declare a variable vpc_id in the data_vpc.tf file and run terraform plan then the terminal is asking me to enter a value.
var.vpc_id
Enter a value:
When you are using aws_subnets, to add vpc_id, you have to use filter block:
data "aws_subnets" "subnets" {
filter {
name = "vpc-id"
values = [data.aws_vpc.default_vpc.id]
}
}
I tried to create an EC2 instance. When I don't set security group, it's good, but when set security group it failed with the following message:
│ Error: creating EC2 Instance: InvalidParameterValue: Value () for parameter groupId is invalid. The value cannot be empty
│ status code: 400, request id: 2935799e-2364-4676-ba02-457740336cd1
│
│ with aws_instance.my_first_instance,
│ on main.tf line 44, in resource "aws_instance" "my_first_instance":
│ 44: resource "aws_instance" "my_first_instance" {
The code is
variable "ecs_cluster_name" {
type = string
default = "production"
}
data "aws_ami" "ecs_ami" {
most_recent = true
owners = ["amazon"]
filter {
name = "name"
values = ["amzn2-ami-ecs-hvm-2.0.202*-x86_64-ebs"]
}
}
output "ami_name" {
value = data.aws_ami.ecs_ami.name
description = "the name of ecs ami"
}
output "security_group_id" {
value = aws_security_group.default.id
description = "id of security group"
}
resource "aws_security_group" "default" {
name = "terraform_Security_group"
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_instance" "my_first_instance" {
ami = data.aws_ami.ecs_ami.id
instance_type = "t2.micro"
# security_groups = ["sg-06e91dae98b2c44c6"]
security_groups = [aws_security_group.default.id]
user_data = <<-EOF
#!/bin/bash
echo ECS_CLUSTER={cluster_name} >> /etc/ecs/ecs.config
EOF
}
You should be using vpc_security_group_ids:
vpc_security_group_ids = [aws_security_group.default.id]
I'm not sure why I'm getting this value.
I have this resource in bastion/main.tf
resource "aws_security_group" "bastion_sg" {
name = "${var.name}-bastion-security-group"
vpc_id = var.vpc_id
ingress {
protocol = "tcp"
from_port = 22
to_port = 22
cidr_blocks = ["0.0.0.0/0"]
}
egress {
protocol = -1
from_port = 0
to_port = 0
cidr_blocks = ["0.0.0.0/0"]
}
tags = {
Name = "${var.name}-bastion-sg"
}
}
here is my output for that bastion/outputs.tf
output "bastion_sg_id" {
value = aws_security_group.bastion_sg
}
My eks module in my root directory main.tf
module "eks" {
source = "./eks"
name = var.name
key_name = module.bastion.key_name
bastion_sg = module.bastion.bastion_sg_id
vpc_id = module.networking.vpc_id
private_subnets = module.networking.vpc_private_subnets
}
my variables in my eks/variables.tf
variable "bastion_sg" {
description = "bastion sg to add to ingress rule of node sg"
}
lastly, my eks/main.tf where the error is occuring
esource "aws_security_group" "node-sg" {
name = "${var.name}-node-security-group"
vpc_id = var.vpc_id
ingress {
protocol = "tcp"
from_port = 22
to_port = 22
security_groups = [var.bastion_sg]
}
egress {
protocol = -1
from_port = 0
to_port = 0
cidr_blocks = ["0.0.0.0/0"]
}
}
I tried it with and without the [] for the security_groups argument and when I did it without I got the set of strings required error and when I added the [] I got this error
on eks\main.tf line 95, in resource "aws_security_group" "node-sg":
│ 95: security_groups = [var.bastion_sg]
│ ├────────────────
│ │ var.bastion_sg is object with 13 attributes
│
│ Inappropriate value for attribute "security_groups": element 0: string required.
It should be:
output "bastion_sg_id" {
value = aws_security_group.bastion_sg.id
}
Hello i have tf file for create my ec2 instance
resource "aws_vpc" "magazin-vpc" {
cidr_block = 10.249.0.0/16
}
resource "aws_subnet" "magazin-subnet" {
vpc_id = aws_vpc.magazin-vpc.id
cidr_block = "10.249.2.0/28"
}
resource "aws_instance" "magazin-vm" {
ami = "ami-058c02d7640104f1e"
instance_type = "t2.micro"
private_ip = "10.249.2.5"
subnet_id = aws_subnet.magazin-subnet.id
vpc_security_group_ids = [aws_security_group.magazin-sg.id]
credit_specification {
cpu_credits = "unlimited"
}
}
resource "aws_ebs_volume" "magazin-ebs" {
availability_zone = "eu-north-1a"
size = 10
tags = {
Name = "magazin-ebs"
}
}
resource "aws_volume_attachment" "magazin-ebs-att" {
device_name = "/dev/sdh"
volume_id = aws_ebs_volume.magazin-ebs.id
instance_id = aws_instance.magazin-vm.id
}
resource "aws_security_group" "magazin-sg" {
name = "magazin-sg"
ingress {
description = "Allow port SSH from office"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["172.16.0.0/24"]
}
ingress {
description = "Allow port HTTPS"
from_port = 9200
to_port = 9200
protocol = "tcp"
cidr_blocks = ["172.16.0.0/24"]
}
ingress {
description = "Allow port HTTPS"
from_port = -1
to_port = -1
protocol = "icmp"
cidr_blocks = ["172.16.0.0/24"]
}
egress {
description = "Allow ALL ports"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
and when i launch terraform apply i got
│ Error: Error launching source instance: InvalidParameter: Security group sg-090289f530fb61f8d and subnet subnet-08d14b2d736d10286 belong to different networks.
│ status code: 400, request id: 953d0bb8-cf92-4d8c-9923-d911cec3b453
│
│ with aws_instance.magazin-vm,
│ on dev-aerospike.tf line 6, in resource "aws_instance" "magazin-vm":
│ 6: resource "aws_instance" "magazin-vm" {
│
why this error happens? because i declarate vpc and subnet in my terraform file
i'm using terraform 1.1.6
p.s the site says that the text should be longer but I don't know what else to write so I'll write that terraform is a cool thing, though I still don't know how to use it
You have to specify vpc_id in your aws_security_group. Without that your group will be created in a default VPC, not the one you are creating:
resource "aws_security_group" "magazin-sg" {
name = "magazin-sg"
vpc_id = aws_vpc.magazin-vpc.id
ingress {
description = "Allow port SSH from office"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = ["172.16.0.0/24"]
}
ingress {
description = "Allow port HTTPS"
from_port = 9200
to_port = 9200
protocol = "tcp"
cidr_blocks = ["172.16.0.0/24"]
}
ingress {
description = "Allow port HTTPS"
from_port = -1
to_port = -1
protocol = "icmp"
cidr_blocks = ["172.16.0.0/24"]
}
egress {
description = "Allow ALL ports"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
I tried to create instance from a subnet and vpc id but am having issue with the provision remote exec.The purpose of this is to create 2 public subnets(eu-west-1a) and 2 private subnets(eu-west-1b) and use the subnet and vpc id in it to create an instance and then ssh and install nginx. I am not sure how to resolve this and unfortunately am not expert in Terraform so guidance is needed here. When I tried to also ssh it using the command prompt, it is saying connection timed out. The port is open in security group port 22
╷
│
Error: remote-exec provisioner error
│
│ with aws_instance.EC2InstanceCreate,
│ on main_ec2.tf line 11, in resource "aws_instance" "EC2InstanceCreate":
│ 11: provisioner "remote-exec" {
│
│ timeout - last error: dial tcp 54.154.137.10:22: i/o timeout
╵
[1enter image description here
My code below :
`# Server Definition
resource "aws_instance" "EC2InstanceCreate" {
ami = "${var.aws_ami}"
instance_type = "${var.server_type}"
key_name = "${var.target_keypairs}"
subnet_id = "${var.target_subnet}"
provisioner "remote-exec" {
connection {
type = "ssh"
host = "${self.public_ip}"
user = "centos"
private_key = "${file("/home/michael/cs-104-michael/lesson6/EC2Tutorial.pem")}"
timeout = "5m"
}
inline = [
"sudo yum -y update",
"sudo yum -y install nginx",
"sudo service nginx start",
"sudo yum -y install wget, unzip",
]
}
tags = {
Name = "cs-104-lesson6-michael"
Environment = "TEST"
App = "React App"
}
}
output "pub_ip" {
value = ["${aws_instance.EC2InstanceCreate.public_ip}"]
depends_on = [aws_instance.EC2InstanceCreate]
}`
security group config :
# Create security group for webserver
resource "aws_security_group" "webserver_sg" {
name = "sg_ws_name"
vpc_id = "${var.target_vpc}"
ingress {
from_port = 80
to_port = 80
protocol = "tcp"
description = "HTTP"
cidr_blocks = ["0.0.0.0/0"]
}
ingress {
from_port = 22
to_port = 22
protocol = "tcp"
description = "HTTP"
cidr_blocks = ["0.0.0.0/0"]
}
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
ipv6_cidr_blocks = ["::/0"]
}
tags = {
Name = "Security Group VPC devmind"
Project = "demo-assignment"
}
}
subnet code :
resource "aws_subnet" "public-subnet" {
vpc_id = "${aws_vpc.default.id}"
cidr_block = "${var.public_subnet_2a_cidr}"
availability_zone = "eu-west-1a"
map_public_ip_on_launch = true
tags = {
Name = "Web Public subnet 1"
}
}
resource "aws_subnet" "public-subnet2" {
vpc_id = "${aws_vpc.default.id}"
cidr_block = "${var.public_subnet_2b_cidr}"
availability_zone = "eu-west-1a"
map_public_ip_on_launch = true
tags = {
Name = "Web Public subnet 2"
}
}
# Define private subnets
resource "aws_subnet" "private-subnet" {
vpc_id = "${aws_vpc.default.id}"
cidr_block = "${var.private_db_subnet_2a_cidr}"
availability_zone = "eu-west-1b"
map_public_ip_on_launch = false
tags = {
Name = "App Private subnet 1"
}
}
resource "aws_subnet" "private-subnet2" {
vpc_id = "${aws_vpc.default.id}"
cidr_block = "${var.private_db_subnet_2b_cidr}"
availability_zone = "eu-west-1b"
map_public_ip_on_launch = false
tags = {
Name = "App Private subnet 2"
}
}
vpc code :
# Define our VPC
resource "aws_vpc" "default" {
cidr_block = "${var.vpc_cidr}"
enable_dns_hostnames = true
tags = {
Name = "Devops POC VPC"
}
}
Internet gateway included code :
# Internet Gateway
resource "aws_internet_gateway" "gw" {
vpc_id = "${aws_vpc.default.id}"
tags = {
name = "VPC IGW"
}
}
You are not providing vpc_security_group_ids for your instance:
vpc_security_group_ids = [aws_security_group.webserver_sg.id]
There could be many other issues, such as incorrectly setup VPC which is not shown.