Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Handle cycles for AWS EIPs #4644

Closed
davidhoyt opened this issue Jan 12, 2016 · 1 comment
Closed

Handle cycles for AWS EIPs #4644

davidhoyt opened this issue Jan 12, 2016 · 1 comment

Comments

@davidhoyt
Copy link

Am attempting to setup a cross-region VPN and need to create EIPs in both regions and then use the public IPs in each when provisioning a new EC2 instance in each region. When I do so, there is a complaint about cycles and it fails. It seems that the cycle can be removed if both EIPs are created before the instances. Here's a dumbed-down example of what I am looking to do:

variable "aws-access-key" { default = "access-key-12345" }
variable "aws-secret-key" { default = "secret-key-12345" }

variable "vpc-1-aws-region" { default = "us-east-1" }
variable "vpc-1-aws-az" { default = "us-east-1a" }
variable "vpc-1-aws-subnet-id" { default = "subnet-us-east-12345" }

variable "vpc-2-aws-region" { default = "us-west-2" }
variable "vpc-2-aws-az" { default = "us-west-2a" }
variable "vpc-2-aws-subnet-id" { default = "subnet-us-west-12345" }

// Ubuntu 14.04 LTS (HVM)
variable "aws-vpn-ami" {
  default = {
    us-east-1 = "ami-d05e75b8"
    us-west-2 = "ami-5189a661"
    eu-west-1 = "ami-47a23a30"
  }
}

provider "aws" {
  region     = "${var.vpc-1-aws-region}"
  access_key = "${var.aws-access-key}"
  secret_key = "${var.aws-secret-key}"
}

provider "aws" {
  alias  = "vpc-1"
  region = "${var.vpc-1-aws-region}"
}

provider "aws" {
  alias  = "vpc-2"
  region = "${var.vpc-2-aws-region}"
}

resource "aws_eip" "vpc-1" {
  provider = "aws.vpc-1"
  lifecycle { create_before_destroy = true }
  instance = "${aws_instance.vpc-1.id}"
  vpc = true
}

resource "aws_eip" "vpc-2" {
  provider = "aws.vpc-2"
  lifecycle { create_before_destroy = true }
  instance = "${aws_instance.vpc-2.id}"
  vpc = true
}

resource "aws_instance" "vpc-1" {
  provider = "aws.vpc-1"
  instance_type = "t2.micro"

  ami = "${lookup(var.aws-vpn-ami, var.vpc-1-aws-region)}"

  lifecycle { create_before_destroy = true }

  source_dest_check = false
  availability_zone = "${var.vpc-1-aws-az}"
  subnet_id         = "${var.vpc-1-aws-subnet-id}"
  private_ip        = "10.0.0.4"

  provisioner "remote-exec" {
    inline = [
      "sudo tee /tmp/foo.conf > /dev/null <<'EOF'",
      "${aws_eip.vpc-2.public_ip}",
      "EOF"
    ]
  }
}

resource "aws_instance" "vpc-2" {
  provider = "aws.vpc-2"
  instance_type = "t2.micro"

  lifecycle { create_before_destroy = true }

  ami = "${lookup(var.aws-vpn-ami, var.vpc-2-aws-region)}"

  source_dest_check = false
  availability_zone = "${var.vpc-2-aws-az}"
  subnet_id         = "${var.vpc-2-aws-subnet-id}"
  private_ip        = "10.1.0.4"

  provisioner "remote-exec" {
    inline = [
      "sudo tee /tmp/foo.conf > /dev/null <<'EOF'",
      "${aws_eip.vpc-1.public_ip}",
      "EOF"
    ]
  }
}

I will need to later add security groups that include rules for ingress that only allow traffic from the EIP of the other region. Would love to hear alternative ways of achieving the same btw. Thanks ahead for any help!

@ghost
Copy link

ghost commented Apr 11, 2020

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

@ghost ghost locked and limited conversation to collaborators Apr 11, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

No branches or pull requests

3 participants