Allow External Instances Attached to EIP

[stack72]

As per #2943

When we attach an instance to an EIP, terraform currently tries to destroy it:

My code works as follows:

resource "aws_eip" "nat_ip" {
  vpc = true
  network_interface = "${aws_network_interface.nat_eni.id}"
}

resource "aws_network_interface" "nat_eni" {
  subnet_id = "${aws_subnet.primary-public.id}"
  security_groups = ["${aws_security_group.nat.id}"]
  source_dest_check = false

  tags {
    Name = "NAT ENI"
  }
}

When an instance comes up, it attaches itself to the ENI (thanks to the PR above, that stays). But it looks like the EIP is removing itself on the second run:

~ aws_eip.nat_ip
    instance: "i-3f8f8092" => ""

[catsby]

Hey @stack72 – 

instance is currently not computed, so that's why Terraform is suggesting this. That's fixable, though I have to make that field computed and remove the ConflictsWith on network_interface, but in doing so I noticed something...

In your example, your EIP already has a network_interface attached to that EIP. According to the API, you can't specify both a network interface and and instance attached:

InstanceId
The ID of the instance. This is required for EC2-Classic. For EC2-VPC, you can specify either the instance ID or the network interface ID, but not both. The operation fails if you specify an instance ID unless exactly one network interface is attached.

(From AssociateAddress API docs)

Oddly enough, I tried it and I don't get an error... do you see something I don't?

[stack72]

@catsby when my instance comes up, it bascially attaches itself to the ENI. I am not attaching it to the EIP at all. But terraform believes it is attached at that point and tries to remove it

My user_data script works as follows:

cat <<EOF > /etc/network/interfaces.d/eth1.cfg
# The EIP network interface
auto eth1
iface eth1 inet dhcp
EOF
echo $?

/usr/local/bin/aws ec2 attach-network-interface --network-interface-id $ENI_ID --instance-id $INSTANCE_ID --device-index 1 --region $ZONE

[catsby]

Ah... so when you attach it to the ENI (which is using the EIP), the EIP gets the instance associated with it. I just tested that out to confirm.

Thanks for the follow up! I'll make the update and send a PR

[stack72]

you got it :) Look forward to testing the follow up

[catsby]

#3036

[stack72]

@catsby any idea if this can be merged?

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.