Is there a way we tell terraform to attach to the same EIP after the terraform destroy and create

3,903 views
Skip to first unread message

Bubunia Patra

unread,
Apr 18, 2018, 6:31:25 AM4/18/18
to Terraform
Hi,

We need to whitelist some specific EIPs attached the instance. The problem is the EIP association happens always for diff IP address, I want to attach the same EIP even if I destroy and created it? Can i hardcode the EIP to instance?

Regards
Pradeep

⁞ Fernando Miguel

unread,
Apr 18, 2018, 6:36:41 AM4/18/18
to terrafo...@googlegroups.com
have you looked at 

keep in mind that if you destroy a dynamic resource like EIP, you cant be sure of AWS assigning the same to you account, it probably wont.

so you need to manage that resource outside of the same scope of the rest of your statefile, in another statefile and use a remote data source.


OR 
you could probably well architect your app, and not require EIP, and instead use a route53 record (A, CNAME, or even SRV)


-- 

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/6b9a774b-c1d2-42fc-b66f-a7025848585d%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

ureal frank

unread,
Apr 19, 2018, 12:50:20 PM4/19/18
to terrafo...@googlegroups.com
Hi,

Why don’t you attach your EIP to the instance this way?
You can destroy and spin up a new EC2 with the same EIP.

```
resource "aws_eip" "vpn" {
  vpc      = true
  instance = "${module.vpn.instance_id}"}
```

Cheers,
F

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.

David Adams

unread,
Apr 19, 2018, 12:56:37 PM4/19/18
to terrafo...@googlegroups.com
If you destroy the EIP, you won't get the same one back. If the EIP you want is already provisioned, you can use the aws_eip datasource to do what you need:

variable "ip" {}
 
data "aws_eip" "static_ip" {
  public_ip = "${var.ip}"
}

resource "aws_eip_association" "static_ip" {
  instance_id   = "${aws_instance.my_instance.id}"
  allocation_id = "${data.aws_eip.static_ip.id}"
}
(Adapted from https://www.terraform.io/docs/providers/aws/d/eip.html)

On Thu, Apr 19, 2018 at 11:50 AM, ureal frank <ureal...@gmail.com> wrote:
Hi,

Why don’t you attach your EIP to the instance this way?
You can destroy and spin up a new EC2 with the same EIP.

```
resource "aws_eip" "vpn" {
  vpc      = true
  instance = "${module.vpn.instance_id}"}
```

Cheers,
F
On 18 Apr 2018, at 11:31, Bubunia Patra <bubunia...@gmail.com> wrote:

Hi,

We need to whitelist some specific EIPs attached the instance. The problem is the EIP association happens always for diff IP address, I want to attach the same EIP even if I destroy and created it? Can i hardcode the EIP to instance?

Regards
Pradeep

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-tool+unsubscribe@googlegroups.com.

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-tool+unsubscribe@googlegroups.com.
 To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/18DC2197-0B1D-4486-9069-038C0A866AB0%40gmail.com.

ureal frank

unread,
Apr 19, 2018, 2:01:46 PM4/19/18
to terrafo...@googlegroups.com
On 19 Apr 2018, at 17:56, David Adams <dave...@gmail.com> wrote:

If you destroy the EIP, you won't get the same one back. If the EIP you want is already provisioned, you can use the aws_eip datasource to do what you need:

That’s correct but I didn’t said “destroy EIP” but “destroy EC2” ;)

To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/CAN3s8zaJUKt7jySjRGteUpEBNtpPPPnjRC1rrW7OdOwyV2OpAA%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

Samuel Gendler

unread,
Apr 24, 2018, 10:04:18 AM4/24/18
to terrafo...@googlegroups.com
Why not just create an EIp (or elastic network interface with assigned eip) and then have the instance attach itself to it when it comes up. You can lookup either one by tag or by id, so if you assign both the instance and the ein the same tag, it is pretty effortless to have the Instance attach the ein to itself in your user-data script the first time it comes up. If you need a cluster of instances, create a cluster of matching EINs and either grab one from the pool or give them all an indexed tag value.

Name = ‘instance-1’
Name = ‘instance-2’ etc.

If you want multiple addresses per instance, you need an index on the tag name as well as the value (address-1, address-2, etc) but it is still pretty easy to engineer a solution. You’ll have to preallocate extra addresses if you want your instances in an auto scaling group that actually scales rather than simply replacing dead instances, but other than that, there are no real gotchas.

You can create dns records that point to those ENIs so those don’t need update whenever replacement instances are launched. You can do everything except the actual assignment of address to instance in terraform. Do the assignment in user-data.


To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.


--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/CAN3s8zaJUKt7jySjRGteUpEBNtpPPPnjRC1rrW7OdOwyV2OpAA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.
 
GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages