How to output private and public ip addresses from instances created by ASG in Terraform?

egul...@gmail.com

unread,

Nov 17, 2016, 7:16:40 PM11/17/16

to Terraform

Hello everyone,

I'm provisioning ec2 instance under ASG and that's great but in order to modify/update other SG's I need to pull public/private ip addresses from these instances somehow.

Here's the code I'm using for asg module:

resource "aws_launch_configuration" "launch_config" {
name_prefix = "${var.lc_name}"
image_id = "${var.asg_ami_id}"
instance_type = "${var.asg_instance_type}"
security_groups = ["${var.asg_security_groups}"]
user_data = "${var.asg_user_data}"
associate_public_ip_address = "${var.associate_public_ip_address}"
lifecycle {
create_before_destroy = true
}
}
resource "aws_autoscaling_group" "main_asg" {
//We want this to explicitly depend on the launch config above
depends_on = ["aws_launch_configuration.launch_config"]
name = "${var.asg_name}"
// Split out the AZs string into an array
// The chosen availability zones *must* match
// the AZs the VPC subnets are tied to.
availability_zones = ["${split(",", var.asg_azs)}"]
// Split out the subnets string into an array
vpc_zone_identifier = ["${split(",", var.asg_subnets)}"]
// Uses the ID from the launch config created above
launch_configuration = "${aws_launch_configuration.launch_config.id}"
max_size = "${var.asg_number_of_instances}"
min_size = "${var.asg_minimum_number_of_instances}"
load_balancers = ["${var.load_balancers}"]
desired_capacity = "${var.asg_number_of_instances}"
health_check_grace_period = "${var.asg_health_check_grace_period}"
health_check_type = "${var.asg_health_check_type}"
tag {
key = "Name"
value = "${var.name}"
propagate_at_launch = true
}
}

Here's the code I have in my main TF file:

module "cache_under_asg" {
source = "git::https://path/to/repo/asg.git"
name = "${var.name}-EC2"
asg_name = "${var.name}-ASG"
lc_name = "${var.name}-LC"
asg_ami_id = "ami-fc8fda9c"
asg_instance_type = "m3.medium"
asg_security_groups = ["${module.cache_sg.cache_sg_id}"]
asg_number_of_instances = 1
asg_minimum_number_of_instances = 1
asg_subnets = "${module.private_subnet.subnet_ids}"
asg_azs = "${lookup(var.azs, var.region)}"
load_balancers = ["${module.cache_elb_http.elb_name}"]
associate_public_ip_address = "true"
}

To get private/public ip's from ec2 instances (NOT under ASG) in ec2 module I used this piece:

output "private_ip" { value = "${aws_instance.ec2_instance.private_ip}" }
output "public_ip" { value = "${aws_instance.ec2_instance.public_ip}" }

that enables me to pass them to different modules (like different SG's) but it seems like there's no alternative under ASG.

Is that even possible or maybe there's other workaround to make it happen?

Any advice really appreciated.

Thank you,
E.G.

Andrew Hodgson

unread,

Nov 18, 2016, 4:28:36 AM11/18/16

to terrafo...@googlegroups.com

Hi,

Since your autoscaling group could spin up or tear down instances after Terraform finishes, I don't know how Terraform could even get at that data. If you explain a bit more what you are trying to do, we may be able to come up with an alternative solution.

Andrew.
________________________________________
From: terrafo...@googlegroups.com [terrafo...@googlegroups.com] on behalf of egul...@gmail.com [egul...@gmail.com]
Sent: 18 November 2016 00:16
To: Terraform
Subject: [terraform] How to output private and public ip addresses from instances created by ASG in Terraform?

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.

GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.
To unsubscribe from this group and stop receiving emails from it, send an email to terraform-too...@googlegroups.com<mailto:terraform-too...@googlegroups.com>.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/0e2a7c82-e15b-4bd4-9aaf-59629e80bfd2%40googlegroups.com<https://groups.google.com/d/msgid/terraform-tool/0e2a7c82-e15b-4bd4-9aaf-59629e80bfd2%40googlegroups.com?utm_medium=email&utm_source=footer>.
For more options, visit https://groups.google.com/d/optout.

David Adams

unread,

Nov 18, 2016, 9:48:33 AM11/18/16

to terrafo...@googlegroups.com

For security groups in the same VPC, you should set the permissions based on the security groups of the launched instances, and then you don't need to worry about private addresses. As far as public addresses, it would be possible for Terraform to add an aws_asg_instances data source to provide what you're looking for, but you'd have to trigger that any time any instances were launched or terminated from the ASG.

Honestly, that sort of adjustment is exactly what AWS Lambda is designed for... you can wire up ASG activity notifications to an SNS topic that triggers a lambda that enumerates the IPs of the members and updates security groups (via permissions you've granted to the lambda's execution role). You could use Terraform to set up that event chain...

--
This mailing list is governed under the HashiCorp Community Guidelines - https://www.hashicorp.com/community-guidelines.html. Behavior in violation of those guidelines may result in your removal from this mailing list.

GitHub Issues: https://github.com/hashicorp/terraform/issues
IRC: #terraform-tool on Freenode
---
You received this message because you are subscribed to the Google Groups "Terraform" group.

To unsubscribe from this group and stop receiving emails from it, send an email to terraform-tool+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/terraform-tool/0e2a7c82-e15b-4bd4-9aaf-59629e80bfd2%40googlegroups.com.

Reply all

Reply to author

Forward