0

trying to use user_data when running an EC2 instance with Terraform.

resource "aws_instance" "ec2nginx1" {
  ami = nonsensitive(data.aws_ssm_parameter.ami.value)
  instance_type = var.instance_type
  subnet_id = aws_subnet.prisubnet1.id
  vpc_security_group_ids = [aws_security_group.nginx_ec2sg.id]
  depends_on = [null_resource.building_docker_image]
  user_data = <<EOF
  #!/bin/bash
sudo yum install -y openssh-server
sudo yum install -y aws
sudo yum install -y docker
sudo yum install -y curl
sudo systemctl start docker
sudo aws configure set aws_access_key_id ${var.ACCESS_KEY}
sudo aws configure set aws_secret_access_key ${var.SECRET_KEY}
sudo aws ecr get-login-password --region us-east-1 | sudo docker login --username AWS --password-stdin ${aws_ecr_repository.myrepo.registry_id}.dkr.ecr.us-east-q.amazonaws.com
sudo docker pull ${aws_ecr_repository.myrepo.repository_url}:latest
sudo docker container run --network host ${aws_ecr_repository.myrepo.repository_url}:latest
EOF
}

Debugging found:

- .user_data: planned value cty.StringVal("858c462aa8a14896b64953424d1d0c5e2f79e122") does not match config value cty.StringVal(" #! /bin/bash\nsudo yum install -y openssh-server\nsudo yum install -y aws\nsudo yum install -y docker\nsudo yum install -y curl\nsudo systemctl start docker\nsudo aws configure set aws_access_key_id ${var.ACCESS_KEY}\nsudo aws configure set aws_secret_access_key ${var.SECRET_KEY}\nsudo aws configure set default.region us-east-1\nsudo aws ecr get-login-password --region us-east-1 | sudo docker login --username AWS --password-stdin ${aws_ecr_repository.myrepo.registry_id}.dkr.ecr.us-east-1.amazonaws.com\nsudo docker pull ${aws_ecr_repository.myrepo.repository_url}:latest \n\nsudo docker container run --network host ${aws_ecr_repository.myrepo.repository_url}:latest\n")
      - .user_data_replace_on_change: planned value cty.False for a non-computed attribute
      - .user_data_replace_on_change: planned value cty.False for a non-computed attribute
      - .user_data_replace_on_change: planned value cty.False for a non-computed attribute
      - .user_data_replace_on_change: planned value cty.False for a non-computed attribute
      - .user_data_replace_on_change: planned value cty.False for a non-computed attribute
      - .user_data_replace_on_change: planned value cty.False for a non-computed attribute
      - .user_data_replace_on_change: planned value cty.False for a non-computed attribute
      - .user_data_replace_on_change: planned value cty.False for a non-computed attribute
      - .user_data_replace_on_change: planned value cty.False for a non-computed attribute

I've been searching around and couldn't find any actual solution for that issue. tried with cloud-init, base64 encoding, running as a script with: (file{./"filename"}).

Still doesn't run with same output.

Please help :)

Improve this question
4
  • 1
    Go to the instance and check /var/log/cloud-init-output.log for errors. Commented Jul 21, 2022 at 0:05
  • It doesn't get there I think. That's the problem :( Commented Jul 21, 2022 at 17:12
  • Ok My bad it does. Checking Commented Jul 21, 2022 at 17:17
  • I am trying to deploy 2 instances when 1 is under private subnet. I understand now that when it is under private subnet it cannot install anything, as he has no access to internet. Is Nat gateway the right option? Commented Jul 22, 2022 at 11:18

1 Answer 1

Reset to default
1

If your instances are in private subnet, by definition they have no internet access. You have to use NAT gateway to install software or build custom AIM with all software pre installed. Then you just create your instance from your custom Ami.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.