0

I am trying to bootstrap an AWS EC2 instance using terraform. I am using user data and referencing a file which has the start up script for the user data (instead of inline). This file also references another file for some config. The instance is in a private subnet and I am not handling keys.

So far, I have tried to use file provisioner to copy the config file to the instance and then I can reference the file path inside the start up script. I suspect terraform cannot copy the file because I am not even specifying a connections block, however, I am not sure what to add here since I don't have keys.

Code so far:

resource "aws_instance" "fe_proxy" {
  ami                     = "${var.fe_proxy}"
  instance_type           = "t2.micro"
  subnet_id               = "${aws_subnet.public_a.id}"
  monitoring              = true
  vpc_security_group_ids  = [ "${aws_security_group.fe_proxy.id}" ]
  iam_instance_profile    = "${aws_iam_instance_profile.proxy-instance-profile.name}"

  user_data = "${file("./start-up-scripts/install_proxy_deps.sh")}"

  provisioner "file" {
    source = "./start-up-scripts/haproxy.cfg"
    destination = "/tmp/haproxy.cfg"
  }

}

Is there a way around this?

Idris.AH
  • 410
  • 1
  • 10
  • 22

1 Answers1

0

You're correct that without a connection block you won't get anywhere with a file provisioner here. You definitely need to SSH in, and since you've mentioned you're deploying in a private subnet I'd recommend you configure a bastion host for the connection block which Terraform supports:

https://www.terraform.io/docs/provisioners/connection.html

Otherwise my best suggestion would be to have your user-data script do a curl (if connected to a NAT gateway), or an S3 copy (which you can do without internet access if you have an S3 VPC endpoint configured), to pull the file you require for haproxy that way. It would mean you'd need to store your source file remotely though.