2

I am trying to setup AWS SFTP transfer in vpc endpoint mode but there is one think I can't manage with. The problem I have is how to get target IPs for NLB target group. The only output I found:

output "vpc_endpoint_transferserver_network_interface_ids" {
  description = "One or more network interfaces for the VPC Endpoint for transferserver"
  value       = flatten(aws_vpc_endpoint.transfer_server.*.network_interface_ids)
}

gives network interface ids which cannot be used as targets:

Outputs:

api_url = https://12345.execute-api.eu-west-1.amazonaws.com/prod
vpc_endpoint_transferserver_network_interface_ids = [
  "eni-12345",
  "eni-67890",
  "eni-abcde",
]

I went through:

terraform get subnet integration ips from vpc endpoint subnets tab and Terraform how to get IP address of aws_lb

but none of them seems to be working. The latter says:

  on modules/sftp/main.tf line 134, in data "aws_network_interface" "ifs":
 134:   count = "${length(local.nlb_interface_ids)}"

The "count" value depends on resource attributes that cannot be determined
until apply, so Terraform cannot predict how many instances will be created.
To work around this, use the -target argument to first apply only the
resources that the count depends on.
localsystemuser
  • 21
  • 2
  • There seems to be something missing in your question: the error message refers to a local value named `nlb_interface_ids`. Could you please add the source code for that local value to your question as well, to show the full context? Ideally, it would help to have a [minimal reproducible example](https://stackoverflow.com/help/minimal-reproducible-example). – Martin Atkins Jan 23 '20 at 00:53
  • @MartinAtkins: If this is not a problem, this is my ticket in Github with source code: https://github.com/terraform-providers/terraform-provider-aws/issues/11676 – localsystemuser Jan 23 '20 at 12:01

1 Answers1

2

You can create an Elastic IP 

resource "aws_eip" "lb" {
  instance = "${aws_instance.web.id}"
  vpc      = true
}

Then specify the Elastic IPs while creating Network LB

resource "aws_lb" "example" {
  name               = "example"
  load_balancer_type = "network"

  subnet_mapping {
    subnet_id     = "${aws_subnet.example1.id}"
    allocation_id = "${aws_eip.example1.id}"
  }

  subnet_mapping {
    subnet_id     = "${aws_subnet.example2.id}"
    allocation_id = "${aws_eip.example2.id}"
  }
}
Devesh mehta
  • 1,505
  • 8
  • 22
  • No, they are not setup as ASG, and I can't setup entire private subnet as it expects IP addres not range. – localsystemuser Jan 20 '20 at 12:25
  • Well, that was not the question how to create LB. I have it already working. I need to add target IPs to target group. Unfortunately output from `vpc_endpoint_transferserver_network_interface_ids` gives you eni IDs not IPs. – localsystemuser Jan 21 '20 at 09:36
  • When you allocate an EIP to the NLB then you can use the EIP to add as a target IPs to the target group – Devesh mehta Jan 21 '20 at 13:19
  • 2
    @Davesh: What I need is to add VPC endpoint IPs as targets in Target Group. Do you know how to output IPs not eni IDs from Terraform? This is my ticket at Github: https://github.com/terraform-providers/terraform-provider-aws/issues/11676 – localsystemuser Jan 21 '20 at 13:32