Terraform aws instance user_data not running

Question

trying to use user_data when running an EC2 instance with Terraform.

resource "aws_instance" "ec2nginx1" {
  ami = nonsensitive(data.aws_ssm_parameter.ami.value)
  instance_type = var.instance_type
  subnet_id = aws_subnet.prisubnet1.id
  vpc_security_group_ids = [aws_security_group.nginx_ec2sg.id]
  depends_on = [null_resource.building_docker_image]
  user_data = <<EOF
  #!/bin/bash
sudo yum install -y openssh-server
sudo yum install -y aws
sudo yum install -y docker
sudo yum install -y curl
sudo systemctl start docker
sudo aws configure set aws_access_key_id ${var.ACCESS_KEY}
sudo aws configure set aws_secret_access_key ${var.SECRET_KEY}
sudo aws ecr get-login-password --region us-east-1 | sudo docker login --username AWS --password-stdin ${aws_ecr_repository.myrepo.registry_id}.dkr.ecr.us-east-q.amazonaws.com
sudo docker pull ${aws_ecr_repository.myrepo.repository_url}:latest
sudo docker container run --network host ${aws_ecr_repository.myrepo.repository_url}:latest
EOF
}

Debugging found:

- .user_data: planned value cty.StringVal("858c462aa8a14896b64953424d1d0c5e2f79e122") does not match config value cty.StringVal(" #! /bin/bash\nsudo yum install -y openssh-server\nsudo yum install -y aws\nsudo yum install -y docker\nsudo yum install -y curl\nsudo systemctl start docker\nsudo aws configure set aws_access_key_id ${var.ACCESS_KEY}\nsudo aws configure set aws_secret_access_key ${var.SECRET_KEY}\nsudo aws configure set default.region us-east-1\nsudo aws ecr get-login-password --region us-east-1 | sudo docker login --username AWS --password-stdin ${aws_ecr_repository.myrepo.registry_id}.dkr.ecr.us-east-1.amazonaws.com\nsudo docker pull ${aws_ecr_repository.myrepo.repository_url}:latest \n\nsudo docker container run --network host ${aws_ecr_repository.myrepo.repository_url}:latest\n")
      - .user_data_replace_on_change: planned value cty.False for a non-computed attribute
      - .user_data_replace_on_change: planned value cty.False for a non-computed attribute
      - .user_data_replace_on_change: planned value cty.False for a non-computed attribute
      - .user_data_replace_on_change: planned value cty.False for a non-computed attribute
      - .user_data_replace_on_change: planned value cty.False for a non-computed attribute
      - .user_data_replace_on_change: planned value cty.False for a non-computed attribute
      - .user_data_replace_on_change: planned value cty.False for a non-computed attribute
      - .user_data_replace_on_change: planned value cty.False for a non-computed attribute
      - .user_data_replace_on_change: planned value cty.False for a non-computed attribute

I've been searching around and couldn't find any actual solution for that issue. tried with cloud-init, base64 encoding, running as a script with: (file{./"filename"}).

Still doesn't run with same output.

Please help :)

Go to the instance and check `/var/log/cloud-init-output.log` for errors. — Marcin, Jul 21 '22 at 00:05
I am trying to deploy 2 instances when 1 is under private subnet. I understand now that when it is under private subnet it cannot install anything, as he has no access to internet. Is Nat gateway the right option? — boaz naiss, Jul 22 '22 at 11:18

score 1 · Answer 1 · answered Jul 22 '22 at 11:28

1

If your instances are in private subnet, by definition they have no internet access. You have to use NAT gateway to install software or build custom AIM with all software pre installed. Then you just create your instance from your custom Ami.

answered Jul 22 '22 at 11:28

Marcin

215,873
14
235
294

Terraform aws instance user_data not running

1 Answers1