Unable to provision with file multiple time

Question

While trying to provision with file multiple times, second occurance is not being considered. Not sure if I'm doing it correctly.

Please throw some light !

The below block works perfectly -

source      = "/home/ubuntu/Desktop/aws_migration_using_terraform/tcs-btag-account_us-east-2/aws_infra_automation" 

destination = "/home/ubuntu"
}

However, this one didn't work and there is no error thrown by terraform itself !

    source      = "/home/ubuntu/Desktop/aws_migration_using_terraform/tcs-btag-account_us-east-2/livedevops" 

    destination = "/home/ubuntu"

  }

The entire code is given below --

resource "tls_private_key" "bastion-key" {

  algorithm = "RSA"

  rsa_bits  = 4096

}



resource "aws_key_pair" "generated_key" {

  key_name   = var.bastion_key

  public_key = tls_private_key.bastion-key.public_key_openssh

}



resource "aws_instance" "bastion_host_us-east-2a" {

  ami                         = var.bastion_ami_id

  instance_type               = var.bastion_ec2_instance_type

  disable_api_termination     = false

  subnet_id                   = aws_subnet.devops_mig_pub_sub_01.id

  vpc_security_group_ids      = [aws_security_group.sg-btag-allow.id, aws_security_group.sg-ssh-allow.id]

  associate_public_ip_address = true

  availability_zone           = aws_subnet.devops_mig_pub_sub_01.availability_zone

  key_name                    = aws_key_pair.generated_key.id





  connection {

    type        = "ssh"

    host        = self.public_ip

    user        = "ubuntu"

    port        = 22

    private_key = tls_private_key.bastion-key.private_key_pem

    timeout     = "60s"

  }

#Copying files from local to remote

  provisioner "file" {

    source      = "/home/ubuntu/Desktop/aws_migration_using_terraform/tcs-btag-account_us-east-2/aws_infra_automation" 

    destination = "/home/ubuntu"

  }

  provisioner "file" {

    source      = "/home/ubuntu/Desktop/aws_migration_using_terraform/tcs-btag-account_us-east-2/livedevops" 

    destination = "/home/ubuntu"

  }

  user_data = <<-EOF

    #!/bin/bash

    sudo apt update -y

    sudo apt install -y software-properties-common 

    sudo add-apt-repository --yes --update ppa:ansible/ansible

    sudo apt update -y

    sudo apt install -y ansible

    /usr/bin/ansible --version > ansible-v.txt

     echo "Installing the cloudwatch agent for Ubuntu Linux."

        curl -O https://s3.amazonaws.com/amazoncloudwatch-agent/ubuntu/amd64/latest/amazon-cloudwatch-agent.deb

        dpkg -i -E ./amazon-cloudwatch-agent.deb

    EOF  

  tags = {

    "Name" = "bastion_host"

  }

}







output "private_key" {

  value     = tls_private_key.bastion-key.private_key_pem

  sensitive = true

}

output "bastion_public_ip" {

  value = aws_instance.bastion_host_us-east-2a.public_ip

}

output "bastion_private_ip" {

  value = aws_instance.bastion_host_us-east-2a.private_ip

}

resource "aws_ebs_volume" "bastion_storage" {

  availability_zone = var.bastion-ebs-availability-zone

  size              = 50

  type              = "gp2"

  tags = {

    "Name" = "bastion_ebs_volume"

  }

}





resource "local_file" "bastion_private_key" {

  content         = tls_private_key.bastion-key.private_key_pem

  filename        = "bastion-key.pem"

  file_permission = "0400"

}

Answer 1

I see ubuntu being the user used to SSH to target machine. It's a bad idea to copy files directly to HOME directory of the user & in this case the file provisioner is just replacing everything available on /home/ubuntu directory.

The above directory also contains your SSH public keys used for authentication in ~/.ssh/authorized_keys. That's the reason it's failing at the second file provisioner.

You create a tmp directory under /home/ubuntu or use /tmp or /var/tmp directories if they allow ubuntu user to write something to write.