The current template doesn't support deploying to regions other than eu-west-1. This is due to the region-specific service names specified in the aws_vpc_endpoint resources used to enable access to the EC2 instances via SSM.
Note this appears to be a duplicate of #4, but the current main branch doesn't include the fixes from related PR #5.
Expected behavior
VPC endpoints will deploy in the desired region specified in provider.tf, e.g.:
provider "aws" {
region = "us-east-2"
}
Actual behavior
VPC endpoints attempt to deploy into the eu-west-1 region, regardless of the region specified in the provider configuration. If using a different region, the deployment fails.
Example output
$ cat provider.tf
// Copyright Amazon.com, Inc. or its affiliates. All Rights Reserved.
// SPDX-License-Identifier: MIT-0
terraform {
required_providers {
aws = {
version = ">= 3.28.0"
source = "hashicorp/aws"
}
random = {
source = "hashicorp/random"
version = ">=2.3.0"
}
}
}
provider "aws" {
region = "us-east-2"
}
$ terraform apply
...
│ Error: creating EC2 VPC Endpoint (com.amazonaws.eu-west-1.ssm): InvalidServiceName: The Vpc Endpoint Service 'com.amazonaws.eu-west-1.ssm' does not exist
│ status code: 400, request id: 2c59303c-1baa-4888-905c-fb5e7cc9ef2c
│
│ with aws_vpc_endpoint.spoke_vpc_a_ssm_endpoint,
│ on vpc-endpoints.tf line 36, in resource "aws_vpc_endpoint" "spoke_vpc_a_ssm_endpoint":
│ 36: resource "aws_vpc_endpoint" "spoke_vpc_a_ssm_endpoint" {
│
╵
╷
│ Error: creating EC2 VPC Endpoint (com.amazonaws.eu-west-1.ssmmessages): InvalidServiceName: The Vpc Endpoint Service 'com.amazonaws.eu-west-1.ssmmessages' does not exist
│ status code: 400, request id: a3b93362-9d28-438b-8790-2c70990b02d0
│
│ with aws_vpc_endpoint.spoke_vpc_a_ssm_messages_endpoint,
│ on vpc-endpoints.tf line 47, in resource "aws_vpc_endpoint" "spoke_vpc_a_ssm_messages_endpoint":
│ 47: resource "aws_vpc_endpoint" "spoke_vpc_a_ssm_messages_endpoint" {
│
╵
╷
│ Error: creating EC2 VPC Endpoint (com.amazonaws.eu-west-1.ec2messages): InvalidServiceName: The Vpc Endpoint Service 'com.amazonaws.eu-west-1.ec2messages' does not exist
│ status code: 400, request id: 01fec6c1-53bd-459f-b4a0-5898eacee797
│
│ with aws_vpc_endpoint.spoke_vpc_a_ec2_messages_endpoint,
│ on vpc-endpoints.tf line 58, in resource "aws_vpc_endpoint" "spoke_vpc_a_ec2_messages_endpoint":
│ 58: resource "aws_vpc_endpoint" "spoke_vpc_a_ec2_messages_endpoint" {
│
╵
╷
│ Error: creating EC2 VPC Endpoint (com.amazonaws.eu-west-1.ssm): InvalidServiceName: The Vpc Endpoint Service 'com.amazonaws.eu-west-1.ssm' does not exist
│ status code: 400, request id: 96b7094e-8d63-468c-80f6-894b03006851
│
│ with aws_vpc_endpoint.spoke_vpc_b_ssm_endpoint,
│ on vpc-endpoints.tf line 69, in resource "aws_vpc_endpoint" "spoke_vpc_b_ssm_endpoint":
│ 69: resource "aws_vpc_endpoint" "spoke_vpc_b_ssm_endpoint" {
│
╵
╷
│ Error: creating EC2 VPC Endpoint (com.amazonaws.eu-west-1.ssmmessages): InvalidServiceName: The Vpc Endpoint Service 'com.amazonaws.eu-west-1.ssmmessages' does not exist
│ status code: 400, request id: d3f35104-87b3-48cc-bf32-4533a378f437
│
│ with aws_vpc_endpoint.spoke_vpc_b_ssm_messages_endpoint,
│ on vpc-endpoints.tf line 80, in resource "aws_vpc_endpoint" "spoke_vpc_b_ssm_messages_endpoint":
│ 80: resource "aws_vpc_endpoint" "spoke_vpc_b_ssm_messages_endpoint" {
│
╵
╷
│ Error: creating EC2 VPC Endpoint (com.amazonaws.eu-west-1.ec2messages): InvalidServiceName: The Vpc Endpoint Service 'com.amazonaws.eu-west-1.ec2messages' does not exist
│ status code: 400, request id: 94219d4d-1df8-4475-9394-f05e3a78eb40
│
│ with aws_vpc_endpoint.spoke_vpc_b_ec2_messages_endpoint,
│ on vpc-endpoints.tf line 91, in resource "aws_vpc_endpoint" "spoke_vpc_b_ec2_messages_endpoint":
│ 91: resource "aws_vpc_endpoint" "spoke_vpc_b_ec2_messages_endpoint" {
The current template doesn't support deploying to regions other than
eu-west-1. This is due to the region-specific service names specified in theaws_vpc_endpointresources used to enable access to the EC2 instances via SSM.Note this appears to be a duplicate of #4, but the current main branch doesn't include the fixes from related PR #5.
Expected behavior
provider.tf, e.g.:Actual behavior
eu-west-1region, regardless of the region specified in the provider configuration. If using a different region, the deployment fails.Example output
Related items
Previous issue: #4 Previous PR: #5