Closed codygreen closed 3 years ago
After further evaluation, this is an issue with the module and not the example code.
I'm having to perform the following steps to work around this:
export vip_private_address=`terraform output -json | jq '.private_addresses.value[0][0][0]' -r`
export vip_instance_id=`aws ec2 describe-instances | jq '.Reservations[0].Instances[0].InstanceId' -r`
export vip_eni=`aws ec2 describe-instances | jq '.Reservations[0].Instances[0].NetworkInterfaces[] | select(.PrivateIpAddress | contains("10.0.2.")) | .NetworkInterfaceId' -r`
export allocation_id=`aws ec2 describe-addresses | jq '.Addresses[] | select(.NetworkInterfaceId | contains($vip_eni)) | .AllocationId' --arg vip_eni "$vip_eni" -r`
aws ec2 associate-address --allocation-id $allocation_id --network-interface-id $vip_eni --private-ip-address $vip_private_address
Tracking through INFRAANO-215
@codygreen added changes to assigning eip to secondary private ip of external public enabled interface.(only first external interface)
fixed in v0.9.3
The 3-nic example is assigning the EIP for the public subnet to the public Self-IP. However, port lockdown for that SIP is set to None and will not serve application traffic. Note: this probably affects all multi-nic examples as well.
The EIP should be assigned to the 2nd internal IP address associated with the public NIC - best practice