add support for EIP to single-node-asg module

[ketzacoatl]

ATM the Single-Node ASG module includes support for an EBS volume that is associated with the ASG. Another use-case we run into is attaching an Elastic IP (EIP). Similar to the EBS volume, this is easy to attach to a single EC2 instance, but Terraform cannot do that for an EC2 instance that does not exist yet (eg when the EC2 instance is created by an ASG). We solve this in the same way as with the EBS volume - we give EC2 init enough info to attach the EIP when booting the instance.

Requirements

• Update the single-node-asg module to add support for EIP in the same way the EBS volume is supported.
• Make the EIP optional, use a variable/local combination to enable/disable the resource with true/false --> 1/0
• Propose and review a method for attaching during init before implementing.
• Update an example project (in this repo) that uses the single-node-asg module, for TDD and to demonstrate how it works.

[Magicloud]

So by "attaching an Elastic IP", do you mean the EIP is pre-existing (allocated), or it should be allocated by this module, or we should support both cases?

[ketzacoatl]

That is a great question @Magicloud. I hope this helps to explain:

Terraform is used to create the EIP resource itself. With an ASG, Terraform creates the LC and ASG, but AWS creates the EC2 instances, so Terraform cannot associate/attach the EIP to an EC2 instance created by AWS ASG. That EIP created by Terraform is then floating and not attached to an EC2 instance, but in this design, we have a "single node ASG" - there is only one EC2 instance, and the EC2 instance can be provided init/shell/etc to attach specific resources. In the existing module design, we create an EBS volume to attach. The purpose of this issue is to add support for an EIP that is attached in the same way the EBS volume it attached.

[Magicloud]

Thanks. So the EIP is pre-existing (by Terraform).

[ketzacoatl]

Yes, you want to use aws_eip and not the _association resource, and during EC2 init, we use aws tools to associate the EIP with the EC2 instance.

[ketzacoatl]

@Magicloud, also make sure the ASG does not have a public IP, there is a module variable for that.

[Magicloud]

To confirm, you meant another requirement? I mean it is configurable now. Did you mean I should set it to false when associate the EIP?

[Magicloud]

Associating address via awscli gives me UnauthorizedOperation.

[Magicloud]

One more thing to change, I guess, subnets module, need to pass false to its public attribute.

And, have not figured this out, passing false to associate_public_ip_address of aws_launch_configuration does not set the launch conf in AWS to not associate, but default (Only assign a public IP address to instances launched in the default VPC and subnet).

Still digging.

[Magicloud]

After my testing, it is as expected, without public network accessing, aws cannot attach EBS or associate EIP.

So we cannot do "ASG does not have a public IP". At least a NAT for the whole group.