search

hashicorp / terraform-provider-aws

The AWS Provider enables Terraform to manage AWS resources.
https://registry.terraform.io/providers/hashicorp/aws
Mozilla Public License 2.0
9.73k stars 9.09k forks source link

AWS EC2 instance public IP address is not updated on instance type change #20651

Open speller opened 3 years ago

speller commented 3 years ago

I have the following piece of the configuration:

resource "aws_instance" "control" {
  ami = data.aws_ami.control.id
  instance_type = "t2.micro"
  subnet_id = module.vpc.public1_subnet_id
  associate_public_ip_address = true
  vpc_security_group_ids = [
    aws_security_group.control.id
  ]
}

resource "aws_route53_record" "control" {
  name = "control"
  type = "A"
  zone_id = data.aws_route53_zone.tld.id
  records = [aws_instance.control.public_ip]
  ttl = 300
}

The idea here is that the record must have the instance's public IP address. And it worked well. Then I changed the instance type to t2.nano and Terraform has created the following plan:

Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
  ~ update in-place
Terraform will perform the following actions:
  # aws_instance.control will be updated in-place
  ~ resource "aws_instance" "control" {
        id                                   = "i-0f0cca024bef87452"
      ~ instance_type                        = "t2.micro" -> "t2.nano"
        # (28 unchanged attributes hidden)
        # (5 unchanged blocks hidden)
    }
Plan: 0 to add, 1 to change, 0 to destroy.

You may see here that TF has changed the instance instead of replacing it. In the reality, the instance is replaced and gets a new public IP address. But this change is not reflected in the plan and after executing, the infrastructure becomes broken because the DNS record remains to have an old invalid IP address.

Terraform Version

1.0.3 Docker

Expected Behavior

EC2 instance is replaced in TF state. Route 53 record is updated with the new instance's IP address.

Actual Behavior

EC2 instance is not replaced in TF state. Route 53 record is not updated with the new instance's IP address.

joelatrr commented 2 years ago

Can confirm same behavior on t3 instance types.

In the case of a route53 update, you can quiesce by running the apply 2x and the ip address will get updated on the A record.

speller commented 2 years ago

Facing the same issue on every operation that requires instance shutdown. For example, updating the user metadata. The instance is updated but TF doesn't care about the changed IP address so any code that is relying on it will fail or produce broken infrastructure. Why this severe bug is not being fixed?

jwoytek commented 2 years ago

Jumping on the bandwagon here, can confirm this is still the behavior under terraform 1.2.6 with aws provider 4.27.0.

nobitran commented 1 year ago

I still got this issue. May I know how to fix it?

jwoytek commented 1 year ago

I still got this issue. May I know how to fix it?

In many cases, a workaround is to run the apply again, which will see the updated IP and update dependent resources/outputs/etc.

ForbiddenEra commented 1 year ago

+1 using cf provider for dns

ArkadyDR commented 1 year ago

This issue seems to be a duplicate of #6781.

jwoytek commented 1 year ago

The workaround using an intermediate data source posted in https://github.com/hashicorp/terraform-provider-aws/issues/6781#issuecomment-607839534 seems to work for this particular issue. That same user later posted a staged workaround that would also work, and could be needed if one has other issues. The run-apply-twice is simple, but one must remember to do it.

speller commented 1 year ago

@ArkadyDR Yes, this is a duplicate. But who cares?

@jwoytek Can't test it right now, but changes in instance metadata still don't trigger the instance IP address change in Terraform.

enobayram commented 3 months ago

Still affected by this bug 3 years after it was reported.