Modifying aws_instance.user_data triggers a stop then start but does not update output

[rubiconjosh]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or other comments that do not add relevant new information or questions, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform CLI and Terraform AWS Provider Version

Terraform v1.1.9 on darwin_arm64

• provider registry.terraform.io/hashicorp/aws v4.13.0

Affected Resource(s)

• aws_instance

Terraform Configuration Files

terraform {
  required_providers {
    aws = {
      source = "hashicorp/aws"
      version = "~> 4.0"
    }
  }
}

provider "aws" {
  region = "us-east-1"
}

data "aws_ami" "ubuntu" {
  most_recent = true

  filter {
    name = "name"
    values = ["ubuntu/images/hvm-ssd/ubuntu-focal-20.04-amd64-server-*"]
  }

  filter {
    name = "virtualization-type"
    values = ["hvm"]
  }

  owners = ["099720109477"]
}

resource "aws_instance" "example" {
  ami = data.aws_ami.ubuntu.id
  instance_type = "t3.micro"
}

output "public_ip" {
  value = aws_instance.example.public_ip
}

Debug Output

https://gist.github.com/rubiconjosh/bc83076453ca7fdd97bbf7fc0728c444

Panic Output

N/A

Expected Behavior

As documented when user_data is modified a stop/start will be triggered on aws_instance.example. This will cause the public IP of the instance to change. output.public_ip would reflect the new values of aws_instance.example.public_ip.

Actual Behavior

When user_data was modified on aws_instance.example a stop/start was triggered. output.public_ip still reflects the original public ip.

Steps to Reproduce

1. terraform apply
2. Add user_data = "#" to aws_instance.example
3. terraform apply
4. Notice the public IP did not update

Important Factoids

I see the new pubic IP mentioned in the debug log:

2022-05-06T21:24:51.284-0700 [WARN]  Provider "provider[\"registry.terraform.io/hashicorp/aws\"]" produced an unexpected new value for aws_instance.example, but we are tolerating it because it is using the legacy plugin SDK.
    The following problems may be the cause of any confusing errors from downstream operations:
      - .public_ip: was cty.StringVal("44.203.64.34"), but now cty.StringVal("3.92.200.228")

Inspecting state shows that aws_instance.example.public_ip contains the new value, output.public_ip does not.

References

• 0000

[uniquejava]

Met the same issue today.

resource "aws_instance" "my_bastion_host" {
  ami           = var.ami
  instance_type = var.instance_type
  tags          = {
    Name = var.name
  }
  key_name               = var.key_name
  subnet_id              = data.aws_subnet.public_subnet.id
  vpc_security_group_ids = [aws_security_group.public_ec2_security_group.id]

#  provisioner "remote-exec" {
#    inline = [
#      "sudo yum -y update",
#      "sudo yum -y install socat",
#    ]
#  }
  user_data = <<EOF
#!/bin/bash
sudo yum -y update
sudo yum -y install socat
EOF
}

output "ssh" {
  value = format("ssh -i ~/.ssh/%s.pem ec2-user@%s",var.key_name,aws_instance.my_bastion_host.public_dns)
}

I tried to use provisioner "remote-exec" first, but terraform does not detect any changes. I later changed to user_data, it restarted ec2 which changed its public IP address. however, the terraform output does not reflect the new address value

At last, I have to use terraform destroy.