Closed salecharohit closed 1 year ago
Hi @salecharohit,
The behavior you describe sounds like the instance is disabling external ssh access in conjunction with the http_endpoint
being disabled. The output looks like Terraform cannot connect to public_ip
, can you verify if that is the case?
I guess so , I haven't done an RCA of this , all I know is when I try to disable the http_endpoint
the instance just doesn't connect even after supplying a proper SSH key.
It sounds then like the instance must rely on this http_endpoint
in order to use the key provided via key_name
on the server side. Terraform makes no use of this information, it only attempts to connect via ssh with the given credentials, and we can see that the credentials are valid. If you are certain this should work and it's a misconfiguration of the instance, I would raise the issue with the AWS provider. If you have more questions, it's would be better to ask in the community forum where there are more people familiar with the provider and AWS services.
Thanks!
thanks @jbardin can you help me identify where exactly should I file this ticket ? is there a specific repo for AWS providers ?
@salecharohit, each provider's GitHub repo is linked from their registry page, the AWS provider's is here: https://registry.terraform.io/providers/hashicorp/aws/latest, and the repo is here https://github.com/hashicorp/terraform-provider-aws/. The linked forums may be more useful too, since the behavior is probably not defined by the provider but rather the remote service. It seems possible that disabling the http metadata endpoint could prevent access to user metadata like the key you are attempting to login with.
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.
Terraform Version
Terraform Configuration Files
Debug Output
https://gist.github.com/salecharohit/c3c7dfb5d024bcdb950b2858c639e555
Expected Behavior
Terraform Apply should work through fine and remote_exec should connect and execute
Actual Behavior
Throws an error as shown which is an SSH error when remote_exec tries to connect.
However, If I disable the following lines , it all works smoothly, terraform apply works and remote_exec connects and executes the script.
Additonally, the SSH key generated is unable to connect and throws the same error.
Steps to Reproduce
terraform init terraform apply
Additional Context
I need to build a bastion host with IMDS disabled by default as a security requirement and hence I need to use the following metadata configuration in the
aws_instance
resourceWhat I fail to understand is why or rather how is this step/feature interfering with SSH communications ? Why does remote_exec need to contact IMDS service when all it really needs is an SSH private key which is being provided.
References
Other similar issues I looked at prior to filing this error https://github.com/hashicorp/terraform/issues/31146 https://github.com/hashicorp/terraform/issues/27768