UnsupportedOperation: Specifying InstanceMetadataTags is not yet supported in this region (me-central-1)

[nicon89]

Description

I'm unable to create a new EC2 instance in me-central-1 region. It's failing on an error:

UnsupportedOperation: Specifying InstanceMetadataTags is not yet supported in this region

• [x ] ✋ I have searched the open/closed issues and my issue is not listed.

Versions

• Module version [Required]: 4.1.4

• Terraform version: 1.2.8

• Provider version(s):

  
  Terraform v1.2.8
  on linux_amd64

• provider registry.terraform.io/hashicorp/aws v4.28.0

• provider registry.terraform.io/hashicorp/local v2.0.0

Reproduction Code [Required]

module "ec2_instance" {
  for_each = var.ec2_instances

  source  = "terraform-aws-modules/ec2-instance/aws"
  version = "~> 4.1.4"

  name          = "${var.app_name}-${each.key}-${var.env}"
  ami           = data.aws_ami.ubuntu.id
  instance_type = each.value.instance_type
  #TODO
  key_name               = aws_key_pair._.key_name
  monitoring             = true
  vpc_security_group_ids = [module.vpc.default_security_group_id, aws_security_group._[each.key].id]
  subnet_id              = each.value.public ? module.vpc.public_subnets[0] : module.vpc.private_subnets[0]
}

Steps to reproduce the behavior:

tf apply

no

yes

n/a

Expected behavior

It should allow to unset instance metadata tags.

Actual behavior

It fails on creation of EC2 instance in me-central-1 region.

Terminal Output Screenshot(s)

│ Error: updating EC2 Instance (i-xxx) metadata options: UnsupportedOperation: Specifying InstanceMetadataTags is not yet supported in this region.
│       status code: 400, request id: 50eb0877-011d-481d-bb71-3ba1509a45b3
│ 
│   with module.ec2_instance["backend"].aws_instance.this[0],
│   on .terraform/modules/ec2_instance/main.tf line 7, in resource "aws_instance" "this":
│    7: resource "aws_instance" "this" {

[tofupup]

That error is coming from AWS, and not terraform-aws-ec2-instance or the AWS provider. Unfortunately, I believe me-central-1 is still a half baked region, and doesn't have full support of a lot of options.

This is more with the terraform-provider-aws provider, as it will try to set MetadataOptions.InstanceMetadataTags to disabled when instantiating an instance by default. However, if you set MetadataOptions.HttpEndpoint to disabled, it should not try to set the InstanceMetadataTags setting. I don't think this will allow you to use the instance metadata service at all, unfortunately, and I don't have a way to test this.

If you need more, though, you'll probably have to open an issue with the terraform-provider-aws repo. But I don't think there's a way to not set instance_metadata_tags in the aws_instance resource and still have the http metadata. If you try to set it to null, it will still set to disabled when making the AWS API call.

For terraform-aws-ec2-instance module, setting:

  metadata_options = {
    http_endpoint = "disabled"
  }

will make the provider not set the instance_metadata_tags option. But again, will probably break the http metadata access from the instance.

If you want, you can see the API options being sent by using:

❯ TF_LOG_PROVIDER=DEBUG && TF_LOG_PATH=/tmp/terraform.log && terraform apply
❯ grep -i Action=RunInstances /tmp/terraform.log

[github-actions[bot]]

This issue has been automatically marked as stale because it has been open 30 days with no activity. Remove stale label or comment or this issue will be closed in 10 days

[github-actions[bot]]

This issue was automatically closed because of stale in 10 days

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.