search

terraform-aws-modules / terraform-aws-ec2-instance

Terraform module to create AWS EC2 instance(s) resources 🇺🇦
https://registry.terraform.io/modules/terraform-aws-modules/ec2-instance/aws
Apache License 2.0
754 stars 1.87k forks source link

Incorrect SSH key location (me-central-1) #298

Closed nicon89 closed 2 years ago

nicon89 commented 2 years ago

Description

Newly created EC2 instance is adding SSH key to a wrong location (~root/.ssh/authorized_keys instead of ~ubuntu/.ssh/authorized_keys).

Versions

Your version of Terraform is out of date! The latest version is 1.2.9. You can update by downloading from https://www.terraform.io/downloads.html

Your version of Terraform is out of date! The latest version is 1.2.9. You can update by downloading from https://www.terraform.io/downloads.html

Reproduction Code [Required]

data "aws_ami" "ubuntu" {
  most_recent = true
  owners      = ["279184472064"]

  filter {
    name = "name"
    values = ["ubuntu-minimal/images/hvm-ssd/ubuntu-focal-20.04-amd64-minimal-*"]
  }

  filter {
    name   = "virtualization-type"
    values = ["hvm"]
  }
}

resource "aws_eip" "_" {
  for_each = local.eip_enabled_instances

  instance = module.ec2_instance[each.key].id
  vpc      = true
}

resource "aws_key_pair" "_" {
  key_name   = "${var.app_name}-${var.env}"
  public_key = var.public_key
}

module "ec2_instance" {
  for_each = var.ec2_instances

  source  = "terraform-aws-modules/ec2-instance/aws"
  version = "~> 4.1.4"

  name                        = "${var.app_name}-${var.env}-${each.key}"
  ami                         = data.aws_ami.ubuntu.id
  instance_type               = each.value.instance_type
  key_name                    = aws_key_pair._.key_name
  monitoring                  = var.detailed_monitoring
  associate_public_ip_address = each.value.public_ip
  vpc_security_group_ids      = [module.vpc.default_security_group_id, aws_security_group._[each.key].id]
  subnet_id                   = each.value.public_ip ? module.vpc.public_subnets[0] : module.vpc.private_subnets[0]

  metadata_options = {
    http_endpoint = "disabled"
  }

  root_block_device = [
    {
      encrypted   = true
      volume_type = "gp3"
      volume_size = each.value.volume_size
    },
  ]
}

Steps to reproduce the behavior:

tf init; tf apply

I tried to reproduce this issue by manually creating an EC2 machine with this AMI and SSH key - I couldn't reproduce this issue, but I was able to mount volume from module created EC2 instance and find what is causing the issue.

Expected behavior

SSH key should be in correct location.

Actual behavior

SSH key is added to the incorrect location.

Terminal Output Screenshot(s)

root@ip-10-0-101-229:/mnt# cd home/ubuntu/.ssh/
root@ip-10-0-101-229:/mnt/home/ubuntu/.ssh# ls -alh
total 8.0K
drwx------ 2 ubuntu ubuntu 4.0K Sep  8 11:31 .
drwxr-xr-x 3 ubuntu ubuntu 4.0K Sep  8 11:31 ..
-rw------- 1 ubuntu ubuntu    0 Sep  8 11:31 authorized_keys
root@ip-10-0-101-229:/mnt/home/ubuntu/.ssh# cat ^C
root@ip-10-0-101-229:/mnt/home/ubuntu/.ssh# sudo su -
root@ip-10-0-101-229:~# ls -alh
total 24K
drwx------  4 root root 4.0K Sep  8 12:29 .
drwxr-xr-x 19 root root 4.0K Sep  8 12:33 ..
-rw-r--r--  1 root root 3.1K Dec  5  2019 .bashrc
-rw-r--r--  1 root root  161 Dec  5  2019 .profile
drwx------  2 root root 4.0K Sep  8 12:29 .ssh
drwx------  3 root root 4.0K Sep  8 12:29 snap
root@ip-10-0-101-229:~# cat .ssh/authorized_keys 
no-port-forwarding,no-agent-forwarding,no-X11-forwarding,command="echo 'Please login as the user \"ubuntu\" rather than the user \"root\".';echo;sleep 10;exit 142" ssh-rsa CUT_SSH_KEY

Additional context

I'm not sure if there's same problem in other regions - maybe it's region-specific, as me-central-1 is quite new.

antonbabenko commented 2 years ago

This question is not related to this module but to AWS, AMI, or OS.

Please ask it on https://repost.aws or StackOverflow.

Closing this one here.

nicon89 commented 2 years ago

Are you sure, though? After all I wasn't able to replicate this issue by using same AMI, same instance type, same region and so on when I created instance manually from the console.

antonbabenko commented 2 years ago

I am sure it is not related to the module because there are no differences in the code related to the region.

Something has to be different. Maybe in the way the new region behaves or the way AMI was built or copied.

nicon89 commented 2 years ago

I checked this code also in eu-central-1 and I have exactly same behavior.

github-actions[bot] commented 1 year ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.