search

terraform-aws-modules / terraform-aws-ec2-instance

Terraform module to create AWS EC2 instance(s) resources 🇺🇦
https://registry.terraform.io/modules/terraform-aws-modules/ec2-instance/aws
Apache License 2.0
758 stars 1.88k forks source link

Create EC2 with no ssm permission with cause error 400. #350

Closed shawnsavour closed 1 year ago

shawnsavour commented 1 year ago

Description

Create an ec2 instance without ssm permission with cause error.

This account or role can still create an instance in console.

The root cause is because this line of code in main.tf in line 9:

data "aws_ssm_parameter" "this" {
  count = local.create ? 1 : 0

  name = var.ami_ssm_parameter
}

Request to make the call data aws_ssm_parameter optional, something like when ami is specified, then no need to call ssm parameter to get the ami id: 

#main.tf
  ami                  = try(coalesce(var.ami, nonsensitive(data.aws_ssm_parameter.this[0].value)), null)

Because it coalesce the var.ami and the nonsensitive(data.aws_ssm_parameter.this[0].value)), so we only need it when var.ami is not specified. So it should be check for null when use data to call to ssm.

data "aws_ssm_parameter" "this" {
  count = local.create && var.ami == null ? 1 : 0

  name = var.ami_ssm_parameter
}

⚠️ Note

Versions

Reproduction Code [Required]

Steps to reproduce the behavior:

Expected behavior

Create an instance without ssm parameter permission

Actual behavior

Cannot create instance because missing permission

shawnsavour commented 1 year ago

I created a PR for this issue #351

shawnsavour commented 1 year ago

Closed, added in version 5.3.0

github-actions[bot] commented 1 year ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.