2

I am trying to deploy an EC2 instance on Amazon Web Services using Terraform. I have AWS CLI installed and working on a linux box. Using terraform I would like to mimic the action of the command line instruction below (though hopefully with a little bit of improvement):

aws ec2 run-instances --image-id ami-0127d62154efde733 --count 1 --instance-type t3a.nano --key-name aws-key --security-group-ids launch-wizard-13 --tag-specifications 'ResourceType=instance,Tags=[{Key=Name,Value=test}]'

This will create an instance in eu-west-1c (though this is not defined, and my account is selected as being in eu-west-1) and I can ssh in no problem.

  • I'd like to have a simple .tf file to mimic the behaviour of the above command line.
  • I would like to define the region where the server is being deployed, e.g. being able to spin up a server in the US would be nice.
  • The image I'm wanting to use is the most recent ubuntu server, so wild carding for the image type would be preferable to using an id (I believe there may be different id's for different regions, but on that I'm not sure).
  • The security group (launch-wizard-13) is defined in my account, in the Network and Security settings.

I've tried looking at the official documentation, blogs and github repositories but can't get a simple .tf file to work for the above case. Usually it's the security group that's the problem, but if I leave that section out from the command line above, then I can't ssh in. Please help.

edit:

In repsonse to @Marcin, the full .tf I'm presently running (terraform apply) is

provider "aws" {
  region = "eu-west-2"
}

resource "aws_instance" "myEc2" {
  ami           = "ami-0127d62154efde733"
  instance_type = "t3a.nano"
  key_name      = "aws-key"
  security_groups = [
    "launch-wizard-13"
  ]

  tags = {
    Name = "test"
  }
}

which results in the error,

aws_instance.myEc2: Creating...

Error: Error launching instance, possible mismatch of Security Group IDs and Names. See AWS Instance docs here: https://terraform.io/docs/providers/aws/r/instance.html.

        AWS Error: InvalidParameterValue: Value () for parameter groupId is invalid. The value cannot be empty
        status code: 400, request id: 22b572d8-d0d3-4e2e-ba1b-3db91d2e05f6

  on terraform-ec2.tf line 5, in resource "aws_instance" "myEc2":
   5: resource "aws_instance" "myEc2" {
Improve this question

2 Answers 2

Reset to default
2

I tried to verify your terrform code, after adapting it to my account, but I haven't found any issue with it. It worked.

The only way I think group_id would be required is if you run the code in a non-default vpc (I tested in default vpc).

Thus if you run the code in non-default VPC and want to use security group by name (not id), you can try the following:

# get the details of existing launch-wizard-13 security group

data "aws_security_group" "selected" {
  name = "launch-wizard-13"
}

then use the group id in your resource:

# in your aws_instance resources

vpc_security_group_ids = [
  data.aws_security_group.selected.id
]

But your code you've posted does not include any information about custom VPC. Thus, I don't see a reason why you would get problems with groupId.

UPDATE

Fully working code. I tested it us-east-1 region with my key-pair. You need to change it to your region:

provider "aws" {
  # your data
}


resource "aws_security_group" "allow_ssh" {

  description = "Allow ssh inbound traffic"

  ingress {
    description = "ssh"
    from_port   = 22
    to_port     = 22
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

}


resource "aws_instance" "myEc2" {
  ami           = "ami-02354e95b39ca8dec" # "ami-0127d62154efde733"
  instance_type =  "t2.micro" # "t3a.nano"
  key_name      = "MyKey" # "<aws-key>"
  
  vpc_security_group_ids = [
   aws_security_group.allow_ssh.id
  ]

  tags = {
    Name = "test"
  }
}
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

Thanks for you quick response. I get the error: Error: no matching SecurityGroup found on terraform-ec2.tf line 5, in data "aws_security_group" "selected": 5: data "aws_security_group" "selected" {. I also tried changing name to id, but got the same problem. I would be very happy with a default vpc, as long as I can ssh into it, please could you edit your answer to show me your working code?
@user728785 I added fully working code. If this does not work for you, then there are some other issues than the code that prevent it from working.
@user728785 Glad to hear that:-)
0

You can refer to the EC2 section from the terraform documentation

create a file .tf with something like

provider "aws" {
  region = "eu-west-1c"
}

resource "aws_instance" "myEc2" {
  ami           = "ami-0127d62154efde733"
  instance_type = "t3.nano"
  key_name      = "<aws-key>"
  vpc_security_group_ids = [
    "launch-wizard-13"
  ]

  tags = {
    Name = "test"
  }
}
Improve this answer

4 Comments

Thanks for your reply. I changed the region to eu-west-2, as the 1c wasn't available, but that's ok. When I run terraform apply I get the error: Error: Error launching instance, possible mismatch of Security Group IDs and Names. See AWS Instance docs here: terraform.io/docs/providers/aws/r/instance.html. AWS Error: InvalidParameterValue: Value () for parameter groupId is invalid. The value cannot be empty status code: 400, request id: 84782a87-9af9-4afc-9604-c7d4257bcdf8 on terraform-ec2.tf line 5, in resource "aws_instance" "myEc2": This is the problem I've been having.
@user728785 You can use security_groups instead of vpc_security_group_ids.
@Marcin, thanks for your reply, but that change results in the same error as above.
@user728785 Hi. Can you update your question, with terraform code you are trying to run and exact error message?

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.