terraform-aws-elastic-beanstalk-environment icon indicating copy to clipboard operation
terraform-aws-elastic-beanstalk-environment copied to clipboard

Published 20 hours ago verified publisher icon cloudposse

Add support for EC2 launch templates

Open scraperg opened this issue 2 years ago • 5 comments
trafficstars

Describe the Feature

Request support be added for EC2 launch templates.

AWS now recommends using EC2 launch templates instead of launch configurations. Currently the terraform-aws-elastic-beanstalk-environment module only supports launch configurations.

References: An AWS Blog post recommending migrating from launch configurations to launch templates: https://aws.amazon.com/blogs/compute/amazon-ec2-auto-scaling-will-no-longer-add-support-for-new-ec2-features-to-launch-configurations/

Documentation for launch configurations warns "We strongly recommend that you do not use launch configurations.": https://docs.aws.amazon.com/autoscaling/ec2/userguide/launch-configurations.html

Documentation for launch templates: https://docs.aws.amazon.com/autoscaling/ec2/userguide/launch-templates.html

Thanks.

scraperg avatar Dec 05 '22 23:12 scraperg

+1

runtman avatar Dec 08 '22 15:12 runtman

We're also tracking this issue. This will affect our clients DR plans, as after Dec 2023 there will be no ability to deploy new EB apps with launch configurations to a new AWS account.

ddxor avatar Dec 14 '22 12:12 ddxor

The good news in the short term is that by enabling the metadata v2 service, launch templates will be deployed in place of launch configurations.

+  additional_settings = [
+    {
+      namespace = "aws:autoscaling:launchconfiguration",
+      name = "DisableIMDSv1",
+      value = "true"
+    }
+  ]

ddxor avatar Dec 14 '22 16:12 ddxor

Hi @ddxor,

Thanks for the DisableIMDSv1 suggestion.

When I add that setting to a pre-existing Beanstalk environment, it switches from launch configurations to launch templates. Which is great. But when I include the setting in an all new environment, I get the following error when applying:

Error: Error creating SSM activation: ValidationException: Nonexistent role or missing ssm service principal in trust policy: arn:aws:iam::XXXXXXXXX:role/XXXXXXX-eb-ec2

After removing the DisableIMDSv1 setting the environment came up successfully. I could then re-add the setting, and the env switched over to launch templates. But that process wouldn't be helpful in a DR scenario after December 2023.

Were you able to bring up a new Beanstalk environment with this setting?

Thanks.

Update: This error was caused by #205, unrelated to the DisableIMDSv1 setting. Thanks.

scraperg avatar Jan 06 '23 14:01 scraperg

+1

N-Mohammed avatar Feb 17 '24 01:02 N-Mohammed