terraform-aws-wireguard icon indicating copy to clipboard operation
terraform-aws-wireguard copied to clipboard

Published 20 hours ago verified publisher icon jmhale

having trouble getting EIP to associate

Open vtknightmare opened this issue 4 years ago • 5 comments

Hey @jmhale

so, after many trials, I'm getting the following issue:

$ terraform plan Refreshing Terraform state in-memory prior to plan... The refreshed state will be used to calculate this plan, but will not be persisted to local or remote state storage.

module.wireguard.data.template_file.wg_client_data_json[0]: Refreshing state... module.wireguard.data.aws_iam_policy_document.wireguard_policy_doc: Refreshing state... module.wireguard.data.aws_ssm_parameter.wg_server_private_key: Refreshing state... module.wireguard.data.aws_ami.ubuntu: Refreshing state... module.wireguard.data.aws_iam_policy_document.ec2_assume_role: Refreshing state...

Error: Invalid count argument

on .terraform/modules/wireguard/wireguard-iam.tf line 28, in resource "aws_iam_policy" "wireguard_policy": 28: count = (var.eip_id != "disabled" ? 1 : 0) # only used for EIP mode

The "count" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will be created. To work around this, use the -target argument to first apply only the resources that the count depends on.

Error: Invalid count argument

on .terraform/modules/wireguard/wireguard-iam.tf line 36, in resource "aws_iam_role" "wireguard_role": 36: count = (var.eip_id != "disabled" ? 1 : 0) # only used for EIP mode

The "count" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will be created. To work around this, use the -target argument to first apply only the resources that the count depends on.

-0-0-0-0-0-0-0--0-00-0-0-0-0--00-0-0-0-0-0-0-

Now, if I manually provide the EIP id, it works but hilariously by creating it's OWN EIP that is WON'T associate with the EC2 instance it creates -_-

Any help here? What could I be missing?

vtknightmare avatar Mar 11 '20 13:03 vtknightmare

@vtknightmare Can you share your full module declaration block? This seems like its the same as #8, but I still can't reproduce on my end.

jmhale avatar Mar 13 '20 10:03 jmhale

hey @jmhale, here you go:

$ cat main.tf resource "aws_eip" "wireguard" { vpc = true tags = { Name = "wireguard" } }

module "wireguard" { source = "[email protected]:vtknightmare/terraform-aws-wireguard.git" ssh_key_id = "my-key" vpc_id = "vpc-12345678" subnet_ids = ["subnet-098765"] eip_id = "${aws_eip.wireguard.id}" wg_server_net = "192.168.2.1/24" # client IPs MUST exist in this net wg_client_public_keys = [ { "192.168.2.2/32" = "myAweSomeWGKeyhahahaheheh@#$@%2523" } # make sure these are correct ] }

vtknightmare avatar Mar 17 '20 13:03 vtknightmare

per various googling, people are referring to the count variable not being correct maybe? As in perhaps we are referring to something wrong?

vtknightmare avatar Mar 17 '20 13:03 vtknightmare

My workaround was to set the eip_id to "disabled" first and do the apply. Once the eip is created then I added the wireguard.id back in and ran apply again. This solved the problem for me.

kscherer avatar Apr 08 '20 13:04 kscherer

Quick solution is to apply separately: https://github.com/jmhale/terraform-aws-wireguard/issues/8#issuecomment-602133767

Normal solution is to work on the code a little, like https://github.com/madscience/terraform-aws-wireguard/pull/2

vainkop avatar Mar 04 '21 20:03 vainkop