fix: ignore changes to associate_public_ip_address

[aslafy-z]

what

Add lifecycle ignore changes to aws_instance.associate_public_ip_address

why

• prevent replacement on external aws eip association

more

Alternative:

• Implement usage of custom EIP

[andreineculau]

@Gowiem @jamengual
Any chance of approving and merging this in 🙇 ? In our case, the EIP association happens outside of this terraform module thus we have a race condition on our hands.

[Gowiem]

@aslafy-z @andreineculau -- I believe you can associate an EIP to the EC2 instance through an ENI and the external_network_interfaces variable. I know that is a bit indirect, but does that solve your need here? I believe that would be the proper solution to your issues.

[andreineculau]

@Gowiem thanks for the reply. I didn't understand your point, but the confusion lead me to investigate the code closer. It turns out that the magic incantation for our situation is

associate_public_ip_address = true
assign_eip_address = false

The former, because we will assign an EIP out of band to the EC2 instance, and the latter because we don't want the module to do that automatically.

Possibly the README or even variables.tf could benefit from clarification upon the matter.
Thank you!

[mergify]

💥 This pull request now has conflicts. Could you fix it @aslafy-z? 🙏

[Gowiem]

@andreineculau if that worked for you, awesome.

@aslafy-z can you check if that works for your use-case as well and then update this PR (or open another) to mention those instructions in the README under Usage?

[Gowiem]

@aslafy-z friendly ping on the above. Thanks!

[aslafy-z]

The goal is to assign a static public ip address to the instance. If I get it well, what @andreineculau proposes may change the IP on instance replacement (userdata update for eg.). Can you confirm?

[andreineculau]

may change the IP on instance replacement (userdata update for eg.)

Not sure what you mean. We consistently bring down the instance (AMI updates) with no apparent issues. An EIP is assigned just like this module would do internally, except that it is assigned externally. It's the equivalent of "implement usage of custom EIP", just that it's not obvious

[andreineculau]

@aslafy-z I confirm now. We started seeing IP-related diffs

[andreineculau]

@Gowiem if you are reluctant, could it be that we make this lifecycle ignore-change conditional to var.associate_public_ip_address being false?

It would read like "you told me NOT to associate an IP, so you do it separately".

But the reverse would still try to correct the drift "you told me to associate an IP, somehow the association broke, I will fix it back"

[nitrocode]

if you are reluctant, could it be that we make this lifecycle ignore-change conditional to var.associate_public_ip_address being false?

@andreineculau please see a similar PR that tries to add a conditional #209 (comment)

This is not possible currently in terraform/opentofu.

Instead, could you set external_network_interface_enabled to true ? That should null the argument

terraform-aws-ec2-instance/main.tf

Line 122 in e5323e1

associate_public_ip_address = var.external_network_interface_enabled ? null : var.associate_public_ip_address

[andreineculau]

Unfortunately i tried that and that opens up to a whole bunch if other issues