control-tower deploy fails on "Waiting for the agent on VM '...' to be ready" after running from a non-static ip address (AWS)

[AndrewYHuang]

Running control-tower deploy sets the security group rules for the bosh director automatically to my current IP address. (A reasonable assumption to make, which unfortunately doesn't hold true in my case!)

When the deploy script reaches the stage where we connect to the bosh director, my device tries to connect to it using a different IP address.

Ideally, there would be a way to let us specify multiple, or a range, of IP addresses to allow connection to the bosh director, or perhaps skip the terraform security group step entirely.

Potential Workarounds:

• Modify the security group to add the rules after the terraform deploy step, and before the script reaches the "Waiting for agent" step.
  • This is quite fiddly and very interactive. It also relies on predicting which IP address gets allowed in the security group.
• (Haven't tried it yet) Use AWS Cloudshell?

[crsimmons]

Thanks for raising this. Allowing for a whitelist CIDR or an option for removing the restriction altogether are things we can look at adding in the future.

Out of curiosity what is your setup that causes outbound connections from the same executable to appear as coming from different IPs?

[RichardBradley]

We have outbound load balancing on our office internet, so don't have a stable public IP on our dev machines. It's probably an unusual setup.