-
Notifications
You must be signed in to change notification settings - Fork 9.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
No way to specify primary IP on aws_network_interface when multiple IPs in play #10674
Comments
I did some digging and there are multiple bugs and PRs related to this defect since 2017.. PLEASE PLEASE someone fix this.. it seems that the correct behaviour should be as detailed in this comment Sort private ips for an AWS instance in Terraform resource/aws_network_interface: Use first of private_ips as primary |
I can confirm the same behavior on other virtual network appliances in AWS. In the same VPC I create subnets in two AZs, and deploy an instance into each AZ. The instance that deploys into AZ-a will always correctly assign primary and secondary private IPs to my NICs, however when I deploy an instance into AZ-b, that instance will always have primary and secondary IPs reversed. example: Create and attach bigip tmm network interfacesresource "aws_network_interface" "az2_dmz_mgmt" { resource "aws_network_interface" "az2_dmz_external" { resource "aws_network_interface" "az2_dmz_internal" { BigIP 2resource "aws_instance" "az2_dmz_bigip" { Despite the fact I order my declaration specifying the primary private IP first in the list, what I get in AWS EC2 console is the opposite of what I'm expecting (and require since the private secondary IPs are dependencies of other configurations): 12.12 is supposed to be a primary IP for eth1, and 12.112 is supposed to be secondary for eth1 but it's been reversed somehow. I need a way to control this behavior. Please fix this issue. |
This is a challenging problem with many issues involved. It took some time to unravel and create a potential solution. So, this comment is very long. You'd probably only want to read this if you really care about the issue of managing multiple IP addresses on an AWS network interface using terraform. I should note up front that I am just some guy on the Internet trying to make a contribution. I only starting working on this project last week and I am not affiliated with Hashicorp, who ultimately decides what to do here. Normally I would collaborate before getting this far but I wanted to come with a proposal in hand that I knew would work and it actually took four attempts before I figured out a workable solution that I could live with. By that time it was mostly filled out so I just went ahead and finished it. This comment is organized into these sections:
How it Works NowThe describes the behavior of terraform 0.14.7 with AWS provider 3.29.0. The existing IPv4 settings/exports are:
The existing IPv6 settings are:
|
This functionality has been released in v3.74.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
Community Note
Terraform Version
Affected Resource(s)
Terraform Configuration Files
Expected Behavior
In order to setup a HA Fortigate firewall in AWS, I need to create mulitple ENI with specific configuration, including fixed private IPs. I expect the above configration to create an ENI with a primary private IP of
10.85.36.11
(the first IP in the private_ips list) and secondary IP of10.85.36.13
.Actual Behavior
In my Dev AWS account (with VPC CIDR 10.80.32.0/19), the above configuration creates an ENI with correct assignments (namely a primary of
10.80.36.11
and secondary of10.80.36.13
.However in my Staging AWS enviroment (VPC CIDR of 10.85.32.0/19) the above configuration creates an ENI with incorrect assignments (namely a primary of
10.80.36.13
and secondary of10.80.36.11
).In Dev, I can re-run the configuration multiple times and it always is correct, in Staging I have re-run the configuration multiple times and it is always incorrect
Important Factoids
It appears that it is possible to specify (undocumented)
private_ip
in addition toprivate_ips
(I was hoping to be able to specify the primary, but that appears to be ignoredThe text was updated successfully, but these errors were encountered: