provider/aws: ASG creation always times out

[seanknox]

Hi, using version 0.6.12. Creating a small ASG times out on every attempt:

Error applying plan:

1 error(s) occurred:

* aws_autoscaling_group.web-asg: timeout while waiting for state to become '[success]'

Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.

Config is below and in this gist.

# Create a VPC to launch our instances into
resource "aws_vpc" "main" {
  cidr_block = "10.0.0.0/16"

  tags {
    Name = "Terraform VPC"
  }
}

resource "aws_vpc_endpoint" "private_s3" {
    vpc_id = "${aws_vpc.main.id}"
    service_name = "com.amazonaws.us-west-2.s3"
    route_table_ids = [ "${aws_route_table.public.id}" ]
}

# Create an internet gateway to give our subnet access to the outside world
resource "aws_internet_gateway" "default" {
  vpc_id = "${aws_vpc.main.id}"
}

# Create a subnet to launch our instances into
resource "aws_subnet" "public" {
  vpc_id                  = "${aws_vpc.main.id}"
  cidr_block              = ""10.0.1.0/24""
  availability_zone = "us-west-1b,us-west-1c"
  map_public_ip_on_launch = true
  depends_on = ["aws_internet_gateway.default"]
  tags {
      Name = "public"
  }
}

# Grant the VPC internet access on its separate route table
resource "aws_route_table" "public" {
    vpc_id = "${aws_vpc.main.id}"
    route {
        cidr_block = "0.0.0.0/0"
        gateway_id = "${aws_internet_gateway.default.id}"
    }

    tags {
        Name = "public"
    }
}

resource "aws_route_table_association" "public" {
  subnet_id = "${aws_subnet.public.id}"
  route_table_id = "${aws_route_table.public.id}"
}

resource "aws_elb" "web-elb" {
  name = "terraform-elb"

  subnets         = ["${aws_subnet.public.id}"]
  security_groups = ["${aws_security_group.elb.id}"]
  idle_timeout = 300
  connection_draining = true
  connection_draining_timeout = 300

  listener {
    instance_port     = 80
    instance_protocol = "http"
    lb_port           = 80
    lb_protocol       = "http"
  }

  health_check {
    healthy_threshold = 2
    unhealthy_threshold = 2
    timeout = 30
    target = "HTTP:80/"
    interval = 120
  }
}

resource "aws_autoscaling_group" "web-asg" {
  name = "terraform-asg"
  availability_zones = ["us-west-1b,us-west-1c"]
  max_size = 3
  min_size = 2
  desired_capacity = 2
  force_delete = false
  launch_configuration = "${aws_launch_configuration.web-lc.name}"
  load_balancers = ["${aws_elb.web-elb.name}"]
  health_check_grace_period = 60
  health_check_type = "EC2"
  tag {
    key = "Name"
    value = "web-asg"
    propagate_at_launch = "true"
  }
}

resource "aws_launch_configuration" "web-lc" {
  name_prefix = "terraform-lc-"
  # ubuntu-trusty-14.04 (x64)
  image_id = "ami-7f675e4f"
  instance_type = "t2.micro"
  key_name = "${aws_key_pair.auth.id}"
  security_groups = ["${aws_security_group.web_tier_access.id}"]
  user_data = "${file("install_nginx.sh")}"
  lifecycle {
    create_before_destroy = true
  }
}

# A security group for the ELB so it is accessible via the web
resource "aws_security_group" "elb" {
  name        = "terraform_elb"
  description = "Used in the terraform"
  vpc_id      = "${aws_vpc.main.id}"

  # HTTP access from anywhere
  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  # outbound internet access
  egress {
    from_port   = 0
    to_port     = 0
    protocol    = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port = 8
    to_port = 0
    protocol = "icmp"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

resource "aws_security_group" "vpc_http" {
  name        = "VPC HTTP"
  description = "Terraform HTTP access from VPC"
  vpc_id      = "${aws_vpc.main.id}"

  # HTTP access from the VPC
  ingress {
    from_port   = 80
    to_port     = 80
    protocol    = "tcp"
    cidr_blocks = ["10.0.0.0/16"]
  }
}

resource "aws_security_group" "web_tier_access" {
  name = "web_tier_access"
  description = "Allow inbound admin ssh, http to the web tier"
  vpc_id      = "${aws_vpc.main.id}"

  ingress {
    from_port = 22
    to_port = 22
    protocol = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port = 80
    to_port = 80
    protocol = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  # RDP
  ingress {
    from_port = 3389
    to_port = 3389
    protocol = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  # WinRM access
  ingress {
    from_port = 5985
    to_port = 5985
    protocol = "tcp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  ingress {
    from_port = 8
    to_port = 0
    protocol = "icmp"
    cidr_blocks = ["0.0.0.0/0"]
  }

  egress {
    from_port = 0
    to_port = 0
    protocol = "-1"
    cidr_blocks = ["0.0.0.0/0"]
  }
}

[jen20]

Hi @seanknox! Thanks for opening an issue here. I believe this is fixed by #5460, which was recently merged - it will appear in the next release.

[jen20]

Hi @seanknox! A quick update - this is part of a wider group of issues which is being tracked by a meta-issue over at #5537. Consequently I'll close this issue in favour of continuing the discussion over there in order to keep it in one place. Thanks for reporting this!

[seanknox]

sounds good, thanks @jen20!

[timxor]

Hey @jen20, were you able to resolve it? I am getting the same error with Terraform v0.6.16 .

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.