Using splat with 'host' property under 'connection' results in wrong IP address

[josh-padnick]

I've been trying to get Terraform to deploy 3 EC2 instances. I'm using provisioners and a connection block that specifies that terraform should attempt to connect to the private_ip, but terraform appears to get the IP addresses wrong.

elk.tf

# Launch a cluster of ELK instances
resource "aws_instance" "elk" {
    count = "${var.num_instances}"

    ami = "${lookup(var.amis, var.region)}"
    associate_public_ip_address = false
    iam_instance_profile = "ElasticSearch-Logstash-Kibana-Instance"
    instance_type = "t2.medium"
    key_name = "${var.key_name}"
    security_groups = ["sg-********"]
    subnet_id = "${lookup( concat("subnets_private_", var.region), concat("zone", count.index) )}"
    tags {
      "Name" = "ELK Instance #${count.index}"
    }

    # Specify the properties terraform will use to connect to upload files, run commands, etc.
    connection {
      user = "my-user"
      key_file = "${var.key_path}"
      host = "${ element(aws_instance.elk.*.private_ip, count.index) }"
      timeout = "2m30s"
    }
...
}

The problematic line is host = "${ element(aws_instance.elk.*.private_ip, count.index) }". Observe how terraform attempts to connect:

$ terraform apply
aws_instance.elk.2: Creating...
  ami:                         "" => "ami-b5a7ea85"
  associate_public_ip_address: "" => "0"
  availability_zone:           "" => "<computed>"
  block_device.#:              "" => "<computed>"
  iam_instance_profile:        "" => "ElasticSearch-Logstash-Kibana-Instance"
  instance_type:               "" => "t2.medium"
  key_name:                    "" => "my_key_name"
  private_dns:                 "" => "<computed>"
  private_ip:                  "" => "<computed>"
  public_dns:                  "" => "<computed>"
  public_ip:                   "" => "<computed>"
  security_groups.#:           "" => "1"
  security_groups.2458186782:  "" => "sg-*******"
  subnet_id:                   "" => "subnet-*******"
  tags.#:                      "" => "1"
  tags.Name:                   "" => "ELK Instance #2"
  tenancy:                     "" => "<computed>"
aws_instance.elk.1: Creating...
  ami:                         "" => "ami-b5a7ea85"
  associate_public_ip_address: "" => "0"
  availability_zone:           "" => "<computed>"
  block_device.#:              "" => "<computed>"
  iam_instance_profile:        "" => "ElasticSearch-Logstash-Kibana-Instance"
  instance_type:               "" => "t2.medium"
  key_name:                    "" => "my_key_name"
  private_dns:                 "" => "<computed>"
  private_ip:                  "" => "<computed>"
  public_dns:                  "" => "<computed>"
  public_ip:                   "" => "<computed>"
  security_groups.#:           "" => "1"
  security_groups.2458186782:  "" => "sg-*********"
  subnet_id:                   "" => "subnet-**********"
  tags.#:                      "" => "1"
  tags.Name:                   "" => "ELK Instance #1"
  tenancy:                     "" => "<computed>"
aws_instance.elk.0: Creating...
  ami:                         "" => "ami-b5a7ea85"
  associate_public_ip_address: "" => "0"
  availability_zone:           "" => "<computed>"
  block_device.#:              "" => "<computed>"
  iam_instance_profile:        "" => "ElasticSearch-Logstash-Kibana-Instance"
  instance_type:               "" => "t2.medium"
  key_name:                    "" => "my_key_name"
  private_dns:                 "" => "<computed>"
  private_ip:                  "" => "<computed>"
  public_dns:                  "" => "<computed>"
  public_ip:                   "" => "<computed>"
  security_groups.#:           "" => "1"
  security_groups.2458186782:  "" => "sg-*********"
  subnet_id:                   "" => "subnet-23102b57"
  tags.#:                      "" => "1"
  tags.Name:                   "" => "ELK Instance #0"
  tenancy:                     "" => "<computed>"
aws_instance.elk.2: Provisioning with 'remote-exec'...
aws_instance.elk.2 (remote-exec): Connecting to remote host via SSH...
aws_instance.elk.2 (remote-exec):   Host: 10.224.34.210
aws_instance.elk.2 (remote-exec):   User: my-user
aws_instance.elk.2 (remote-exec):   Password: false
aws_instance.elk.2 (remote-exec):   Private key: true
aws_instance.elk.1: Provisioning with 'remote-exec'...
aws_instance.elk.1 (remote-exec): Connecting to remote host via SSH...
aws_instance.elk.1 (remote-exec):   Host: 10.224.34.210
aws_instance.elk.1 (remote-exec):   User: my-user
aws_instance.elk.1 (remote-exec):   Password: false
aws_instance.elk.1 (remote-exec):   Private key: true
aws_instance.elk.2 (remote-exec): Connection error, will retry: dial tcp 10.224.34.210:22: i/o timeout
aws_instance.elk.1 (remote-exec): Connection error, will retry: dial tcp 10.224.34.210:22: i/o timeout
aws_instance.elk.0: Provisioning with 'remote-exec'...
aws_instance.elk.0 (remote-exec): Connecting to remote host via SSH...
aws_instance.elk.0 (remote-exec):   Host: 10.224.32.22
aws_instance.elk.0 (remote-exec):   User: my-user
aws_instance.elk.0 (remote-exec):   Password: false
aws_instance.elk.0 (remote-exec):   Private key: true

The key issue is that terraform came up with the following associations:

aws_instance.elk.2 (remote-exec):   Host: 10.224.34.210
aws_instance.elk.1 (remote-exec):   Host: 10.224.34.210
aws_instance.elk.0 (remote-exec):   Host: 10.224.32.22

Looking in the AWS Web Console, it appears that aws_instance.elk.1 is connecting to the wrong address. I also tried compiling the latest dev build (0.3.7.dev) but that didn't seem to help either. Thoughts? Or alternative ways I can accomplish this? Or have I misinterpreted the docs and am I doing this wrong?

[knuckolls]

I believe you're seeing the same bug I fixed in #795 . We haven't merged it into master because I haven't yet gotten to writing the test. You can merge in that PR and see if it fixes your problem. I'd be interested to see if it does.

[josh-padnick]

@knuckolls Thanks for your response. So, n00b question, but when I try to run your branch locally I get this output:

go get -u -v ./...
package github.com/hashicorp/terraform: github.com/hashicorp/terraform is a custom import path for https://github.com/hashicorp/terraform, but /Users/josh/go/src/github.com/hashicorp/terraform is checked out from https://github.com/hashicorp/terraform.git
...

Any pointers / resources on how I can get around that?

[svanharmelen]

@josh-padnick by adding the '-f' flag to your 'go get' command...

[mitchellh]

This shouldn't be allowed. The functionality you're trying to get should be, see #219, but accessing the splat shouldn't be possible here so this should be a semantic error.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.