2

Updated :

We have a private cloud hosted in our datacenter which is stripped down version of AWS. We have exposed EC2 API's to allow users to create VM's using awscli.

I am trying to create VM's using Terraform and for initial tests i created a .tf file as below:

provider "aws" {
  access_key = "<key>"
  secret_key = "<key>"
  region = "us-west-1"
  skip_credentials_validation = true

  endpoints
  {
    ec2 = "https://awsserver/services/api/aws/ec2"
  }
}

resource "aws_instance" "Automation" {
  ami           = "ami-100011201"
  instance_type = "c3.xlarge"
  subnet_id = "subnet1:1"

}

This is the error message after running terraform plan

    Error: Error running plan: 1 error(s) occurred:

* provider.aws: AWS account ID not previously found and failed retrieving via all available methods. See https://www.terraform.io/docs/providers/aws/index.html#skip_requesting_account_id for workaround and implications. Errors: 2 errors occurred:
        * error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid.
        status code: 403, request id: 58f9d498-6259-11e9-b146-95598aa219b5
        * failed getting account information via iam:ListRoles: InvalidClientTokenId: The security token included in the request is invalid.
        status code: 403, request id: c10f8a06-58b4-4d0c-956a-5c8c684664ea

We haven't implemented sts and the query always goes to the AWS cloud instead of the private cloud API server.

What am I missing?

Atulac
  • 69
  • 8
  • Can you try adding `skip_credentials_validation` option to the provider? Refer this: https://www.terraform.io/docs/providers/aws/guides/custom-service-endpoints.html#connecting-to-local-aws-compatible-solutions. – krishna_mee2004 Apr 18 '19 at 18:34
  • i get this message : '1 error(s) occurred: * provider.aws: AWS account ID not previously found and failed retrieving via all available methods. See https://www.terraform.io/docs/providers/aws/index.html#skip_requesting_account_id for workaround and implications. Errors: 2 errors occurred: * error calling sts:GetCallerIdentity: InvalidClientTokenId: The security token included in the request is invalid. status code: 403, request id: 58f9d498-6259-11e9-b146-95598aa219b5 * failed getting account information via iam:ListRoles: InvalidClientTokenId: ` – Atulac Apr 19 '19 at 04:13
  • Can you then add `skip_requesting_account_id` and `skip_metadata_api_check` to the provider and try? I have never done this, so I am looking at Terraform documentation. Refer these links: https://www.terraform.io/docs/providers/aws/index.html and https://www.terraform.io/docs/providers/aws/guides/custom-service-endpoints.html – krishna_mee2004 Apr 19 '19 at 13:24
  • Thanks! This worked. It creates VM's in new Environment every time. I am not sure if there is an option of specifying an environment id in Terraform. – Atulac Apr 19 '19 at 15:21

1 Answers1

1

This worked for me to create a vm.

provider "aws" {
  access_key = "<key>"
  secret_key = "<key>"
  region = "us-west-1"
  skip_credentials_validation =true
  skip_requesting_account_id = true
  skip_metadata_api_check = true

  endpoints
  {
    ec2 = "https://awsserver/services/api/aws/ec2"
  }
}

resource "aws_instance" "Automation" {
  ami           = "ami-100011201"
  instance_type = "c3.xlarge"
  subnet_id = "subnet1:1"

}

It creates a VM, however the command errors out with

aws_instance.Automation: Still creating... (1h22m4s elapsed)
aws_instance.Automation: Still creating... (1h22m14s elapsed)
aws_instance.Automation: Still creating... (1h22m24s elapsed)

Error: Error applying plan:

1 error(s) occurred:

* aws_instance.Automation: 1 error(s) occurred:

* aws_instance.Automation: Error waiting for instance (i-101149362) to become ready: timeout while waiting for state to become 'running' (last state: 'pending', timeout: 10m0s)

Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.
Atulac
  • 69
  • 8