Terraform Instance creation for ENI with Secondary private private IPs greater than 1 Fails

[hashibot]

This issue was originally opened by @pranshuverma as hashicorp/terraform#15886. It was migrated here as a result of the provider split. The original body of the issue is below.

---

Terraform Version

Terraform v0.10.0

Your version of Terraform is out of date! The latest version
is 0.10.2. You can update by downloading from www.terraform.io

Terraform Configuration Files

resource "aws_network_interface" "nic" {
  count = ..
  subnet_id = ..
  # private_ips = ..
  private_ips_count = ..
  security_groups = ..
  source_dest_check = ..
  tags = ..
}

resource "aws_instance" "vm" {
  ami                         = ..
  instance_type               = ..
  # vpc_security_group_ids      = ..
  key_name                    = ..
  # subnet_id                   = .. 
  # associate_public_ip_address = ..
  count                       = ..
  # source_dest_check           = false

  lifecycle {
    prevent_destroy = false
  }

  root_block_device {
    volume_size = ..
    delete_on_termination = ..
  }

  volume_tags = ..

  depends_on = ["aws_network_interface.nic"]
  network_interface {
    network_interface_id = "${aws_network_interface.nic.*.id[count.index]}"
    device_index = 0
  }

  tags = ..
}

Debug Output

module.vm.aws_instance.vm: Still creating... (10s elapsed)
2017/08/23 03:31:55 [ERROR] root.vm: eval: *terraform.EvalApplyPost, err: 1 error(s) occurred:

* aws_instance.vm: Error waiting for instance (i-xxx) to become ready: Failed to reach target state. Reason: Server.InternalError: Internal error on launch
2017/08/23 03:31:55 [ERROR] root.vm: eval: *terraform.EvalSequence, err: 1 error(s) occurred:

* aws_instance.vm: Error waiting for instance (i-xxx) to become ready: Failed to reach target state. Reason: Server.InternalError: Internal error on launch
2017/08/23 03:31:55 [TRACE] [walkApply] Exiting eval tree: module.vm.aws_instance.vm
2017/08/23 03:31:55 [DEBUG] dag/walk: upstream errored, not walking "provider.aws (close)"
Error applying plan:

1 error(s) occurred:

* module.vm.aws_instance.vm: 1 error(s) occurred:

* aws_instance.vm: Error waiting for instance (i-xxx) to become ready: Failed to reach target state. Reason: Server.InternalError: Internal error on launch

Terraform does not automatically rollback in the face of errors.
Instead, your Terraform state file has been partially updated with
any resources that successfully completed. Please address the error
above and apply again to incrementally change your infrastructure.

Expected Behavior

The Instance should be created

Actual Behavior

The instance creation with primary nic with multiple ips works for private ip count as 1 but if i enter say 2 or 3 private ip count it fails.

Error: Reason: Server.InternalError: Internal error on launch (in terminal and in aws instance section also.)

Steps to Reproduce

I referred to https://www.terraform.io/docs/providers/aws/r/instance.html the Network Interfaces section.

[nhoughto]

This seems to work for me via element() rather than thing[count.index]

[alencar]

This is a bit old, but I just went through the same problem and I want to share how I managed to fix it.

aws_network_interface resource documentation is a bit unhelpful here, as it does not clear states that private_ips_count means secondary private ips, instead of the total count.

Since instances have different limits of IP's per interface, people will encounter this errors with different number of IPs and instance types.

The following code will result in an ENI with 3 private IP address instead of two. This is because there will be always one primary IP. The parameter private_ips_count should be better documented to inform about the default primary IP or better yet, match AWS API name secondary_private_ip_address_count or secondary_private_ips_count.

resource "aws_network_interface" "three-private-ips" {
...
private_ips_count = 2
...
}

If you want to define using pre-existing allocations, you can use private_ips, the first address will be the primary one. The code below will produce an ENI with 3 private IPs, where 1.1.1.100 is the primary one.

resource "aws_network_interface" "three-private-ips" {
...
private_ips = ["1.1.1.100", "1.1.1.2", "1.1.1.3"]
...
}

[jpbuecken]

Reason: Server.InternalError: Internal error on launch

This message from the AWS API is misleading, please try with a instance type that support your number of ips.
See https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/using-eni.html

Assume the following:
You have private_ips_count = "2". This means you create an interface with 3 IPs ( a primary, 2 secondary as described by alencar)

But as instance type you use t2.micro which support 2 IPs.
Now you want to use the interface with 3 IPs to create a vm with instance type that allows ony 2 ips-> Internal API Error because limits does not fit

I can reproduce the issue with terraform 0.12.3 and this example
Working: t2.medium
Not working: t2.micro

resource "aws_network_interface" "nic" {
  subnet_id         = "subnet-123456"
  private_ips_count = "2"
}

resource "aws_instance" "vm" {
  ami           = "ami-123456"
  instance_type = "t2.micro"

  root_block_device {
    volume_size           = "10"
    delete_on_termination = true
  }

  network_interface {
    network_interface_id = "${aws_network_interface.nic.id}"
    device_index         = 0
  }
}

[github-actions]

Marking this issue as stale due to inactivity. This helps our maintainers find and focus on the active issues. If this issue receives no comments in the next 30 days it will automatically be closed. Maintainers can also remove the stale label.

If this issue was automatically closed and you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thank you!

[YakDriver]

For future travelers, please see #17846.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.