Terraform-provider-aws: Option to have no public IP address assigned in a subnet that defaults to having one assigned
_This issue was originally opened by @AlanDu50 as hashicorp/terraform#15887. It was migrated here as a result of the provider split. The original body of the issue is below._
associate_public_ip_address = false causes the instance to have a public IP address if the subnet defaults to having a public IP address assigned.
Is there a way to prevent a public IP address from being assigned without modifying or creating any new subnets?
We can do this from the AWS console, so why not from Terraform also?
Thank you.
hashibot
All 16 comments
I believe it's not an issue of the provider, but with Terraform itself. Correct me if I'm wrong.
aDu
on 23 Aug 2017
@AlanDu50 I've just hit this issue today as well. Does the console show this as IP Address Type
Only assign a public IP address to instances launched in the default VPC and subnet. (default) when you set it to false?
To confirm the issue I did aws autoscaling describe-launch-configurations using the CLI and noticed that the LCs I created using terraform didn't have "AssociatePublicIpAddress": false, they were actually missing AssociatePublicIpAddress entirely.
Is this similar to what you experienced? My guess is this is something to do with an empty value vs a false value. I think I've seen an issue for this before.
rowleyaj
on 7 Sep 2017
I'm also seeing this issue with Terraform v0.11.3 + aws provider 1.9.0
I can see the following duing a terraform apply:
aws_launch_configuration.exampleLC: Creating...
associate_public_ip_address: "" => "false"
ec2 instances then do have an public IP assigned and the launch confguration shows 'IP Address Type Only assign a public IP address to instances launched in the default VPC and subnet.'
geftactics
on 12 Feb 2018
this seems still not solved. and is opposite to the last comment. if a public gateway subnet has an option to autoassign ips to instance and we don't want to assign an ip using launch configuration of auto-scaling group"
aws_launch_configuration.test: Creating...
associate_public_ip_address: "" => "false"
this will the produce the following setting in the LC:
IP Address Type
Only assign a public IP address to instances launched in the default VPC and subnet. (default)
which to be honest doesn't look like a definite no. should be false but is at default. (and we are not talking about default vpc)
hence launched instance WILL have a public IP assigned and there is no setting to turn this off. this is still a bug.
workaround is obviously do the opposite and start with subnets NOT allowing automatic ip assignment and then force IP assignment.
styk-tv
on 4 Jul 2018
This is critical to be fixed for me. I can't believe this is still a bug for over a year now
jonjohnston
on 2 Oct 2018
I'm also having this bug, is there anyone working on a fix for that? It has been very long
zdevi
on 15 Oct 2018
This issue is biting me again, are there any updates?
shivknight
on 19 Jan 2019
Any news on this, we are fighting with the same issue, too. From a security perspective this is realy important to be solved!
TobiasOtt
on 25 Feb 2019
I'm not sure how to get this bumped into view. Seems like an easy fix, yet been hanging around for almost 2 years now.
jonjohnston
on 25 Feb 2019
+1 not sure why this hasn't happened, any updates on whether this is in the queue of things todo?
Gabelbombe
on 21 Mar 2019
Happening for me as well
hugotongal
on 9 Apr 2019
upvote for a fix too
craiglink
on 27 Jun 2019
Another +1 here.
mdinos
on 5 Aug 2019
I was able to remove public IPs from my instances by: 1. Disabling DNS Resolution (and Hostnames). Not sure about the Hostnames but I disabled it anyway. 2. Disabling "Auto-assign public IPv4" setting of the associated subnets.
In my Terraform file, I also did this:
resource "aws_default_vpc" "default" {
# Default is true, if you omit this, TF will enable it.
enable_dns_support = false
}
resource "aws_launch_configuration" "example" {
associate_public_ip_address = false
}
michael-software-engr
on 27 Sep 2019
+2
gersontpc
on 22 Nov 2019
When terraform creates the LaunchConfiguration Options it does not seem to attempt to create the parameter AssociatePublicIpAddress when the terraform option is set to false. However when set to true, the value is provided in the call to create the LaunchConfiguration is present.
When set to false, the resulting LaunchConfiguration will have the IP Address Type as _'Only assign a public IP address to instances launched in the default VPC and subnet. (default)'_ - being the default option when creating a launch configuration. The default option in the provider schema also looks to be false, but I may be misinterpurting this part.
The DEBUG log for the creation of the launch configuration - here- produced the below outputs.
When the option assoicate_public_ip_address is set to false in terraform the below output is produced.
{
BlockDeviceMappings: [{
DeviceName: "/dev/xvda",
Ebs: {
DeleteOnTermination: true,
VolumeSize: 60
}
}],
EbsOptimized: false,
ImageId: "ami-0f767afb799f45102",
InstanceMonitoring: {
Enabled: true
},
InstanceType: "t2.micro",
KeyName: "ssh-key",
LaunchConfigurationName: "launch-configuration",
SpotPrice: "0.0146"
}
When the option assoicate_public_ip_address is set to true in terraform the below output is produced. Note the presence of the _AssociatePublicIpAddress_ value in this output.
{
AssociatePublicIpAddress: true,
BlockDeviceMappings: [{
DeviceName: "/dev/xvda",
Ebs: {
DeleteOnTermination: true,
VolumeSize: 60
}
}],
EbsOptimized: false,
ImageId: "ami-0f767afb799f45102",
InstanceMonitoring: {
Enabled: true
},
InstanceType: "t2.micro",
KeyName: "ssh-key",
LaunchConfigurationName: "launch-configuration",
SpotPrice: "0.0146"
}
jarrodallan
on 15 Mar 2020
Related issues
hashibot
路
3Comments
hashibot
路
3Comments
ccslamstack
路
3Comments
EmmN
路
3Comments
hazmeister
路
3Comments
Most helpful comment
I'm also having this bug, is there anyone working on a fix for that? It has been very long