Terraform-provider-aws: plan fails with "Password data is blank for instance ID" if password_data is blank

Created on 1 May 2018  路  10Comments  路  Source: hashicorp/terraform-provider-aws

I've encountered a situation where I seem to be "stuck" and can't do any terraform plans due to the ec2/GetPasswordData failing. I initially had get_password_data of a Windows EC2 Instance set to true. The current AMI does not support getting the password, but even if I change get_password_data to false, terraform plan will fail with the following error:

aws_instance.windows_instance: aws_instance.windows_instance: Password data is blank for instance ID: i-027d0bca13295f548

Is there anyway to move forward from this situation? I can't seem to destroy the instances either, due to terraform plan failing.

Terraform Version

Terraform version: v0.11.7

Affected Resource(s)

  • aws_instance

Terraform Configuration Files

resource "aws_instance" "windows_instance" {
  ami = "${data.aws_ami.windows_full.id}" // original
  # ami = "ami-99328be6" // change to this before second apply
  instance_type = "t2.nano"
  key_name = "${var.key_pair_name}"
  tags = {
    "Name" = "windows-test"
  }
  vpc_security_group_ids = ["${aws_security_group.windows_security.id}"]
  subnet_id = "${var.public_subnet_id}"
  get_password_data = true
}

See full setup

Debug Output

https://gist.github.com/droberts84/acbc94ab8cfd925dd468a9c29215b216#file-tf_logs-txt

Expected Behavior

terraform plan or terraform apply is successful with a blank password_data attribute

Alternatively it would be acceptable if the error went away by specifying get_password_data = false

Actual Behavior

terraform plan or terraform apply fail with error:

aws_instance.windows_instance: aws_instance.windows_instance: Password data is blank for instance ID: i-027d0bca13295f548

Steps to Reproduce

  1. terraform apply
  2. Create an AMI of the machine
  3. Change aws_instance.windows_instance.ami to newly created AMI
  4. terraform apply.
  5. Apply is carried out, but terraform ends with error
  6. terraform plan seems to fail no matter what you do after this
bug servicec2
Source
picture drobtravels
👍5

Most helpful comment

Running into the same issue.

picture sykesjs on 23 Jul 2018
👍5

All 10 comments

Running into the same issue.

sykesjs picture sykesjs on 23 Jul 2018
👍5

I found that this works: Edit the terraform.tfstate file to change the "get_password_data" attribute to "false" on that instance. Then run the terraform plan again. It should proceed without error.

laustintime picture laustintime on 4 Oct 2018
👍3

thats not really a solution if you need the windows password though

saargrin picture saargrin on 12 Jun 2019
👍1

I have similar issue and i am receiving this error at the end of creation phase with terraform:
Password data is blank for instance ID.

Worth to mention that I had output key-value for receiving password at the end.

Ali-TW-London picture Ali-TW-London on 12 Nov 2019
👍2

I found that this works: Edit the terraform.tfstate file to change the "get_password_data" attribute to "false" on that instance. Then run the terraform plan again. It should proceed without error.

Didn't work for me. Still getting the same error.

mrvladis picture mrvladis on 31 May 2020

Did anyone find a solution to this? I only get this error when using a CIS hardened image the I prep with packer.

mo1090 picture mo1090 on 3 Jul 2020

Having the same issue

davidlbyrne picture davidlbyrne on 10 Aug 2020
👍1

My issue was caused by the local administrator account being renamed, which is a checklist on the CIS benchmark. It is a really dumb security item. As the admin always shows a -500 SID. I added this to the beginning of my startup script.

$500=Get-LocalUser | Where-Object {$_.SID -Like "*-500"}
echo $500.Name
Rename-LocalUser -Name $500.Name -NewName "Administrator"

mo1090 picture mo1090 on 10 Aug 2020

The issue @davidlbyrne was experiencing was also experienced by me. The way I fixed this issue was by providing a key pair resource.

mardinyadegar picture mardinyadegar on 11 Aug 2020

Getting the same issue here, terraform state became poisoned, unable to plan, apply, destroy, locking state.. using remote state only solution was:

terraform state pull > backup.tfstate

Edit to as mentioned by @laustintime

"get_password_data": false,

terraform state push -lock=false backup.tfstate

My goal was to destroy resources after first creation failure, so I can focus on the reason why it fails on the first place, so by now, synced tf files with the edited plan and:

terraform destroy -lock=false

Using the following versions:


Terraform v0.13.5
+ provider registry.terraform.io/hashicorp/aws v3.16.0
Ilhicas picture Ilhicas on 23 Nov 2020
Was this page helpful?
0 / 5 - 0 ratings

Related issues

hashibot picture hashibot  路  3Comments
hashibot picture hashibot  路  3Comments
hazmeister picture hazmeister  路  3Comments
modax picture modax  路  3Comments
hashibot picture hashibot  路  3Comments