Terraform: EIP association issues with lifecycle create_before_destroy

Quick update here. I was able to get this working by removing the aws_eip_association and doing the association directly in aws_eip:

resource "aws_eip" "eip" {
    count = "${var.node_count}"
    vpc = true
    instance = "${element(aws_instance.mysql.*.id, count.index)}"
    associate_with_private_ip = "${element(aws_instance.mysql.*.private_ip, count.index)}"

    lifecycle {
        create_before_destroy = "true"
    }
}

resource "aws_instance" "mysql" {
    count = "${var.node_count}"
    availability_zone = "${element(split(",", var.availability_zones), count.index)}"
    ami = "${element(split(",", var.ami_id), count.index)}"
    instance_type = "${var.instance_type}"
    vpc_security_group_ids = ["${aws_security_group.mysql.id}"]
    subnet_id = "${element(split(",", var.subnet_id), count.index)}"
    key_name = "${var.key_name}"

    lifecycle {
        create_before_destroy = "true"
    }
}

Still think original config is valid and should probably allow a soft fail when it loses its association. This would allow it to still succeed when an association is lost.

For now the workaround is fine for me, but i was planing to move EIP creation out of this module and _only_ perform the association.

I'm facing a similar issue. aws_eip_association needs some lifecycle logic added to it. Currently, I have already created the EIP resources and mapped them to the aws_eip_association resource. I want to be able to rebuild my aws_instance using the create_before_destroy and keep my EIP association until the new instance comes up.

My config is simple:

resource "aws_eip_association" "eip-assoc-1" {
  instance_id = "${aws_instance.redirect-service-1.id}"
  allocation_id = "eipalloc-somethang"
  lifecycle {
    create_before_destroy = "true"
  }
}

resource "aws_instance" "redirect-service-1" {
  instance_type = "t2.micro"
  ami = "${var.aws_ami}"
  key_name = "${var.key_name}"

  # Public Subnet
  subnet_id = "subnet-98334db2"

  # Our Security group to allow HTTP(S) and SSH access
  vpc_security_group_ids = ["${aws_security_group.redirect-service-sg.id}"]

  lifecycle {
    create_before_destroy = "true"
  }
}

Any chance of this getting addressed? It seems like a valid use case, and the current implementation can lead to a Terraform state being totally broken/unusable (I’m currently dealing with this).

Same here utilizing Terraform v0.7.2 as well.
Seems like the EIP does initially get associated but the error message is noted (* aws_eip_association.eip_assoc: Unable to find EIP Association: eipassoc-xxxxxx) and any other terraform plan/apply will bark and not allow to be attempted.

Hi all

Apologies this is causing issues for you. I have just managed to fix this error up - I am currently running tests and will submit a PR. It will be released as part of Terraform 0.7.5

Sorry it has taken so long to get to the error!

Paul

Strange i m still getting this on v 0.10.3

$ terraform destroy -force -target=aws_instance.biz_gocd_agent

and i get

aws_eip_association.eip_assoc: Error deleting Elastic IP association: InvalidAssociationID.NotFound: The association ID 'eipassoc-48d1bd7c' does not exist status code: 400, request id: dbd9ce3d-58e2-41ec-a627-c4d8d8815b4e

Hi on Terraform v0.10.7,
I don't know if it is a problem in my flow, or my config but I have te feeling that I have a issue that is linked to that:
I have two aws that I want to be alternatively under the one IP, for that I use two associations and I alternatively target one of them:

Config:

resource "aws_eip_association" "eip_assoc_XXX" {
    instance_id   = "${aws_instance.XXX.id}"
    allocation_id = "${aws_eip.XXX-ip.id}"
}

resource "aws_eip_association" "eip_assoc_XXX2" {
    instance_id   = "${aws_instance.XXX.id}"
    allocation_id = "${aws_eip.XXX-ip.id}"
}
resource "aws_instance" "XXX" {
        ami = "ami-af0fc0c0"
    instance_type = "t2.small"
}
resource "aws_instance" "XXX2" {
        ami = "ami-af0fc0c0"
    instance_type = "t2.small"
}

Actions:

#bring up the first instance
terraform apply -target=aws_instance.XXX
terraform apply -target=aws_eip_association.eip_assoc_XXX

#bring up the second instance
terraform apply -target=aws_instance.XXX2

#switch the IP
terraform apply -target=aws_eip_association.eip_assoc_XXX2

#destroy the previous instance
terraform apply destroy -target=aws_eip_association.eip_assoc_XXX

-->  Error deleting Elastic IP association: InvalidAssociationID.NotFound: The association ID 'eipassoc-14ea973a' does not exist

Problem:

When allocating the ip under aws_eip_association.eip_assoc_XXX2, it doesn't record the aws_eip_association.eip_assoc_XXX one as been deleted. Hence when I destroy the XXX instance, it doesn't find the aws_eip_association.eip_assoc_XXX and breaks.

Hope that is clear enough...

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.