Terraform: Associating an AWS instance with a pre-allocated EIP

+1 Any update :)

Pretty sure this is actually an expression of a special case of #581, if you could "import" an existing EIP into terraform config, you'd be able to make this association normally.

This is still something we'll eventually support, but in the meantime I did want to mention that there's a workaround available, outlined here:

https://www.dark.ca/2015/01/27/handling-extant-resources-in-terraform/

Closing as a dup of #581 - feel free to follow up and/or reopen if you disagree. :ok_hand:

Well you could add the concept of an EIP_ATTACHMENT like there is for AWS_VOLUME_ATTACHMENT

+1 Jesper, I was looking for exactly this functionality due to wanting a public EIP that is known prior to building an OpenVPN server so I can provide the config file with its public facing IP in the user_data

I also would like to be able to retain a static EIP even in cases where I destroy the associated instance.

Ditto (re Gary-Armstrong)

I don't think #581 is a duplicate of this.

Like several people have mentioned , we do not want terraform to be able to release EIPs. We assign EIPs when our partners (internal or external to our company) require us to provide IP addresses to them so they can whitelist traffic from us. Thus we allocate EIPs manually and don't want to import them into our terraform config like that workaround suggests, because then terraform destroy would release them.

What we wish terraform could do is associate an existing EIP with a terraform-created instance.

I'm fine with TF managing my EIP, I just want to have them persist when the instance they are assigned to is terminated.

Ideally, I'd like to be able to attach a TF-defined EIP to a TF-defined ENI and have that ENI/EIP pair persist independently through instance termination. I do have my reasons, of course.

It would be nice if you could specify an EIP allocation id to attach to an EC2 instance upon instance creation like you can with NAT gateways.

That way you could have something like this:

project_root/
├── eip/
│   └── eip.tf
└── instance/
    └── instance.tf

eip.tf:

resource "aws_eip" "instance" {
    vpc = true
}

output "eip_id" {
  value = "${aws_eip.instance.id}"
}

instance.tf:

resource "terraform_remote_state" "remote_state" {
  backend = "s3"
  config {
    bucket = "mybucketname"
    key    = "name_of_key_file"
  }
}

resource "aws_instance" "instance" {
    ami = "ami-abcdef12"
    instance_type = "t2.micro"
    allocation_id = "${terraform_remote_state.remote_state.output.eip_id}"
    tags {
        Name = "instance"
    }
}

This enables you to destroy the instance, freeing the EIP back to the pool and then when you rebuild the instance the EIP would be re-associated. You could also, optionally, add TF deletion protection to that EIP by simply setting the lifecycle to prevent destroys against the EIP resource.

Equally, if you didn't want TF to manage the EIP at all you could simply do this:

resource "aws_instance" "instance" {
    ami = "ami-abcdef12"
    instance_type = "t2.micro"
    allocation_id = "eipalloc-12abcdef"
    tags {
        Name = "instance"
    }
}

Looking at it https://github.com/hashicorp/terraform/pull/5236 seems to provide this functionality

Yes #5236 implements this and my "manual" testing works. I just got stuck with the integration test and the PR stalled.

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.