Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

source_dest_check in aws_launch_configuration in terraform

Tags:

amazon-web-services

amazon-ec2

boto3

terraform

terraform-provider-aws

I am looking to make a newly launched ec2 instance with source_dest_check = disabled (by default it is enabled) from autoscaling launch configuration.

I know we can use source_dest_check = false for creating a ec2 resource , but how to achieve the same when managing the instances from ASG.

Terraform is not accepting below with (source_dest_check = false) , any other alternative to achieve this ?

can I achieve this from user data?

resource "aws_launch_configuration" "launchconfig" {
  name_prefix          = "bastion-"
  image_id             = "${data.aws_ami.amazon-linux-2.id}"
  instance_type        = "${var.instance_type}"
  placement_tenancy    = "default"
  enable_monitoring    = true
  #source_dest_check    = false
  security_groups      = ["${aws_security_group. security_group.id}"]
  iam_instance_profile = "${aws_iam_instance_profile.instance_profile.name}"
  key_name             = "${var. pem_key}"

  #Include user-data
  user_data = "${element(data.template_file.user_data.*.rendered, count.index)}"

  lifecycle {
    create_before_destroy = true
  }
}
like image 737
rkj Avatar asked Sep 06 '25 16:09

rkj

1 Answers

According to Terraform documentation, source destination check (source_dest_check) is not supported for aws_launch_configuration resource type, it is only supported for aws_instance resource which is not really helpful in this case.

You can use user-data as a dirty workaround. First, you will need to fetch instance id from instance's metadata.

EC2_INSTANCE_ID="`wget -q -O - http://169.254.169.254/latest/meta-data/instance-id`"

then you can use ec2 cli to disable source-destination check for this particular instance.

aws ec2 modify-instance-attribute --no-source-dest-check --instance-id $EC2_INSTANCE_ID --region <REGION-WHERE-EC2-INSTANCE-IS-LAUNCHED>

Note that EC2 instance will need to have proper role attached to it so that it can make the call. Include this statement in the EC2 instance role's permissions.

{
    "Sid": "Allow Source-Dest check modification",
    "Effect": "Allow",
    "Action": "ec2:ModifyInstanceAttribute",
    "Resource": "*"
}
like image 199
Matus Dubrava Avatar answered Sep 08 '25 23:09

Matus Dubrava
Sign in to Comment

Related questions

terraform apply reporting backend configuration error with S3 after terraform init & terraform plan worked successfully
How do I setup an alarm for CloudFront from CloudWatch in a CloudFormation yaml template?
How do I get User To Show Up AWS IAM Identity Center Under AWS Accounts?
What is the best way to query the following file systems for a specific file system ID?
AWS Elasticsearch Service IAM Role based Access Policy
Error: Cannot find module 'index'\nRequire stack:\n- /var/runtime/index.mjs
Why is my lambda function not working as expected?
ECS Fargate starts on a different IP on a new task - how to manage it? [closed]
how to query for greater than sort key in dynamodb with boto3
How to export PostgreSQL logs of a RDS instance in CloudFormation to CloudWatch?
Trigger Kubernetes job from AWS Lambda
Use Route53 template in cloudformation with Cloudfront
Project Euler #2 in "Python"
Cross-Account ECS Deployment
Can we downgrade from a IO1 SSD to a GP2 SSD ebs volume in AWS?
Aws Lambda: Python function with Pandas dependency
How to handle a sudden spike in web traffic during Autoscaling
DynamoDB - Newly put items are not reflecting in scan
How can I use different error configurations for two CloudFront behaviors?
dynamodb pipe object to pandas dataframe

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!