Hi,
I am following the examples here
I am trying out the FARGATE version
Here is my main.tf
# https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/batch_compute_environment
provider "aws" {
region = "ca-central-1"
}
resource "aws_iam_role" "ecs_instance_role" {
name = "ecs_instance_role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "ec2.amazonaws.com"
}
}
]
}
EOF
}
resource "aws_iam_role_policy_attachment" "ecs_instance_role" {
role = aws_iam_role.ecs_instance_role.name
policy_arn = "arn:aws:iam::aws:policy/service-role/AmazonEC2ContainerServiceforEC2Role"
}
resource "aws_iam_instance_profile" "ecs_instance_role" {
name = "ecs_instance_role"
role = aws_iam_role.ecs_instance_role.name
}
resource "aws_iam_role" "aws_batch_service_role" {
name = "aws_batch_service_role"
assume_role_policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "sts:AssumeRole",
"Effect": "Allow",
"Principal": {
"Service": "batch.amazonaws.com"
}
}
]
}
EOF
}
resource "aws_iam_role_policy_attachment" "aws_batch_service_role" {
role = aws_iam_role.aws_batch_service_role.name
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSBatchServiceRole"
}
resource "aws_security_group" "sample" {
name = "aws_batch_compute_environment_security_group"
egress {
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = ["0.0.0.0/0"]
}
}
resource "aws_vpc" "sample" {
cidr_block = "10.1.0.0/16"
}
resource "aws_subnet" "sample" {
vpc_id = aws_vpc.sample.id
cidr_block = "10.1.1.0/24"
}
resource "aws_batch_compute_environment" "sample_fg" {
compute_environment_name = "sample_fg"
compute_resources {
max_vcpus = 16
security_group_ids = [
aws_security_group.sample.id
]
subnets = [
aws_subnet.sample.id
]
type = "FARGATE"
}
service_role = aws_iam_role.aws_batch_service_role.arn
type = "MANAGED"
depends_on = [aws_iam_role_policy_attachment.aws_batch_service_role]
}
output "compute_environment_arn" {
value = aws_batch_compute_environment.sample_fg.arn
}
However, I keep getting this error when I try to apply the plan
terraform apply "ce.plan"
aws_iam_role.aws_batch_service_role: Creating...
aws_vpc.sample: Creating...
aws_iam_role.ecs_instance_role: Creating...
aws_security_group.sample: Creating...
aws_iam_role.ecs_instance_role: Creation complete after 2s [id=ecs_instance_role]
aws_iam_role.aws_batch_service_role: Creation complete after 2s [id=aws_batch_service_role]
aws_iam_role_policy_attachment.ecs_instance_role: Creating...
aws_iam_role_policy_attachment.aws_batch_service_role: Creating...
aws_iam_instance_profile.ecs_instance_role: Creating...
aws_iam_role_policy_attachment.ecs_instance_role: Creation complete after 1s [id=ecs_instance_role-20211128002105430400000002]
aws_iam_role_policy_attachment.aws_batch_service_role: Creation complete after 1s [id=aws_batch_service_role-20211128002105426800000001]
aws_iam_instance_profile.ecs_instance_role: Creation complete after 1s [id=ecs_instance_role]
aws_security_group.sample: Creation complete after 3s [id=sg-0338f6da38e70f063]
aws_vpc.sample: Creation complete after 4s [id=vpc-0c26748479701b320]
aws_subnet.sample: Creating...
aws_subnet.sample: Creation complete after 1s [id=subnet-017a7540470c13e80]
aws_batch_compute_environment.sample_fg: Creating...
╷
│ Error: error waiting for Batch Compute Environment (sample_fg) create: unexpected state 'INVALID', wanted target 'VALID'. last error: CLIENT_ERROR - sg-0338f6da38e70f063 does not exist or does not belong to the same network as any of subnet-017a7540470c13e80
│
│ with aws_batch_compute_environment.sample_fg,
│ on main.tf line 80, in resource "aws_batch_compute_environment" "sample_fg":
│ 80: resource "aws_batch_compute_environment" "sample_fg" {
I got the EC2 type working so I wanted to learn the FARGATE variant but it fails.
Does anyone have a suggestion on how I might fix the error ?
Cheers