We have an EC2 bastion host running in an ASG - Autoscaling group. I have added 2 “Scheduled Actions” - [shutdown and startup] - in the ASG to efficiently used the host, e.g. scale down to zero during non-working hours.
The scheduled actions are all fine, but the problem is that when the bastion host terminates as per the shutdown schedule and again when it comes back as per the startup schedule, it gets assigned a new/different Public IP. With a new Public IP the problem is that the users have to change the DNS/IP in their putty clients every time they need to make an SSH connection. This is not good!
I then adjusted my Terraform to assign an EIP to the Bastion ASG instance. I could not find a straight forward way to do it other than through the AWS cli as per this article and a similar explanation at a couple of other sources too.
However, even after applying the changes as explained in this article, unfortunately, I am still unable to assign/associate an EIP to my ASG instance that would stick/stay the same when my instance comes up again.
Has anyone addressed a similar problem and have some pointers solutions for it?
[code]
resource "aws_launch_configuration" "bastion-host" {
##
count = var.deploy_bastion ? 1 : 0
name_prefix = var.bastion_host_launch_configuration_name
image_id = var.amis[var.aws_region]
instance_type = var.bastion_host_instance_type
key_name = aws_key_pair.public_key.key_name
security_groups = [aws_security_group.bastion-host[count.index].id]
##
associate_public_ip_address = true
#root_block_device {
# delete_on_termination = false
# volume_size = 10
# volume_type = "gp2"
#}
user_data = <<EOF
#cloud-config
runcmd:
- aws ec2 wait instance-running --instance-id $(curl http://169.254.169.254/latest/meta-data/instance-id)
- aws ec2 associate-address --instance-id $(curl http://169.254.169.254/latest/meta-data/instance-id) --allocation-id ${aws_eip.bastion-host.id} --allow-reassociation
EOF
}
resource "aws_eip" "bastion-host" {
vpc = true
}
resource "aws_autoscaling_group" "bastion-host" {
##
count = var.deploy_bastion ? 1 : 0
name = var.bastion_host_autoscaling_group_name
vpc_zone_identifier = [var.dxyz_eks_public_subnet_1, var.dxyz_eks_public_subnet_2]
launch_configuration = aws_launch_configuration.bastion-host[count.index].name
min_size = var.deploy_bastion ? 1 : 0
max_size = var.deploy_bastion ? 2 : 0
health_check_grace_period = 300
health_check_type = "EC2"
force_delete = true
tag {
key = "Name"
value = var.bastion_host_autoscaling_group_tag_name
propagate_at_launch = true
}
}
# Stop all instances each weekday at 8pm
resource "aws_autoscaling_schedule" "bastions-host-weekdays-shutdown" {
count = var.deploy_bastion ? 1 : 0
scheduled_action_name = "bastions-host-weekdays-shutdown"
min_size = 0
max_size = 0
desired_capacity = 0
recurrence = var.bastion_host_autoscaling_weekdays_shutdown_schedule #"00 20 * * MON-FRI"
autoscaling_group_name = aws_autoscaling_group.bastion-host[count.index].name
}
# Startup 1 instance each weekday at 7am
resource "aws_autoscaling_schedule" "bastions-host-weekdays-startup" {
count = var.deploy_bastion ? 1 : 0
scheduled_action_name = "bastions-host-weekdays-startup"
min_size = var.deploy_bastion ? 1 : 0
max_size = var.deploy_bastion ? 2 : 0
desired_capacity = 1
recurrence = var.bastion_host_autoscaling_weekdays_startup_schedule #"00 07 * * MON-FRI"
autoscaling_group_name = aws_autoscaling_group.bastion-host[count.index].name
}
[/code]
When I look at the Auto Scaling Launch Configuration under User data on the AWS webconsole, it shows as:
#cloud-config
runcmd:
- aws ec2 wait instance-running --instance-id $(curl http://169.254.169.254/latest/meta-data/instance-id)
- aws ec2 associate-address --instance-id $(curl http://169.254.169.254/latest/meta-data/instance-id) --allocation-id eipalloc-035039833565d2d30 --allow-reassociation
How i am not sure if it had any impact or caused any error.
On the other hand, the ASG and all in general look fine. It is just that when the instance goes down, it gets a new IP.