Issue creating ec2 with terraform

theoneakta · June 2, 2023, 6:05pm

I can authenticate no problem but when creating the plugin errors out

i have debug mode on:

Error: reading EC2 AMIs: UnauthorizedOperation: You are not authorized to perform this operation.
│       status code: 403, request id: 7e39745e-f209-4fbb-ba6f-4ddd15f80259
│
│   with data.aws_ami.centos-7,
│   on admd1-diad-tt01.tf line 17, in data "aws_ami" "centos-7":
│   17: data "aws_ami" "centos-7" {
│
╵
2023-06-02T14:00:12.767-0400 [TRACE] statemgr.Filesystem: removing lock metadata file .terraform.tfstate.lock.info
2023-06-02T14:00:12.768-0400 [TRACE] statemgr.Filesystem: unlocking terraform.tfstate using fcntl flock
2023-06-02T14:00:12.771-0400 [DEBUG] provider.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = error reading from server: EOF"2023-06-02T14:00:12.780-0400 [DEBUG] provider: plugin process exited: path=.terraform/providers/registry.terraform.io/hashicorp/aws/4.67.0/linux_amd64/terraform-provider-aws_v4.67.0_x5 pid=9093
2023-06-02T14:00:12.780-0400 [DEBUG] provider: plugin exited

here is what i am creating and the role has all resource access

terraform {
  required_providers {
    aws = {
      source  = "hashicorp/aws"
      version = "~> 4.0"
    }
  }
}  

provider "aws" {
      region  = "us-east-1"
      # profile = "cops"

}

# CentOS 7
data "aws_ami" "centos-7" {
owners      = ["679593333241"]
most_recent = true

  filter {
      name   = "name"
      values = ["CentOS Linux 7 x86_64 HVM EBS *"]
  }

  filter {
      name   = "architecture"
      values = ["x86_64"]
  }

  filter {
      name   = "root-device-type"
      values = ["ebs"]
  }
}


resource "aws_instance" "tt01" {
  ami                         = data.aws_ami.centos-7.id
  associate_public_ip_address = true
  availability_zone           = "us-east-1c"
  disable_api_termination     = "true"
  ebs_optimized               = true
  instance_type               = "t2.medium"
  ipv6_addresses              = []
  key_name                    = "p8953"
  monitoring                  = false
  source_dest_check           = true
  subnet_id                   = "subnet-0139e79a8a3cdee6d"
  tags = {
    "cops_type"     = "tt"
    "cops_env"      = "admd1-diad"
    "cops_hostname" = "adm1-diad-tt01"
    "cops_group"    = "p"
    "Name"          = "adm1-diad-tt01"
  }
  root_block_device {
    delete_on_termination = false
    encrypted             = false
    volume_size           = 100
    volume_type           = "gp2"
  }

  timeouts {}

  lifecycle {
    ignore_changes = [
      user_data
    ]
  }
}
resource "aws_security_group" "allow_ports_ingress_teleport" {
  name        = "allow_proxy_teleport"
  description = "Allow teleport inbound traffic"
  #   vpc_id      = aws_vpc.main.id



  ingress {
    description = "Proxy teleport"
    from_port   = 3025
    to_port     = 3025
    protocol    = "tcp"
  }

  egress {
    from_port        = 0
    to_port          = 0
    protocol         = "-1"
    cidr_blocks      = ["0.0.0.0/0"]
    ipv6_cidr_blocks = ["::/0"]
  }

  tags = {
    Name = "allow_proxy_teleport"
  }

}

apparentlymart · June 3, 2023, 12:34am

Hi @theoneakta,

Unfortunately it’s hard to debug access-related issues remotely because folks participating in this forum can’t see the details of how you have things set up.

For that reason in this case I would suggest contacting AWS support and sharing with them the request ID from the error message (7e39745e-f209-4fbb-ba6f-4ddd15f80259). The AWS support team can use that to access internal debugging information that will hopefully allow them to give you specific advice on what happened here.

theoneakta · June 3, 2023, 1:54am

Ok thanks

I will do thay