Why does an aws_instance need to be replaced after downtime?

pmcevoy · January 2, 2020, 10:56am

Hi there,
I’m trying to figure out why plan is indicating that an aws_instance must be replaced after Xmas downtime.

I created the resource on 19 Dec and shut down the instances just before Xmas holidays and started again today. However now a plan is indicating that the resource must be replaced due to some detected difference on block devices and I want to understand why. The config has not changed in this time.

Here is the plan output for one of the resources - although I’ve anonymized the IDs:

  # aws_instance.instance[1] must be replaced
-/+ resource "aws_instance" "instance" {
        ami                                  = "ami-XXXXXXXXXXXXXXXXXXXX"
      ~ arn                                  = "arn:aws:ec2:eu-west-1:XXXXXXXXXXXXXXXXXXXX:instance/i-XXXXXXXXXXXXXXXXXXXX" -> (known after apply)
      ~ associate_public_ip_address          = false -> (known after apply)
      ~ availability_zone                    = "eu-west-1b" -> (known after apply)
      ~ cpu_core_count                       = 1 -> (known after apply)
      ~ cpu_threads_per_core                 = 2 -> (known after apply)
        disable_api_termination              = false
      - ebs_optimized                        = false -> null
        get_password_data                    = false
      + host_id                              = (known after apply)
        iam_instance_profile                 = "MyRole"
      ~ id                                   = "i-XXXXXXXXXXXXXXXXXXXX" -> (known after apply)
        instance_initiated_shutdown_behavior = "stop"
      ~ instance_state                       = "running" -> (known after apply)
        instance_type                        = "t3a.medium"
      ~ ipv6_address_count                   = 0 -> (known after apply)
      ~ ipv6_addresses                       = [] -> (known after apply)
        key_name                             = "MyKey"
        monitoring                           = true
      + network_interface_id                 = (known after apply)
      + password_data                        = (known after apply)
      + placement_group                      = (known after apply)
      ~ primary_network_interface_id         = "eni-XXXXXXXXXXXXXXXXXXXX" -> (known after apply)
      ~ private_dns                          = "ip-10-85-9-65.eu-west-1.compute.internal" -> (known after apply)
      ~ private_ip                           = "10.85.9.65" -> (known after apply)
      + public_dns                           = (known after apply)
      + public_ip                            = (known after apply)
      ~ security_groups                      = [] -> (known after apply)
      - source_dest_check                    = true -> null
      ~ subnet_id                            = "subnet-XXXXXXXXXXXXXXXXXXXX" -> (known after apply)
        tags                                 = {
            "Name"                      = "Rabbit 1"
            "rabbit_peer_discovery_tag" = "RabbitCluster"
        }
      ~ tenancy                              = "default" -> (known after apply)
        user_data                            = "8f79c0b72eabada4b962bd39698d9eba49324f2f"
      ~ volume_tags                          = {} -> (known after apply)
      ~ vpc_security_group_ids               = [
          - "sg-XXXXXXXXXXXXXXXXXXXX",
          - "sg-XXXXXXXXXXXXXXXXXXXX",
          - "sg-XXXXXXXXXXXXXXXXXXXX",
        ] -> (known after apply)

      - credit_specification {
          - cpu_credits = "unlimited" -> null
        }

      - ebs_block_device { # forces replacement
          - delete_on_termination = true -> null
          - device_name           = "/dev/sdc" -> null
          - encrypted             = true -> null
          - iops                  = 100 -> null
          - kms_key_id            = "arn:aws:kms:eu-west-1:XXXXXXXXXXXXXXXXXXXX:key/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -> null
          - volume_id             = "vol-XXXXXXXXXXXXXXXXXXXX" -> null
          - volume_size           = 20 -> null
          - volume_type           = "gp2" -> null
        }
      + ebs_block_device { # forces replacement
          + delete_on_termination = true
          + device_name           = "/dev/sdc"
          + encrypted             = true
          + iops                  = (known after apply)
          + kms_key_id            = (known after apply)
          + snapshot_id           = (known after apply)
          + volume_id             = (known after apply)
          + volume_size           = 20
          + volume_type           = "gp2"
        }
      - ebs_block_device { # forces replacement
          - delete_on_termination = true -> null
          - device_name           = "xvdb" -> null
          - encrypted             = true -> null
          - iops                  = 100 -> null
          - kms_key_id            = "arn:aws:kms:eu-west-1:XXXXXXXXXXXXXXXXXXXX:key/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -> null
          - snapshot_id           = "snap-XXXXXXXXXXXXXXXXXXXX" -> null
          - volume_id             = "vol-XXXXXXXXXXXXXXXXXXXX" -> null
          - volume_size           = 6 -> null
          - volume_type           = "gp2" -> null
        }

      + ephemeral_block_device {
          + device_name  = (known after apply)
          + no_device    = (known after apply)
          + virtual_name = (known after apply)
        }

        network_interface {
            delete_on_termination = false
            device_index          = 0
            network_interface_id  = "eni-XXXXXXXXXXXXXXXXXXXX"
        }

      ~ root_block_device {
            delete_on_termination = true
            encrypted             = true
          ~ iops                  = 100 -> (known after apply)
          ~ kms_key_id            = "arn:aws:kms:eu-west-1:XXXXXXXXXXXXXXXXXXXX:key/xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx" -> (known after apply)
          ~ volume_id             = "vol-XXXXXXXXXXXXXXXXXXXX" -> (known after apply)
          ~ volume_size           = 8 -> (known after apply)
          ~ volume_type           = "gp2" -> (known after apply)
        }
    }

pmcevoy · January 2, 2020, 11:04am

For what it’s worth, this is the config:

resource "aws_instance" "instance" {
  count = var.rabbit_instance_count

  ami                                  = data.aws_ami.latest_linux.image_id
  instance_type                        = var.rabbit_instance_type
  disable_api_termination              = var.environment_termination_protection
  instance_initiated_shutdown_behavior = "stop"
  key_name                             = var.environment_instance_keypair_name
  monitoring                           = "true"
  iam_instance_profile                 = aws_iam_instance_profile.profile.name

  #Note, subnet and security groups are derived from the network interface
  network_interface {
    network_interface_id = aws_network_interface.ein[count.index].id
    device_index = 0
  }

  user_data = data.template_file.setup.rendered

  tags = {
    Name = "${local.name} ${count.index}"
    rabbit_peer_discovery_tag = local.peer_discovery_tag
  }

  root_block_device {
    encrypted    = true
  }

  #Add a persistent data volume.  We'll mount this under /data
  ebs_block_device {
    device_name  = "/dev/sdc" #sdb is the swap drive
    volume_size  = 20
    volume_type  = "gp2" #May need to change this to "io1" (and add iops) pending perf test
    encrypted    = true
  }
}