AWS: add ssh key, check fingerprint and add to Terraform

1. Generate key

ssh-keygen -t rsa -b 4096 -C "<email address>"

File name: /home/dir/.ssh/file-name_id_rsa

 

2. Upload

AWS Dashboard > EC2 > Key Pairs > Upload

 

You can check the fingerprint with:

openssl rsa -in path_to_private_key -pubout -outform DER | openssl md5 -c

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-key-pairs.html#verify-key-pair-fingerprints

It’s important to use the correct openssl command. There are 2 separate commands – one for an AWS generated key and the second for a key you upload.

 

3. add the key_name to Terraform

e.g. a launch configuration:

https://www.terraform.io/docs/providers/aws/r/launch_configuration.html

 

4. ssh in with

ssh -i ~/.ssh/<new-key> ec2-user@<public ip>

If you’re unable to connect make sure you’ve got port 22 open on the EC2 instance Security Group.

E.g. Inbound rule:

e.g.
 

AWS EKS: An error occurred (ResourceNotFoundException) when calling the DescribeCluster operation: No cluster found for name

Following along to https://github.com/terraform-providers/terraform-provider-aws/tree/master/examples/eks-getting-started

I deployed and then ran:

aws eks update-kubeconfig --name terraform-eks-demo

to get:

An error occurred (ResourceNotFoundException) when calling the DescribeCluster operation: No cluster found for name: terraform-eks-demo.

I can see the cluster so why is this happening?

 

Let’s try listing the clusters.

aws eks list-clusters

Docs say:

Lists the Amazon EKS clusters in your AWS account in the specified Region.

so let’s specify the Region:

so perhaps it’s our default region that’s the issue however that says:

but our  ~/.aws/credentials says:

Odd that there was a region in the credentials file. It’s usually seen in the config.

Deleting it fixed the issue so the credentials file must have overridden the config file.

https://docs.aws.amazon.com/cli/latest/userguide/cli-config-files.html

https://docs.aws.amazon.com/cli/latest/reference/eks/list-clusters.html

 

 

Terraform: EKS cluster – aws_eks_cluster.demo: error creating EKS Cluster: InvalidParameterException: Error in role params

The code I used:

https://github.com/terraform-providers/terraform-provider-aws/tree/master/examples/eks-getting-started

The first few times were fine. Then, on the third terraform apply, I got:

No idea what the issue was but deleting .terraform fixed the problem.

 

 

AWS: reliable? It ain’t!

Let me caveat that.

There’s some idea that stuff is bulletproof once on AWS. It’s not.

AWS has internal issues as do any provider. E.g. network problems (remember that S3 EOF bug?), disk drives failing (Retirement Notifications anyone?), etc

On top of that, stuff will hit internal inconsistencies. E.g. you have an ASG which tries to launch an EC2 instance only to fail ‘cos you’ve reached your limit for that particular type of EC2 instance.

But you can build around it in your app with Error Retries and Exponential Backoffs (techniques probably more familiar to mobile developers):

https://docs.aws.amazon.com/general/latest/gr/api-retries.html

 

E.g. here’s a solution Terragrunt uses: https://github.com/gruntwork-io/terragrunt/blob/master/README.md#auto-retry

terraform state: how do you show an instance with a count?

Say we have an instance which has been built with a count.

After downloading the JSON state file from S3 (assuming you’re hosting it remotely) then you can look in the state file for this resource using:

terraform show ~/Downloads/terraform-state-file.json | less

Assuming it’s called my-instance you can search for it and you’ll find:

aws_instance.my-instance.0:

and

aws_instance.my-instance.1:

etc.

So, let’s say you want to taint this resource. Let’s try show initially on it as it’s non-destructive so:

tf state show aws_instance.my-instance.0

But this gives:

Error filtering state: Error parsing address ‘aws_instance.my-instance.0’: Unexpected value for InstanceType field: “0”

Please ensure that all your addresses are formatted properly.

Using my-instance[0]does not work.

 

You need to specify the instance using:

//TODO

 

Terraform: Error configuring the backend “s3”: RequestError: send request failed caused by: Post https://sts.amazonaws.com/: EOF

I recently got this when doing a terragrunt init(i.e. basically a terraform init):

Initializing the backend…

Error configuring the backend “s3”: RequestError: send request failed
caused by: Post https://sts.amazonaws.com/: EOF

Please update the configuration in your Terraform files to fix this error.
If you’d like to update the configuration interactively without storing
the values in your configuration, run “terraform init”.

Could be related to this?

https://github.com/hashicorp/terraform/issues/10779

Running it a second time was successful.

Here’s what happened when I repeated it 10 times:

1x

Error loading state: RequestError: send request failed
caused by: Get https://<s3 bucket name>.s3-us-west-2.amazonaws.com/?prefix=env%3A%2F: net/http: TLS handshake timeout

1x

Error loading state: RequestError: send request failed
caused by: Get https://<s3 bucket name>.s3-us-west-2.amazonaws.com/?prefix=env%3A%2F: EOF

8x

Terraform has been successfully initialized!

 

Curiously, I then ran it 100 times with no Errors.