4

I'm trying to launch an instance with the private IP address 172.31.32.101 using Terraform in my default VPC (CIDR 172.31.0.0/16), in the eu-west-1a subnet that has the CIDR 172.31.32.0/20. I can usually do this with no problem, but more and more I find that terraform apply fails with the following error:

* Error launching source instance: InvalidParameterValue: Address 172.31.32.101 does not fall within the subnet's address range
status code: 400, request id: []

I suspect that, as this works at least some of the time, it's a problem with either AWS or Terraform, but I'll admit that my knowledge of CIDR blocks (especially the /x at the end) is a bit lacking. However, I checked this subnet calculator and saw that the IP I'm passing to the instance at least should be valid.

Is AWS failing for some other reason, e.g. I'm trying to raise too many instances in too short a period of time, and Terraform is giving me the wrong error? Or is the IP I'm passing actually invalid?

EDIT - Code below:

instances.tf:

resource "aws_instance" "mgmt-jump" {
  ami = "${lookup(var.amis, var.region)}"
  instance_type = "t2.micro"
  key_name = "${var.key_pair}"
  security_groups = ["${aws_security_group.mgmt-jump-sg.name}"]
  count = "${var.mgmt_jump_count}"
  private_ip = "${lookup(var.mgmt_jump_private_ips,count.index)}"
  tags {
    Name = "mgmt-jump-${count.index+1}"
    category = "dec"
    environment = "management"
    role = "jump"
  }
}

variables.tf:

variable "region" {
  default = "eu-west-1"
}

variable "amis" {
  default = {
    # AMIs for Ubuntu 14.04
    eu-west-1 = "ami-47a23a30"
    eu-west-2 = "ami-accff2b1"
  }
}

variable "mgmt_jump_count" {
  default = "1"
}

variable "mgmt_jump_private_ips" {
  default = {
    "0" = "172.31.32.101"
    "1" = "172.31.32.102"
  }
}

EDIT 2: I ran the following command to bring up the instance with the AWS CLI, which would've successful if not for the dry run flag, so I believe that this may be a problem with Terraform.

➜  ~  aws ec2 run-instances --image-id ami-47a23a30 --private-ip-address 172.31.32.101 --instance-type t2.micro --dry-run

A client error (DryRunOperation) occurred when calling the RunInstances operation: Request would have succeeded, but DryRun flag is set.

Either way I'm not using the default VPC now, even though I'm using the same CIDR blocks as described above, and I've found that I don't encounter the problem anymore. Having said that, I'm now raising my jump host with the IP address 172.31.0.6 instead of 172.31.32.101 so that may be why I'm not encountering the problem.

scrossan
  • 43
  • 1
  • 5
  • You haven't showed us the actual code that is causing the problem. – EEAA Aug 25 '15 at 09:17
  • can you try to spawn your instance directly on AWS, without using terraform? So we could see if the problem comes from AWS or terraform. – Tom Aug 25 '15 at 14:28
  • Updated - used the aws-cli instead of aws console, though. – scrossan Aug 26 '15 at 13:13
  • 1
    Since you're not explicitly specifying subnet_id, the instance is presumably launching in your default subnet. Are you sure the default subnet is the subnet you think it is? You can make it explicit by setting subnet_id as an argument on your aws_instance, and then also changing to use "vpc_security_groups" instead of "security_groups", specifying the security group's id rather than its name. – Martin Atkins Nov 22 '15 at 22:34
  • +1 to Martin Atkins, this is usually how that error happens, the subnet isn't defined, or the subnet defined isn't in the correct vpc. – Ele Munjeli Mar 21 '16 at 22:29

1 Answers1

4

The aws_instance resource in the example does not have the subnet_id attribute provided, so the instance would launch into your account's default subnet for the target region. It's likely that the default subnet is not the one you were trying to use, and so it has a different IP address range.

To fix this, determine the appropriate subnet id and add a subnet_id attribute to your declaration, and then also switch from the security_groups attribute to the vpc_security_group_ids attribute:

resource "aws_instance" "mgmt-jump" {
  count = "${var.mgmt_jump_count}"

  ami           = "${lookup(var.amis, var.region)}"
  instance_type = "t2.micro"

  key_name      = "${var.key_pair}"
  subnet_id     = "subnet-xxxxxxx"

  vpc_security_group_ids = ["${aws_security_group.mgmt-jump-sg.id}"]

  private_ip = "${lookup(var.mgmt_jump_private_ips,count.index)}"

  tags {
    Name        = "mgmt-jump-${count.index+1}"
    category    = "dec"
    environment = "management"
    role        = "jump"
  }
}
Martin Atkins
  • 2,188
  • 18
  • 19
  • I've marked this as the answer because it is what I would do now and would have solved my problem when I posted the question. Since I posted the question 2 years ago I can't remember what I did then to fix/workaround the problem I had. – scrossan Oct 03 '17 at 18:19