-
Notifications
You must be signed in to change notification settings - Fork 9.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
New resource: aws_lightsail_instance_public_ports #8611
New resource: aws_lightsail_instance_public_ports #8611
Conversation
0e801fb
to
87c6240
Compare
any updates on this? |
Updates please, having all instances stuck only allowing ports 22+80 without external intervention is a royal pain. |
I think this is very useful. I hope to be noticed by more people |
Will this be merged soon? I'm currently bound to lightsail, and manually configuring the ports has led to many bugs and broken things. Would really like to have this merged. I'm a little disappointed that it's been open for so long. |
Please merge :) This is a must have to use lightsail with terraform. |
Also worth noting that right now, any time an OS blueprint instance is recreated it will revert to the default ports of |
Hi @aeschright, this issue has 41x thumbs-ups and the code looks ready to go? |
Yes we use terraform because of it's automation capabilities. You cannot perform complete automation on lightsail instances unless you are ONLY using port 80. Since even basic websites use 443, we cannot automate certificate portion of our scripts. We must first go into GUI and open up 443. It sure doesn't feel like the terraform way ;) |
Agreed, I don't think anyone is against merging this, it's just a question of what's left to do. FYI there is an additional issue to consider when using This can be resolved by creating a small block storage volume and keeping the cert files there across reboots, unfortunately this is also not currently supported by |
Good point on the storage. That could also be handling by backing up the certs to S3 via schedule of weekly, and performing S3 sync on boot. I do like the way you are handling it better. |
For some unknown reason the Default public network ports open for specific instance images section of the documentation says that 443 is open by default for all |
@missinglink Of course, because who'd want to do any kind of SSL termination without running WordPress? |
Anyhoo, regardless of the obstacles, I'm available to help out, I have a desire and motivation to improve the Lightsail support within Terraform. |
I was able to get this to compile under # pull in latest changes from 'terraform-providers/terraform-provider-aws'
git rebase origin/master diff --git a/aws/resource_aws_lightsail_public_ports.go b/aws/resource_aws_lightsail_public_ports.go
index 752eff78e..7960dad6b 100644
--- a/aws/resource_aws_lightsail_public_ports.go
+++ b/aws/resource_aws_lightsail_public_ports.go
@@ -6,8 +6,8 @@ import (
"github.com/aws/aws-sdk-go/aws"
"github.com/aws/aws-sdk-go/aws/awserr"
"github.com/aws/aws-sdk-go/service/lightsail"
- "github.com/hashicorp/terraform/helper/schema"
- "github.com/hashicorp/terraform/helper/validation"
+ "github.com/hashicorp/terraform-plugin-sdk/helper/schema"
+ "github.com/hashicorp/terraform-plugin-sdk/helper/validation"
) |
worked perfectly with the following config: resource "aws_lightsail_public_ports" "lightsail_public_ports" {
instance_name = "lightsail_instance_name"
port_infos {
protocol = "tcp"
from_port = 22
to_port = 22
}
port_infos {
protocol = "tcp"
from_port = 80
to_port = 80
}
port_infos {
protocol = "tcp"
from_port = 443
to_port = 443
}
} |
IMO the name |
I tried changing the -/+ aws_lightsail_instance.lightsail_instance_cdn (new resource required)
...
\napt-get update -y\napt-get upgrade -y\n" (forces new resource)
username: "ubuntu" => <computed>
+ aws_lightsail_public_ports.lightsail_public_ports
id: <computed>
instance_name: "lightsail_instance_cdn"
port_infos.#: "3"
port_infos.0.from_port: "22"
port_infos.0.protocol: "tcp"
port_infos.0.to_port: "22"
port_infos.1.from_port: "80"
port_infos.1.protocol: "tcp"
port_infos.1.to_port: "80"
port_infos.2.from_port: "443"
port_infos.2.protocol: "tcp"
port_infos.2.to_port: "443"
+ aws_lightsail_static_ip_attachment.lightsail_ip_assignment_cdn
id: <computed>
instance_name: "${aws_lightsail_instance.lightsail_instance_cdn.id}"
ip_address: <computed>
static_ip_name: "lightsail_ip_cdn"
Plan: 3 to add, 0 to change, 1 to destroy. However there seems to be a race condition where maybe the ports are assigned first? I ran Terraform will perform the following actions:
+ aws_lightsail_public_ports.lightsail_public_ports
id: <computed>
instance_name: "lightsail_instance_cdn"
port_infos.#: "3"
port_infos.0.from_port: "22"
port_infos.0.protocol: "tcp"
port_infos.0.to_port: "22"
port_infos.1.from_port: "80"
port_infos.1.protocol: "tcp"
port_infos.1.to_port: "80"
port_infos.2.from_port: "443"
port_infos.2.protocol: "tcp"
port_infos.2.to_port: "443"
Plan: 1 to add, 0 to change, 0 to destroy. |
The following script can be used to compile the code for testing https://gist.github.com/missinglink/1cc17e40184ac82203d6dc26373969aa # requires golang (Im using go version go1.13.5 darwin/amd64)
./custom_provider_aws.sh This will generate the following file in -rwxr-xr-x 1 peter staff 198M Feb 12 16:39 ../.terraform.d/plugins/darwin_amd64/terraform-provider-aws_v9.00.0_x4 You can then reference that version from your configs: provider "aws" {
region = "us-east-1"
version = "~> 9.00"
} see: https://www.terraform.io/docs/extend/writing-custom-providers.html |
adding a depends_on = ["aws_lightsail_instance.lightsail_instance_cdn"] this is my first time looking at the terraform internals, anyone know of there is a way to define that dependency internally within the |
What's the latest with this? Thanks! |
Is this going anywhere? |
@mavericknsk Thank you for this PR! I will be looking at it in the near future. I may need to make some minor changes. Coordinate with me if you intend to push to this branch and make sure to pull any changes I've made. Please note that you will still receive all credit for the PR and your code. Thanks again for your interest! |
91dd2cb
to
c869f7a
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks great! 🎉
Acceptance tests on commercial (us-west-2
):
--- PASS: TestAccAWSLightsailInstancePublicPorts_multiple (46.45s)
--- PASS: TestAccAWSLightsailInstancePublicPorts_basic (54.95s)
Acceptance tests on GovCloud:
--- SKIP: TestAccAWSLightsailInstancePublicPorts_basic (1.29s)
--- SKIP: TestAccAWSLightsailInstancePublicPorts_multiple (1.29s)
This has been released in version 3.34.0 of the Terraform AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template for triage. Thanks! |
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks! |
Community Note
Fixes #700
Relates #14905
Release note for CHANGELOG:
Output from acceptance testing: