r/aws_launch_template: Multiple fixes

[gordonbondon]

Commits fix various stuff i've encountered while using this resource:

• documented that user_data should be base64 encrypted, otherwise you get this:

InvalidUserData.Malformed: Invalid BASE64 encoding of user data.

• Fix iops check, if not set in terraform it was set to 0 in template causing error when launching instance from template:

The parameter iops is not supported for gp2 volumes.

• Set that iam arn conflicts with iam name. If set togather you get this when launching instance:

'iamInstanceProfile.name' may not be used in combination with 'iamInstanceProfile.arn'

• Set ConflictsWith for security_group_names and vpc_security_group_ids. Docs say that You cannot specify both a security group ID and security name in the same request. and you can get this error when trying to launch instance from template in non-default VPC:

'The parameter groupName cannot be used with the parameter subnet'

• Add some validators to attributes

Tests:

vaulted -n my -- make testacc TEST=./aws TESTARGS='-run=TestAccAWSLaunchTemplate_'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -run=TestAccAWSLaunchTemplate_ -timeout 120m
=== RUN   TestAccAWSLaunchTemplate_importBasic
--- PASS: TestAccAWSLaunchTemplate_importBasic (24.06s)
=== RUN   TestAccAWSLaunchTemplate_importData
--- PASS: TestAccAWSLaunchTemplate_importData (22.25s)
=== RUN   TestAccAWSLaunchTemplate_basic
--- PASS: TestAccAWSLaunchTemplate_basic (20.07s)
=== RUN   TestAccAWSLaunchTemplate_data
--- PASS: TestAccAWSLaunchTemplate_data (19.96s)
=== RUN   TestAccAWSLaunchTemplate_update
--- PASS: TestAccAWSLaunchTemplate_update (35.79s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	122.487s

[bflad]

Does EC2 Base64 decode this automatically?

[gordonbondon]

Yep. It even shows plain text in AWS console

[bflad]

Interesting -- we've needed to implement this as a separate attribute (user_data_base64) for it to work in other places. Usually Terraform shows a difference due to the API returning it differently depending on whether its Base64 or not.

[bflad]

An easy way to verify this is with https://www.terraform.io/docs/providers/template/d/cloudinit_config.html with gzip and base64_encode enabled.

[gordonbondon]

Well, from docs https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_RequestLaunchTemplateData.html launch template accepts only base64 . So you will need to use base64encode interpolation when providing it. I can probably add this to examples

[bflad]

Great find! 👍

[gordonbondon]

Fixed some additional issues. After this I was finally able to launch ASG with template created by this resource.

New Fixed:

• Using launch template in ASG requires network_interface device_index to be 0. Previously it was not set in template. Relevant docs. When launching ASG error was:

ValidationError: You must use a valid fully-formed launch template. Each network interface requires a device index.

• Security groups for network_interface were not set
• ipv6_address_count and ipv4_address_count are separate fields and should not be set together with ipv6_addresse and ipv4_addresses respectively. Docs. Error before fix when launching ASG was:

Value (0) for parameter secondaryPrivateIpAddressCount is invalid. Value must be a positive number.

• Add link for ASG with Launch template limitations. It helped me to get this working a lot.

Plus some additional checks in acc tests. New test results:

→ vaulted -n my -- make testacc TEST=./aws TESTARGS='-run=TestAccAWSLaunchTemplate_'
Password:
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test ./aws -v -run=TestAccAWSLaunchTemplate_ -timeout 120m
=== RUN   TestAccAWSLaunchTemplate_importBasic
--- PASS: TestAccAWSLaunchTemplate_importBasic (22.57s)
=== RUN   TestAccAWSLaunchTemplate_importData
--- PASS: TestAccAWSLaunchTemplate_importData (23.07s)
=== RUN   TestAccAWSLaunchTemplate_basic
--- PASS: TestAccAWSLaunchTemplate_basic (20.40s)
=== RUN   TestAccAWSLaunchTemplate_BlockDeviceMappings_EBS
--- PASS: TestAccAWSLaunchTemplate_BlockDeviceMappings_EBS (33.49s)
=== RUN   TestAccAWSLaunchTemplate_data
--- PASS: TestAccAWSLaunchTemplate_data (20.16s)
=== RUN   TestAccAWSLaunchTemplate_update
--- PASS: TestAccAWSLaunchTemplate_update (45.70s)
PASS
ok  	github.com/terraform-providers/terraform-provider-aws/aws	165.747s
``` @

[bflad]

I think we might want to making each fix/enhancement individual PRs. Starting to see lots of overlapping work in this resource. See also #4367 / #4364

[gordonbondon]

@bflad i'll remove my commits that overlap with others.

[gordonbondon]

Aaand done. Now this one includes stuff that were only present in my PR:

• fix for iops
• fix for address count
• add validators and conflicts with
• some docs

@bflad if you want me to split this into different PRs i can do this tomorrow.

[bflad]

Let's get this in -- thanks @gordonbondon! 🚀

6 tests passed (all tests)
=== RUN   TestAccAWSLaunchTemplate_data
--- PASS: TestAccAWSLaunchTemplate_data (7.05s)
=== RUN   TestAccAWSLaunchTemplate_basic
--- PASS: TestAccAWSLaunchTemplate_basic (7.45s)
=== RUN   TestAccAWSLaunchTemplate_importData
--- PASS: TestAccAWSLaunchTemplate_importData (8.05s)
=== RUN   TestAccAWSLaunchTemplate_importBasic
--- PASS: TestAccAWSLaunchTemplate_importBasic (9.42s)
=== RUN   TestAccAWSLaunchTemplate_update
--- PASS: TestAccAWSLaunchTemplate_update (12.38s)
=== RUN   TestAccAWSLaunchTemplate_BlockDeviceMappings_EBS
--- PASS: TestAccAWSLaunchTemplate_BlockDeviceMappings_EBS (14.46s)

[bflad]

👍 according to https://docs.aws.amazon.com/AWSEC2/latest/APIReference/API_LaunchTemplateEbsBlockDeviceRequest.html

[bflad]

This has been released in version 1.18.0 of the AWS provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. Thanks!