Prerequisites
- AWS Account
- Amazon EC2 instance, already created manually or with Terraform.
- Read General prerequisites for connecting to your EC2 instance [a].
- Enable inbound traffic using security group rules.
- Locate your private key and set permissions.
How to
- Create an EC2 instance in AWS with a key pair that you have access to on your local machine. Make sure you launch this instance with a security group that allows tcp on port 22 from your IP addr. Once launched, make note of your instance's Public IP (
XX.XX.XXX.XXX).
- From your terminal, connect to this instance:
ssh -i "private-key-used-to-make-ec2.cer" ec2-user@XX.XX.XXX.XXX. Once connected, make a random directory:mkdir /hello.
- In a different terminal window on your local machine, create a new directory and touch a Terraform configuration file:
mkdir test && touch test/main.tf. Configure a null_resource and remote-exec provisioner (see main.tf below). You will use this resource to run commands on your EC2 instance.
# /test/main.tf --------------------
resource "null_resource" "foo" { count = 1 connection { type = "ssh" user = "ec2-user" private_key = file("${path.module}/private-key-used-to-make-ec2.cer") host = "XX.XX.XXX.XXX" } provisioner "remote-exec" { inline = ["ls"] } provisioner "remote-exec" { when = destroy on_failure = continue inline = ["touch bar.txt"] } }
- In your /test directory, execute
terraform init. Next, executeterraform apply. You should see the following output:
null_resource.foo[0]: Creating... null_resource.foo[0]: Provisioning with 'remote-exec'... null_resource.foo[0] (remote-exec): Connecting to remote host via SSH... null_resource.foo[0] (remote-exec): Host: XX.XX.XXX.XXX null_resource.foo[0] (remote-exec): User: ec2-user null_resource.foo[0] (remote-exec): Password: false null_resource.foo[0] (remote-exec): Private key: true null_resource.foo[0] (remote-exec): Certificate: false null_resource.foo[0] (remote-exec): SSH Agent: true null_resource.foo[0] (remote-exec): Checking Host Key: false null_resource.foo[0] (remote-exec): Target Platform: unix null_resource.foo[0] (remote-exec): Connected! null_resource.foo[0] (remote-exec): hello null_resource.foo[0]: Creation complete after 0s [id=xxxxxxxxxxxxxxxx] Apply complete! Resources: 1 added, 0 changed, 0 destroyed.
- Notice
null_resource.foo[0] (remote-exec): hellois the output fromls.
- Go back to your terminal connected to the EC2 instance and execute
ls. You will only see 1 directory: /hello. As expected, the Destroy-time Provisioner did not run.
- Now, back in directory /test, execute
terraform destroy. You will see the following output:
null_resource.foo[0]: Destroying... [id=xxxxxxxxxxxxxxxx] null_resource.foo[0]: Provisioning with 'remote-exec'... null_resource.foo[0] (remote-exec): Connecting to remote host via SSH... null_resource.foo[0] (remote-exec): Host: XX.XX.XXX.XXX null_resource.foo[0] (remote-exec): User: ec2-user null_resource.foo[0] (remote-exec): Password: false null_resource.foo[0] (remote-exec): Private key: true null_resource.foo[0] (remote-exec): Certificate: false null_resource.foo[0] (remote-exec): SSH Agent: true null_resource.foo[0] (remote-exec): Checking Host Key: false null_resource.foo[0] (remote-exec): Target Platform: unix null_resource.foo[0] (remote-exec): Connected! null_resource.foo[0]: Destruction complete after 1s Destroy complete! Resources: 1 destroyed.
- Go to your terminal connected to the EC2 instance and execute
ls. Now, you see "bar.txt". This time, the Destroy-time Provisioner executed. For more information, see Destroy-time Provisioners [b]. - End your ssh session with your EC2 instance. Clean-up/destroy the instance and security group.
Links
[b] https://developer.hashicorp.com/terraform/language/resources/provisioners/syntax