Getting EC2 Windows Password from instances when using Terraform

1
votes

I'm struggling to get the password from a couple of new ec2 instances when using terraform. Been reading up through a couple of posts and thought i had it but not getting anywhere.

Here's my config:

resource "aws_instance" "example" {
  ami = "ami-06f9d25508c9681c3"
  count         = "2"
  instance_type = "t2.small"
  key_name = "mykey"
  vpc_security_group_ids =["sg-98d190fc","sg-0399f246d12812edb"]
  get_password_data = "true"
}

output "public_ip" {
    value = "${aws_instance.example.*.public_ip}"
}

output "public_dns" {
    value = "${aws_instance.example.*.public_dns}"
}

output "Administrator_Password" {
    value = "${rsadecrypt(aws_instance.example.*.password_data, 
file("mykey.pem"))}"
}

Managed to clear up all the syntax errors but now when running get the following error:

PS C:\tf> terraform apply
aws_instance.example[0]: Refreshing state... (ID: i-0e087e3610a8ff56d)
aws_instance.example[1]: Refreshing state... (ID: i-09557bc1e0cb09c67)

Error: Error refreshing state: 1 error(s) occurred:

* output.Administrator_Password: At column 3, line 1: rsadecrypt: argument 1 
should be type string, got type list in:

${rsadecrypt(aws_instance.example.*.password_data, file("mykey.pem"))}
1
terraformterraform-provider-awsinfrastructure-as-code
I guess you might need 2 Administrator_Password outputs, identifying each on list value = "${rsadecrypt(aws_instance.example.*.password_data[0], file("mykey.pem"))}"Helder Sepulveda
Dropped it down to one instance to keep it simple and get it working. Using this config output "Administrator_Password" { value = "${rsadecrypt(aws_instance.example.password_data,file("C:/TF/mykey.pem"))}" } but end up with the following response - Error: Error refreshing state: 1 error(s) occurred: * output.Administrator_Password: rsadecrypt: crypto/rsa: decryption error in: ${rsadecrypt(aws_instance.example.password_data,file("C:/TF/mycert.pem"))John Fox
Able to get the password with the key from the aws cli so know the key is correct aws ec2 get-password-data --instance-id i-09557bc1e0cb09c67 --priv-launch-key mykey.pem Just need to figure out the terraform setupJohn Fox

1 Answers

3
votes

This error is returned because aws_instance.example.*.password_data is a list of the password_data results from each of the EC2 instances. Each one must be decrypted separately with rsadecrypt.

To do this in Terraform v0.11 requires using null_resource as a workaround to achieve a "for each" operation:

resource "aws_instance" "example" {
  count = 2

  ami                    = "ami-06f9d25508c9681c3"
  instance_type          = "t2.small"
  key_name               = "mykey"
  vpc_security_group_ids = ["sg-98d190fc","sg-0399f246d12812edb"]
  get_password_data      = true
}

resource "null_resource" "example" {
  count = 2

  triggers = {
    password = "${rsadecrypt(aws_instance.example.*.password_data[count.index], file("mykey.pem"))}"
  }
}

output "Administrator_Password" {
    value = "${null_resource.example.*.triggers.password}"
}

From Terraform v0.12.0 onwards, this can be simplified using the new for expression construct:

resource "aws_instance" "example" {
  count = 2

  ami                    = "ami-06f9d25508c9681c3"
  instance_type          = "t2.small"
  key_name               = "mykey"
  vpc_security_group_ids = ["sg-98d190fc","sg-0399f246d12812edb"]
  get_password_data      = true
}

output "Administrator_Password" {
  value = [
    for i in aws_instance.example : rsadecrypt(i.password_data, file("mykey.pem"))
  ]
}