I'm trying to use AWS CloudFormation to create a NAT instance via an AutoScalingGroup, and I'm running into a problem when trying to associate an EIP during instance creation via LaunchConfiguration using UserData.
Below is my UserData (snipped and edited, CloudFormation template is created via Ansible hence the Jinja2 style variables),
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
"#!/bin/bash\n",
"\n",
"# Associate EIP address\n",
"aws ec2 associate-address --instance-id `curl http://169.254.169.254/latest/meta-data/instance-id` --allocation-id {{ nat_eip_allocation_id }} --region {{ aws_region }}\n"
]
]
}
}
What's really odd is the above code outputs the following on the instance (I pipe the output to a log file),
{
"AssociationId": "eipassoc-b33d5ad7",
"return": "true"
}
Yet when I go into my AWS console I can't find this association anywhere, the EIP isn't allocated, and the EC2 instance doesn't have the EIP, or any public IP for that matter.
If I manually associate it, it works fine.
Am I missing something really obvious here? Is it because I have AssociatePublicIpAddress set to false in the LaunchConfiguration? I assumed I needed to do this as I don't want an automatically assigned IP.
Thanks
Looks like setting
AssociatePublicIpAddresstofalsedoes indeed block the EIP from being associated via CLI duringUserDataexecution.Seems wasteful to grab a public IP just to replace it, but the solution is to set
AssociatePublicIpAddresstotrue.