Репозиторий здесь, если кому-то нужен полный код
Error: Error applying plan:
4 error(s) occurred:
* module.eu-west.aws_key_pair.terraformer: 1 error(s) occurred:
* aws_key_pair.terraformer: Error import KeyPair: InvalidKeyPair.Duplicate: The keypair 'openvpn-key' already exists.
status code: 400, request id: 52818ed9-bfbf-4cd6-a301-bcb288450ce1
* module.eu-west.aws_security_group.openvpn: 1 error(s) occurred:
* aws_security_group.openvpn: Error creating Security Group: InvalidGroup.Duplicate: The security group 'openvpn' already exists for VPC 'vpc-bcbd13d4'
status code: 400, request id: 6f950685-e810-4828-bb67-c057c0c2feae
* module.us-west.aws_security_group.openvpn: 1 error(s) occurred:
* aws_security_group.openvpn: Error creating Security Group: InvalidGroup.Duplicate: The security group 'openvpn' already exists for VPC 'vpc-eda4a294'
status code: 400, request id: c3aa4e3b-5765-40c7-8dc6-8a208b9f39b6
* module.us-west.aws_key_pair.terraformer: 1 error(s) occurred:
* aws_key_pair.terraformer: Error import KeyPair: InvalidKeyPair.Duplicate: The keypair 'openvpn-key' already exists.
status code: 400, request id: 057e0dc4-c757-4b54-b36a-5cbebd69cb2d
data "aws_ami" "ubuntu" {
most_recent = true
filter {
name = "name"
values = ["ubuntu/images/hvm-ssd/ubuntu-trusty-14.04-amd64-server-*"]
filter {
name = "virtualization-type"
values = ["hvm"]
owners = ["099720109477"] # Canonical
data "aws_availability_zones" "current" {}
resource "aws_instance" "openvpn" {
ami = "${var.ami == "" ? data.aws_ami.ubuntu.id : var.ami}"
instance_type = "${var.instance_type}"
availability_zone = "${data.aws_availability_zones.current.id}"
monitoring = false
key_name = "${aws_key_pair.terraformer.key_name}"
tags {
Name = "openvpn${var.deployment_suffix}"
security_groups = ["${aws_security_group.openvpn.name}"]
resource "aws_security_group" "openvpn" {
name = "openvpn${var.deployment_suffix}"
description = "openvpn${var.deployment_suffix} security groups"
resource "aws_security_group_rule" "vpn-clients" {
type = "ingress"
from_port = 1194
to_port = 1194
protocol = "udp"
cidr_blocks = [""]
security_group_id = "${aws_security_group.openvpn.id}"
resource "aws_security_group_rule" "main_egress" {
type = "egress"
from_port = 0
to_port = 0
protocol = "-1"
cidr_blocks = [""]
security_group_id = "${aws_security_group.openvpn.id}"
resource "aws_security_group_rule" "ssh" {
type = "ingress"
from_port = 22
to_port = 22
protocol = "tcp"
cidr_blocks = [""]
security_group_id = "${aws_security_group.openvpn.id}"
resource "aws_eip" "openvpn" {
instance = "${aws_instance.openvpn.id}"
resource "aws_key_pair" "terraformer" {
key_name = "openvpn-key"
public_key = "${file("${var.pub_key}")}"
output "ip" {
value = "${aws_eip.openvpn.public_ip}"
Основной сценарий
provider "aws" {
alias = "eu-west"
profile = "${var.aws_profile}"
shared_credentials_file = "${pathexpand("~/.aws/config")}"
region = "eu-west-2"
provider "aws" {
alias = "us-west"
profile = "${var.aws_profile}"
shared_credentials_file = "${pathexpand("~/.aws/config")}"
region = "us-west-2"
module "eu-west" {
providers = {
"aws" = "aws.eu-west"
source = "modules/openvpn"
aws_profile = "${var.aws_profile}"
aws_region = "eu-west-2"
instance_type = "t2.micro"
ami = "${var.ami}"
pub_key = "${var.pub_key}"
output "eu-west-ip" {
value = "${module.eu-west.ip}"
module "us-west" {
providers = {
"aws" = "aws.us-west"
source = "modules/openvpn"
instance_type = "t2.micro"
aws_profile = "${var.aws_profile}"
aws_region = "us-west-2"
ami = "${var.ami}"
pub_key = "${var.pub_key}"
output "us-west-ip" {
value = "${module.us-west.ip}"
А вот и прогон
bash-4.4$ unset TF_LOG
bash-4.4$ terraform plan
Refreshing Terraform state in-memory prior to plan...
The refreshed state will be used to calculate this plan, but will not be
persisted to local or remote state storage.
data.aws_availability_zones.current: Refreshing state...
data.aws_ami.ubuntu: Refreshing state...
data.aws_availability_zones.current: Refreshing state...
data.aws_ami.ubuntu: Refreshing state...
An execution plan has been generated and is shown below.
Resource actions are indicated with the following symbols:
+ create
Terraform will perform the following actions:
+ module.eu-west.aws_eip.openvpn
id: <computed>
allocation_id: <computed>
association_id: <computed>
domain: <computed>
instance: "${aws_instance.openvpn.id}"
network_interface: <computed>
private_ip: <computed>
public_ip: <computed>
vpc: <computed>
+ module.eu-west.aws_instance.openvpn
id: <computed>
ami: "ami-06dcf6f1d32fee1f5"
arn: <computed>
associate_public_ip_address: <computed>
availability_zone: "2018-09-25 14:12:32.778713 +0000 UTC"
cpu_core_count: <computed>
cpu_threads_per_core: <computed>
ebs_block_device.#: <computed>
ephemeral_block_device.#: <computed>
get_password_data: "false"
instance_state: <computed>
instance_type: "t2.micro"
ipv6_address_count: <computed>
ipv6_addresses.#: <computed>
key_name: "openvpn-key"
monitoring: "false"
network_interface.#: <computed>
network_interface_id: <computed>
password_data: <computed>
placement_group: <computed>
primary_network_interface_id: <computed>
private_dns: <computed>
private_ip: <computed>
public_dns: <computed>
public_ip: <computed>
root_block_device.#: <computed>
security_groups.#: "1"
security_groups.3033708533: "openvpn"
source_dest_check: "true"
subnet_id: <computed>
tags.%: "1"
tags.Name: "openvpn"
tenancy: <computed>
volume_tags.%: <computed>
vpc_security_group_ids.#: <computed>
+ module.eu-west.aws_key_pair.terraformer
id: <computed>
fingerprint: <computed>
key_name: "openvpn-key"
public_key: "ssh-rsa .... user@email"
+ module.eu-west.aws_security_group.openvpn
id: <computed>
arn: <computed>
description: "openvpn security groups"
egress.#: <computed>
ingress.#: <computed>
name: "openvpn"
owner_id: <computed>
revoke_rules_on_delete: "false"
vpc_id: <computed>
+ module.eu-west.aws_security_group_rule.main_egress
id: <computed>
cidr_blocks.#: "1"
cidr_blocks.0: ""
from_port: "0"
protocol: "-1"
security_group_id: "${aws_security_group.openvpn.id}"
self: "false"
source_security_group_id: <computed>
to_port: "0"
type: "egress"
+ module.eu-west.aws_security_group_rule.ssh
id: <computed>
cidr_blocks.#: "1"
cidr_blocks.0: ""
from_port: "22"
protocol: "tcp"
security_group_id: "${aws_security_group.openvpn.id}"
self: "false"
source_security_group_id: <computed>
to_port: "22"
type: "ingress"
+ module.eu-west.aws_security_group_rule.vpn-clients
id: <computed>
cidr_blocks.#: "1"
cidr_blocks.0: ""
from_port: "1194"
protocol: "udp"
security_group_id: "${aws_security_group.openvpn.id}"
self: "false"
source_security_group_id: <computed>
to_port: "1194"
type: "ingress"
+ module.us-west.aws_eip.openvpn
id: <computed>
allocation_id: <computed>
association_id: <computed>
domain: <computed>
instance: "${aws_instance.openvpn.id}"
network_interface: <computed>
private_ip: <computed>
public_ip: <computed>
vpc: <computed>
+ module.us-west.aws_instance.openvpn
id: <computed>
ami: "ami-09bfeda7337019518"
arn: <computed>
associate_public_ip_address: <computed>
availability_zone: "2018-09-25 14:12:32.005232 +0000 UTC"
cpu_core_count: <computed>
cpu_threads_per_core: <computed>
ebs_block_device.#: <computed>
ephemeral_block_device.#: <computed>
get_password_data: "false"
instance_state: <computed>
instance_type: "t2.micro"
ipv6_address_count: <computed>
ipv6_addresses.#: <computed>
key_name: "openvpn-key"
monitoring: "false"
network_interface.#: <computed>
network_interface_id: <computed>
password_data: <computed>
placement_group: <computed>
primary_network_interface_id: <computed>
private_dns: <computed>
private_ip: <computed>
public_dns: <computed>
public_ip: <computed>
root_block_device.#: <computed>
security_groups.#: "1"
security_groups.3033708533: "openvpn"
source_dest_check: "true"
subnet_id: <computed>
tags.%: "1"
tags.Name: "openvpn"
tenancy: <computed>
volume_tags.%: <computed>
vpc_security_group_ids.#: <computed>
+ module.us-west.aws_key_pair.terraformer
id: <computed>
fingerprint: <computed>
key_name: "openvpn-key"
public_key: "ssh-rsa .... user@email"
+ module.us-west.aws_security_group.openvpn
id: <computed>
arn: <computed>
description: "openvpn security groups"
egress.#: <computed>
ingress.#: <computed>
name: "openvpn"
owner_id: <computed>
revoke_rules_on_delete: "false"
vpc_id: <computed>
+ module.us-west.aws_security_group_rule.main_egress
id: <computed>
cidr_blocks.#: "1"
cidr_blocks.0: ""
from_port: "0"
protocol: "-1"
security_group_id: "${aws_security_group.openvpn.id}"
self: "false"
source_security_group_id: <computed>
to_port: "0"
type: "egress"
+ module.us-west.aws_security_group_rule.ssh
id: <computed>
cidr_blocks.#: "1"
cidr_blocks.0: ""
from_port: "22"
protocol: "tcp"
security_group_id: "${aws_security_group.openvpn.id}"
self: "false"
source_security_group_id: <computed>
to_port: "22"
type: "ingress"
+ module.us-west.aws_security_group_rule.vpn-clients
id: <computed>
cidr_blocks.#: "1"
cidr_blocks.0: ""
from_port: "1194"
protocol: "udp"
security_group_id: "${aws_security_group.openvpn.id}"
self: "false"
source_security_group_id: <computed>
to_port: "1194"
type: "ingress"
Plan: 14 to add, 0 to change, 0 to destroy.
Note: You didn't specify an "-out" parameter to save this plan, so Terraform
can't guarantee that exactly these actions will be performed if
"terraform apply" is subsequently run.