Associate EIP with ENI using Terraform - Elastic Compute Service

An Elastic IP Address (EIP) is a public IP address resource that you can purchase and hold independently. After you associate an EIP with a cloud resource, the resource can use the EIP to communicate with the Internet. For example, if you host multiple applications on a single Elastic Compute Service (ECS) instance, you can assign a separate secondary Elastic Network Interface (ENI) and an independent EIP to each application. This allows each application to have its own public IP address. This topic describes how to associate an EIP with a secondary ENI.

Note

The sample code in this tutorial supports one-click execution. You can run the code directly. One-click run

Resources

alicloud_eip_address: Creates an EIP.
alicloud_eip_association: Associates an EIP with a cloud resource, such as an ECS instance or an ENI.
alicloud_vpc: Creates a VPC.
alicloud_vswitch: Creates a virtual switch.
alicloud_security_group: Creates a security group.
alicloud_security_group_rule: Adds an access control rule to a security group.
alicloud_ecs_network_interface: Creates an ENI.

Create a configuration file

Create a file named terraform.tf, add the following content, and save the file.

provider "alicloud" {
  region = var.region
}

# The region where the resources will be created.
variable "region" {
  default     = "cn-beijing"
  description = "The region where the resources will be created."
}

# The ID of an existing VPC. This parameter is required when you associate an ENI with an existing ECS instance. The value must be the VPC of the ECS instance.
variable "vpc_id" {
  default     = ""
  description = "When binding an ENI to an existing ECS instance, this value is required and must be the VPC associated with the ECS instance."
}

# The CIDR block for the VPC. You can leave this parameter empty if you specify vpc_id.
variable "vpc_cidr_block" {
  default     = "192.168.0.0/16"
  description = "Specify the CIDR block of the VPC. If the vpc_id is provided, this value can be left blank."
}

# The zone. This parameter is required when you associate an ENI with an existing ECS instance. The value must be the zone where the ECS instance is located.
variable "zone_id" {
  default     = ""
  description = "When binding an ENI to an existing ECS instance, this value is required and must be the zone where the ECS instance is located."
}

# The CIDR block for the vSwitch. The CIDR block must be within the CIDR block of the VPC.
variable "vswitch_cidr_block" {
  default     = "192.168.0.0/24"
  description = "Specify the CIDR block of the VSwitch. The CIDR block must be within the range of the VPC CIDR block."
}

# The source IP address for accessing the ENI.
variable "source_ip" {
  description = "The IP address you used to access the ENI."
  type        = string
  default     = "0.0.0.0/0"
}

# The private IP address of the ENI.
variable "private_ip" {
  description = "The primary private IP address of the ENI. The specified IP address must be available within the CIDR block of the VSwitch. If this parameter is not specified, an available IP address is assigned from the VSwitch CIDR block at random."
  type        = string
  default     = ""
}

locals {
  new_zone_id = var.zone_id == ""
  create_vpc  = var.vpc_id == ""
}

resource "alicloud_eip" "eip" {
  address_name = "test_eip"
}

resource "alicloud_vpc" "vpc" {
  count      = local.create_vpc ? 1 : 0
  vpc_name   = "test_vpc"
  cidr_block = var.vpc_cidr_block
}

data "alicloud_zones" "default" {
  count                       = local.new_zone_id ? 1 : 0
  available_resource_creation = "VSwitch"
}

resource "alicloud_vswitch" "vswitch" {
  vswitch_name = "test_vswitch"
  cidr_block   = var.vswitch_cidr_block
  zone_id      = local.new_zone_id ? data.alicloud_zones.default[0].zones.0.id : var.zone_id
  vpc_id       = local.create_vpc ? alicloud_vpc.vpc[0].id : var.vpc_id
}

resource "alicloud_security_group" "group" {
  security_group_name = "test_sg"
  vpc_id              = local.create_vpc ? alicloud_vpc.vpc[0].id : var.vpc_id
}

# Add a rule to allow inbound traffic on TCP port 80.
resource "alicloud_security_group_rule" "allow_80_tcp" {
  type              = "ingress"
  ip_protocol       = "tcp"
  nic_type          = "intranet"
  policy            = "accept"
  port_range        = "80/80"
  priority          = 1
  security_group_id = alicloud_security_group.group.id
  cidr_ip           = var.source_ip
}

resource "alicloud_network_interface" "default" {
  network_interface_name             = "test_eni"
  vswitch_id                         = alicloud_vswitch.vswitch.id
  security_group_ids                 = [alicloud_security_group.group.id]
  primary_ip_address                 = var.private_ip
  secondary_private_ip_address_count = 1
}

resource "alicloud_eip_association" "default" {
  allocation_id = alicloud_eip.eip.id
  instance_type = "NetworkInterface"
  instance_id   = alicloud_network_interface.default.id
}

Create resources

Run the following commands in the folder where the terraform.tf file is located.

Run terraform init to initialize Terraform. The following output indicates that the initialization is complete.

Terraform has been successfully initialized!

You may now begin working with Terraform. Try running "terraform plan" to see
any changes that are required for your infrastructure. All Terraform commands
should now work.

If you ever set or change modules or backend configuration for Terraform,
rerun this command to reinitialize your working directory. If you forget, other
commands will detect it and remind you to do so if necessary.

Run terraform apply and enter yes at the prompt to create the resources. The following output indicates that the resources are created.
```
Do you want to perform these actions?
  Terraform will perform the actions described above.
  Only 'yes' will be accepted to approve.

  Enter a value: yes

alicloud_vpc.vpc: Creating...
alicloud_eip.eip: Creating...

...

Apply complete! Resources: 7 added, 0 changed, 0 destroyed.
```
Note
If you create an ENI to associate with an existing ECS instance, run terraform apply and pass the required parameters. For example: terraform apply -var source_ip=XX.XX.XX.XX -var vpc_id=vpc-2vc4ctyuxpq6nXXXXXXXXX -var zone_id=cn-beijing-a -var vswitch_cidr_block=XX.XX.XX.XX/XX.
Run terraform show to view the created resources, including the VPC, EIP, and ENI.
Note
You can also view the created resources in the console.

Clean up resources

When you no longer need the resources created or managed by Terraform, run the terraform destroy command to release them.

terraform destroy

References

After you create an ENI, you can associate it with an ECS instance in the same zone and VPC. For more information, see Create and use an ENI.
For more information about Terraform commands, see Common Terraform commands.