alicloud_eip_association fails when instance has a public IP

[jakubgs]

When trying to attach an alicloud_eip using alicloud_eip_association the following error is given:

* alicloud_eip_association.host: AssociateEip got an error: &errors.ServerError
  {
    httpStatus:400,
    requestId:"1DEFE514-95EF-4D18-A5F6-039743BEA0AD",
    hostId:"vpc.aliyuncs.com",
    errorCode:"EIP_CAN_NOT_ASSOCIATE_WITH_PUBLIC_IP",
    recommend:"", message:"instance already bind natpublicip,cannot bind eip.",
    comment:""
  }

Now, this error is referring to the fact that one cannot attach an Elastic IP to an instance that already has a Public IP:
https://www.alibabacloud.com/help/doc-detail/72125.htm

The ECS instance must meet the following requirements:
The ECS instance does not have a public IP, nor is it bound to any EIP.

An instance receives a Public IP when the internet_max_bandwidth_out parameter is set to a value greater than zero. One cannot provision an instance using the provisioner seciton if the instance does not have a public IP. In order to make that work I've been adding the following section to my alicloud_instance config:

connection {
  host = "${self.public_ip}"
}

My question is following:

How can I provision an alicloud_instance if it lacks a Public IP because I want to attach an Elastic IP to it afterwards?

Am I missing something? How can I both provision a new instance and then attach an Elastic IP?

[jakubgs]

Just a note, I've also opened an issue with the Ansible provisioner about alicloud_instance module not being able to run provisioner because of lack of IP, but with this issue it seems like it's more likely that this is an issue with the alicloud_instance rather than the provisioner:
radekg/terraform-provisioner-ansible#54

[jakubgs]

Any help on this?

[xiaozhu36]

HI @jakubgs EIP does not support association with a ECS instance with public ip. If you want to do it, please release the instance public ip firstly.

[jakubgs]

Yes, but I need the public IP in order to provision the host from terraform.
So how can I remove the public IP after the isntance has been created and provisioned in terraform so I can attach an EIP?

[xiaozhu36]

Modifying internet_max_bandwidth_out to 0 can remove the public ip.

[jakubgs]

I see. So I'd have to copy the exact same alicloud_instalce block with everything except the provisioner block and the internet_max_bandwidth_out attribute changed? Or is there a simpler way of changing just that attribute for an existing instance?

[jakubgs]

Is there a way to do this without having to run Terrafomr twice? This really breaks the workflow. I don't see how I can in the same tf file:

1. Create the isntance
2. Proision it
3. Remove the public IP
4. Attach a Floating IP

Is it even possible?

[jakubgs]

Okay, I've managed to make this work by setting internet_max_bandwidth_out to 0 from the start for the instance, and the adding the provisioner block to the alicloud_eip_association block along with a connection section.

[xiaozhu36]

Create a instance without public ip and attach a eip for it and then add the provisioner block with EIP is the best pratice.

[xiaozhu36]

@jakubgs I will close this issue and if you still have problems, please reopen it.