From 1c4775a46cd965e89cc9a9004159fa1c1f3b8e44 Mon Sep 17 00:00:00 2001 From: Ryan Bonham Date: Tue, 4 Jun 2019 21:39:17 -0500 Subject: [PATCH 1/3] We are not deleting the primary ENI for private networks on termination, which will run accounts our of ENIs. --- .../pkg/fi/cloudup/awstasks/launchtemplate_target_terraform.go | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform.go b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform.go index c65e2f1266e07..9d56920a72f4e 100644 --- a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform.go +++ b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform.go @@ -162,7 +162,8 @@ func (t *LaunchTemplate) RenderTerraform(target *terraform.TerraformTarget, a, e InstanceType: e.InstanceType, Lifecycle: &terraform.Lifecycle{CreateBeforeDestroy: fi.Bool(true)}, NetworkInterfaces: []*terraformLaunchTemplateNetworkInterfaces{ - {AssociatePublicIPAddress: e.AssociatePublicIP}, + {AssociatePublicIPAddress: e.AssociatePublicIP, + DeleteOnTermination: fi.Bool(true)}, }, } From 790a582e88f4989a8222227f7d903f6cf507d47a Mon Sep 17 00:00:00 2001 From: Ryan Bonham Date: Wed, 5 Jun 2019 09:13:37 -0500 Subject: [PATCH 2/3] Fix test to make sure we have delete_on_termination set. --- .../fi/cloudup/awstasks/launchtemplate_target_terraform_test.go | 2 ++ 1 file changed, 2 insertions(+) diff --git a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform_test.go b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform_test.go index 6dd71ec4f0480..5377497666c84 100644 --- a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform_test.go +++ b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_terraform_test.go @@ -78,6 +78,7 @@ resource "aws_launch_template" "test" { network_interfaces = { associate_public_ip_address = true + delete_on_termination = true security_groups = ["${aws_security_group.nodes-1.id}", "${aws_security_group.nodes-2.id}"] } @@ -155,6 +156,7 @@ resource "aws_launch_template" "test" { network_interfaces = { associate_public_ip_address = true + delete_on_termination = true security_groups = ["${aws_security_group.nodes-1.id}", "${aws_security_group.nodes-2.id}"] } From 15a45702eb69516915fedac488079ca339ff7f3e Mon Sep 17 00:00:00 2001 From: Ryan Bonham Date: Wed, 5 Jun 2019 09:21:05 -0500 Subject: [PATCH 3/3] Make sure CF marks eni0 as delete_on_terminate --- .../awstasks/launchtemplate_target_cloudformation.go | 3 ++- .../awstasks/launchtemplate_target_cloudformation_test.go | 6 ++++-- 2 files changed, 6 insertions(+), 3 deletions(-) diff --git a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_cloudformation.go b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_cloudformation.go index 43425926d622f..c4fbbd0ca32de 100644 --- a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_cloudformation.go +++ b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_cloudformation.go @@ -156,7 +156,8 @@ func (t *LaunchTemplate) RenderCloudformation(target *cloudformation.Cloudformat ImageID: image, InstanceType: e.InstanceType, NetworkInterfaces: []*cloudformationLaunchTemplateNetworkInterfaces{ - {AssociatePublicIPAddress: e.AssociatePublicIP}, + {AssociatePublicIPAddress: e.AssociatePublicIP, + DeleteOnTermination: fi.Bool(true)}, }, }, } diff --git a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_cloudformation_test.go b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_cloudformation_test.go index a7c2b181ea89f..f96ce4ffe6d70 100644 --- a/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_cloudformation_test.go +++ b/upup/pkg/fi/cloudup/awstasks/launchtemplate_target_cloudformation_test.go @@ -63,7 +63,8 @@ func TestLaunchTemplateCloudformationRender(t *testing.T) { "KeyName": "mykey", "NetworkInterfaces": [ { - "AssociatePublicIpAddress": true + "AssociatePublicIpAddress": true, + "DeleteOnTermination": true } ], "Placement": [ @@ -144,7 +145,8 @@ func TestLaunchTemplateCloudformationRender(t *testing.T) { "KeyName": "mykey", "NetworkInterfaces": [ { - "AssociatePublicIpAddress": true + "AssociatePublicIpAddress": true, + "DeleteOnTermination": true } ], "Placement": [