How to programmatically use your public Internet IP address in Terraform?

Programmatically use your public IP in Terraform as source IP for AWS Security Rules

During testing of HashiCorp Terraform plans, sometimes there is a need to create firewall rules that use your current public Internet IP address, for example for SSH access to the created instances.

Updates:

• 2020 Jun 29: Upgraded to Terraform 0.12
• 2020 Oct 19: Set IPV4 switch -4 in dig command as suggested by Reque.

There is an easy way to programmatically obtain the IP address using a Terraform External Data Source.

Create a shell script that obtains the IP address and returns the value in a JSON object.

whatismyip.sh

#!/bin/bash
...
set -e
INTERNETIP="$(dig +short myip.opendns.com @resolver1.opendns.com -4)"
echo $(jq -n --arg internetip "$INTERNETIP" '{"internet_ip":$internetip}')

Call the external data source and use the output in a firewall rule. The example in aws_security_group_rules.tf shows how to use the public IP address in an AWS security rule created by Terraform to allow SSH access.

aws_security_group_rules.tf

data "external" "whatismyip" {
  program = ["/bin/bash" , "${path.module}/whatismyip.sh"]
}
resource "aws_security_group_rule" "allow_ssh_from_my_ip" {
 type = "ingress"
 from_port = 22
 to_port = 22
 protocol = "tcp"
 cidr_blocks = [format("%s/%s",data.external.whatismyip.result["internet_ip"],32)]
 security_group_id = "sg-123456"
}

Make sure to install jq utility and also make whatismyip.sh executable using:

sudo apt-get install jq
chmod 764 whatismyip.sh

Since you are now using an additional data source, the External Data Source, initialize Terraform using:

terraform init

See more Terraform and Ansible examples:

• Terraform Setup and VPC Subnet Creation
• VPC Subnet Routing and Internet Access
• Route 53 and AMI lookup
• Creating AWS EC2 Instances with Terraform
• RDS MariaDB Database and Resource Tags
• Using Ansible for Terraform Managed AWS Infrastructure