How to programmatically use your public Internet IP address in Terraform?

Programmatically use your public IP in Terraform as source IP for AWS Security Rules

During testing of HashiCorp Terraform plans, sometimes there is a need to create firewall rules that use your current public Internet IP address, for example for SSH access to the created instances.

Updates:

  • 2020 Jun 29: Upgraded to Terraform 0.12
  • 2020 Oct 19: Set IPV4 switch -4 in dig command as suggested by Reque.

There is an easy way to programmatically obtain the IP address using a Terraform External Data Source.

Create a shell script that obtains the IP address and returns the value in a JSON object.

whatismyip.sh

#!/bin/bash
...
set -e
INTERNETIP="$(dig +short myip.opendns.com @resolver1.opendns.com -4)"
echo $(jq -n --arg internetip "$INTERNETIP" '{"internet_ip":$internetip}')

Call the external data source and use the output in a firewall rule. The example in aws_security_group_rules.tf shows how to use the public IP address in an AWS security rule created by Terraform to allow SSH access.

aws_security_group_rules.tf

data "external" "whatismyip" {
  program = ["/bin/bash" , "${path.module}/whatismyip.sh"]
}
resource "aws_security_group_rule" "allow_ssh_from_my_ip" {
 type = "ingress"
 from_port = 22
 to_port = 22
 protocol = "tcp"
 cidr_blocks = [format("%s/%s",data.external.whatismyip.result["internet_ip"],32)]
 security_group_id = "sg-123456"
}

Make sure to install jq utility and also make whatismyip.sh executable using:

sudo apt-get install jq
chmod 764 whatismyip.sh

Since you are now using an additional data source, the External Data Source, initialize Terraform using:

terraform init

See more Terraform and Ansible examples:

4 comments on “How to programmatically use your public Internet IP address in Terraform?”

  1. Just a quick fix because the script whatismyip.sh wasn't working for me, I don't if its due to my distro (Ubuntu 20.04)...

    I'd only added a "-4" at the end of the dig command:

    #!/bin/bash
    set -e
    INTERNETIP="$(dig +short myip.opendns.com @resolver1.opendns.com -4)"
    echo $(jq -n --arg internetip "$INTERNETIP" '{"internet_ip":$internetip}')

    Now is showing my IPv4, if the IPv6 is required just change the "-4" to "-6" and you're good to go.

    1. Thanks, Reque, you are right.

      I believe that if you have IPV6 and IPV4 addresses, then the command shows both. Your fix is needed to select the required IP version. I will add it to the tutorial.

Leave a Reply

Your email address will not be published. Required fields are marked *


Related Cloud Tutorials

Control traffic to AWS resources using security groups
How to configure and use the Terraform aws_security_group and aws_security_group_rule resource blocks to create and manage AWS Security Groups and secure the infrastructure.
AWS Routing Tables with Terraform
How to configure and use the Terraform aws_route_table, aws_route, and aws_main_route_table_association resource blocks to create and manage AWS Routing Tables.
AWS NAT Gateway
How to configure and use the Terraform aws_nat_gateway and aws_eip resource blocks to create and manage AWS NAT Gateway and its corresponding Public IPs inside each availability zone to enable Internet access from instances in private subnets.
An AWS NAT Gateway is a managed service that allows instances in a private subnet to connect to the Internet while keeping them secure. It provides network address translation (NAT) for outbound traffic, allowing resources in a private subnet to access the internet while maintaining a private IP address.
AWS Internet Gateway
How to configure and use the Terraform aws_internet_gateway resource block to create and manage AWS Internet Gateway inside a VPC to enable instances access to and from the Internet.
Javier Ruiz Cloud and SaaS Expert

Javier Ruiz

IT Wonder Lab tutorials are based on the diverse experience of Javier Ruiz, who founded and bootstrapped a SaaS company in the energy sector. His company, later acquired by a NASDAQ traded company, managed over €2 billion per year of electricity for prominent energy producers across Europe and America. Javier has over 25 years of experience in building and managing IT companies, developing cloud infrastructure, leading cross-functional teams, and transitioning his own company from on-premises, consulting, and custom software development to a successful SaaS model that scaled globally.

Are you looking for cloud automation best practices tailored to your company?

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram