Some missing steps from Terraform's "Basic Two-Tier AWS Architecture" README.txt
https://github.com/terraform-providers/terraform-provider-aws/tree/master/examples/two-tier
(1) If you have an AWS account that allows for "EC2 Classic" then this whole example might not work for you. I have an ancient AWS account that has EC2 Classic support and have found that other Hashicorp examples do not work. (The networking and security group defaults seem to be wrong.) You call tell if you have an EC2 Classic account as to will see "EC2" inaddition to "VPC" listed under the "Supported Platforms" of the "EC2 Dashboard." I advise you to create a new account and use that instead; I did.
(2) Generate an SSH key pair on your local machine, eg
ssh-keygen -f id_terraform_two_tier
Don't use a passphrase. Note, you can use an existing key-pair if you wish; most people have the default pair at
$HOME/.ssh/id_rsa
$HOME/.ssh/id_rsa.pub
(3) Import the public key from $HOME/.ssh/id_terraform_two_tier.pub to AWS EC2 Dashboard Key Pairs
https://console.aws.amazon.com/ec2/v2/home#KeyPairs:sort=keyName
(4) Terraform relies on ssh-agent to intermediate between itself and the ssh server on your EC2 instance. This allows Terraform to not need any details about your private SSH key.
Run ssh-agent in the same terminal you will be running Terraform
eval `ssh-agent`
(5) Check that the agent has your id_terraform_two_tier keys
ssh-add -l
If the key is missing then add it
ssh-add $HOME/.ssh/id_terraform_two_tier
(6) Once Terraform is complete you might want to SSH to your new EC2 instance. Its public IP address is mixed in Terraform's output, but lets make getting it easier. Add the following to output.tf
output "ssh" {
value = "${aws_instance.web.public_ip}"
}
(7) Run Terraform
terraform apply -var key_name=id_terraform_two_tier -var public_key_path=$HOME/.ssh/id_terraform_two_tier.pub
(8) Test HTTP replacing the "address" output value for XXXX
curl -D - http://XXXX
(9) Test SSH replacing the "ssh" output value for XXXX
ssh ubuntu@XXXX
END