Please refer my script below, this worked fine earlier and now it times out when retrieving activation key. All the resources will be created except gateway.
Security group code is deleted as i am unable to post my question, ports allowed in inboud - 445,159,139,80,22 and all ports in icmp outbound - all ports
data "aws_ami" "latest_ami" {
most_recent = true
filter {
name = "name"
values = ["*aws-storage-gateway*"]
}
owners = ["amazon"]
}
resource "aws_instance" "file_gateway_instance" {
ami = data.aws_ami.latest_ami.id
instance_type = "m5.xlarge"
key_name = var.keypair_name
subnet_id = var.subnet_id
vpc_security_group_ids = [aws_security_group.file_gateway_sg.id]
user_data = <<-EOF
#!/bin/bash
# Install file gateway
curl https://filesystems-manager-us-east-1.s3.us-east-1.amazonaws.com/latest/install.sh | sudo bash
EOF
tags = {
Name = "file_gateway"
}
}
data "aws_ssm_parameter" "domain_creds" {
name = "/secrets/ad/admin-password"
with_decryption = true
}
resource "aws_storagegateway_gateway" "file_gateway" {
gateway_name = var.gateway_name
gateway_timezone = "GMT"
gateway_type = "FILE_S3"
gateway_ip_address = aws_instance.file_gateway_instance.private_ip
smb_active_directory_settings {
domain_name = var.domain_name
username = "admin"
password = data.aws_ssm_parameter.domain_creds.value
}
}
The first thing I think might happen here is that file_gateway_instance is in a subnet that does not have internet access.
From your subnet I assume it is a private subnet as you are not setting a public IP for the instance. If so, make sure you either have a NAT gateway setup in that subnet with the route 0.0.0.0/0
You can debug this by enabling VPC flowlogs and then filtering on the ENI of the EC2 instance and see if the outbound traffic is allowed (might also be NACL of the subnet blocking the traffic).