amazon web services - How to prevent cyclic dependencyd when creating signed cert for EC2 instance? -

i'm using terraform create ec2 instance used docker host. means need create encryption keys securely connect on internet. when creating keys need specify ip address , hostnames connecting with. in terraform these values can dynamically allocated, results in cyclic dependency situation. lets use example:

resource "tls_private_key" "example" {   algorithm = "ecdsa" }  resource "tls_self_signed_cert" "docker_host_key" {   key_algorithm = "${tls_private_key.example.algorithm}"   private_key_pem = "${tls_private_key.example.private_key_pem}"   validity_period_hours = 12   early_renewal_hours = 3   allowed_uses = ["server_auth"]   dns_names = [ "${aws_instance.example.public_dns}" ]   ip_addresses = [ "${aws_instance.example.public_ip}" ]   subject {     common_name = "example.com"     organization = "example"   } }  resource "aws_instance" "example" {   count = 1   ami = "ami-d05e75b8"   instance_type = "t2.micro"   subnet_id = "subnet-24h4fos9"   associate_public_ip_address = true   provisioner "remote-exec" {     inline = [       "echo \"${tls_self_signed_cert.docker_host_key.private_key_pem}\" > private_key_pem",       "echo \"${tls_self_signed_cert.docker_host_key.cert_pem}\" > cert_pem",       "echo \"${tls_private_key.docker_host_key.private_key_pem}\" > private_key_pem2",     ]   } } 

in remote-exec provisioner need write values tls_self_signed_cert resource, in turn needs values aws_instance resource.

how can overcome situation?

you can use aws_eip resource create elastic ip , attach instance aws_eip_association.

resource "aws_eip" "eip" {   ... }  resource "aws_eip_association" "eip" {   allocation_id = "${aws_eip.eip.id}"   instance_id = "${aws_instance.example.id}" }  resource "tls_self_signed_cert" "docker_host_key" {   # set here route53 instead: dns_names = [ "${aws_instance.example.public_dns}" ]   ip_addresses = [ "${aws_eip.eip.public_ip}" ]   ... }