I'm trying to launch an S3 File Gateway (AWS Storage Gateway) via Terraform, with EC2 hosting and a VPC endpoint for Storage Gateway.
I've been able to launch the Storage Gateway EC2 into a private subnet, then launch a second EC2 instance into the public subnet so that I can retrieve the gateway's activation key (https://docs.aws.amazon.com/storagegateway/latest/userguide/get-activation-key.html).
Unfortunately, when I provide a value for the activation_key in Terraform, it seems to be ignoring the gateway_vpc_endpoint, and just creates the Storage Gateway with a Public endpoint instead.
Code used:
resource "aws_storagegateway_gateway" "s3_file_gateway" {
gateway_vpc_endpoint = aws_vpc_endpoint.storage_gateway.dns_entry[0].dns_name
activation_key = "XXXX-XXXX-XXXX-XXXX-XXXX"
gateway_name = "Storage-Gateway"
gateway_timezone = var.gateway_timezone
gateway_type = var.gateway_type
cloudwatch_log_group_arn = aws_cloudwatch_log_group.storage_gateway.arn
tags = var.tags
lifecycle {
ignore_changes = [smb_active_directory_settings, gateway_ip_address]
}
}
Has anyone come across this and been able to resolve it?
This question is a few months old now, but when you connect onto the second EC2 to retrieve the activation key from the Gateway EC2, you're probably curling the incorrect URL.
You may have been following the instructions in this documentation: https://docs.aws.amazon.com/storagegateway/latest/userguide/get-activation-key.html
When actually, this is the documentation that is more useful for what you're trying to achieve: https://docs.aws.amazon.com/filegateway/latest/files3/gateway-private-link.html
This states that the format of the URL you should curl to get the activation key is: