👋 Hello, team!

What are some ways to optimize VPC flow logs cost? We don’t send them to CloudWatch but still pay for vended logs.

Hi there! Anybody had an error like this one? When I add a new context value (‘environment’ in my particular case) to an existing stack and try to deploy, I get:
… template: … executing … at <.environment>: map has no entry for key “environment

e. g. pass ARN of one lambda to another as an env var

Hi! anybody knows whether there is a way to pass output of one component to another in the atmos stack YAML file?

I am trying to wrap my head around some devsecops concept. Is a DAST and SAST applied to IaC and Application code? Or one is for IaC and the other is for App code? My guess is SAST is for IaC

Seeing a possible terraform provider issue when using <http://registry.terraform.io/cloudposse/utils|registry.terraform.io/cloudposse/utils>
see issue created here

Not sure where to post this but it seems like there was a delete button or the docs were moved from the modules page in the documentation here: https://docs.cloudposse.com/modules/

Hello, I am trying to create module `_module_ "pdf_ecs_task" {
source = "cloudposse/ecs-alb-service-task/aws"
_version_ = "0.66.4" with task_policy_arns = [
module.pdf_ecs_iam_policy.policy_arn
] but got this error: Error: Invalid for_each argument
│
│ on .terraform/modules/pdf_ecs_task/main.tf line 162, in resource "aws_iam_role_policy_attachment" "ecs_task":
│ 162: for_each = local.create_task_role ? toset(var.task_policy_arns) : toset([])
│ ├────────────────
│ │ local.create_task_role is true
│ │ var.task_policy_arns is list of string with 1 element`

Hi team,
I need to deploy all of our microservices in Kubernetes using Helm. Currently, I go to each project, run helm create <project-name>, modify some deployment templates, and then install the app with that Helm package. Could anyone suggest best practices for managing Helm charts for all of our microservices?

Additionally, I have another idea for managing our Helm charts. We could create a separate GitLab group for all our Helm charts and set up CI/CD pipelines to automatically create or update Helm charts based on any modifications. These would then be pushed to a private Helm repository. During deployment, we could fetch the latest version of the Helm chart from the private repo.
What do you think?

Thanks!

Hi, i am trying to create read replica for document DB with different instance class than primary

module "documentdb_cluster" {
  source                          = "cloudposse/documentdb-cluster/aws"

since instance_class is string i cannot have different instance class for my read replica - any suggestions on this ? how do i have different instance class for my replica

Hi, I'm trying to get templates to work and I believe my situation is such: there's a TF component that has a setting in settings setting_a: "a" and then the same component it has a variable that references that setting var_a: {{ .settings.setting_a }}. I'm getting an error of invalid stack manifest and yaml: key map: map[... . Any ideas what could be going wrong here? Also it seems like if I put the variable value in double quotes then it is used as a literal string. Thanks!

Hello! I'm working in your api gw module. I wanted to know how i'm supposed to get custom access logs working?

I have the following variables related to logging, but as the screenshot shows, custom access logging is not turned on.

  xray_tracing_enabled = true #X-Ray tracing
  metrics_enabled = true #Detailed metrics
  logging_level = "INFO"
  #log_group_arn = "arn:aws:logs:us-east-1:829505554415:log-group:blue-parakeet"
  access_log_format = <redacted for simplicity>

Edit: i've already run the account-settings module once per region

Hi, team!
I recently joined because I created a PR

how do i clean out stuff that's X amount of time old?

artifactory doesn't have a retention policy for artifacts?! that seems crazy

I'm calling the elasticsearch module with:

module "elasticsearch" {
  source = "cloudposse/elasticsearch/aws"
  
  version = "0.46.0"
  namespace               = "somecorp"
  stage                   = "production"
  name                    = "elasticsearch-production"
  vpc_id                  = data.aws_vpc.selected.id
  subnet_ids              = data.aws_subnets.private_vpc_subnets.ids
  zone_awareness_enabled  = true
  elasticsearch_version   = "7.10"
  instance_type           = "r6gd.large.search"
  instance_count          = 3
  ebs_volume_size         = 100
  encrypt_at_rest_enabled = true

  advanced_options = {
    "rest.action.multi.allow_explicit_index" = "true"
  }
}

Hi there. I am attempting to use your Elasticsearch module in vain. It will not tell me what is wrong other than:

 Error: invalid value for domain_name (must start with a lowercase alphabet and be at least 3 and no more than 28 characters long. Valid characters are a-z (lowercase letters), 0-9, and - (hyphen).)
│ 
│   with module.elasticsearch.aws_elasticsearch_domain.default[0],
│   on .terraform/modules/elasticsearch/main.tf line 108, in resource "aws_elasticsearch_domain" "default":
│  108:   domain_name           = module.this.id

And I cannot override that module.this.id with something valid

Crossposting from #aws

Hi Everyone (had to rejoin with a new account after I left my last job!).

I'm using cloudposse's aws api gw v1 module which calls their labels/context module. The line is:
context = module.this.context
However, I'm struggling to translate this to terragrunt which is how our devops team lead prefers us to handle our deployments. Terragrunt doesn't mesh with the child module call. Since the label module is used across cloudposse modules, i thought there might be a recommended or community supported approach for how to incorporate it.

I'm newer to terragrunt so any obvious configs are being missed. My only thought was to create another terragrunthcl that calls the label module (and fill out the required 12 variables in terragrunt syntax)... but then I don't know how to correlate the api gw module call with the labels call. Happy to hear a better solution if you have one!

Any chance an example implementation of the use of “vendoring” available? I was following the documentation at http://atmos.tools and thus far haven’t been able to get it to work.

hi @Erik Osterman (Cloud Posse)
I am using GitHub Enterprise and trying to figure out what exactly is GITHUB_UPLOAD_URL / uploadURL ? can anyone help me around this? This seems to be a mandatory flag while using baseURL
Anyone who can help me with this ?

hi guys,
i’m trying to do upgrade of MSK with terraform but have an issue with Configuration is in use by one or more clusters. Dissociate the configuration from the clusters.
Is it possible to bypass that step so the configuration is not even touched?

Hey Guys, I am looking for a convenient secret management tool. Currently I am evaluating: AWS secret manager, hashicorp vault, Doppler, sops and https://github.com/tellerops/teller. How do you manage your secrets securely and in a consistent way for various scenarios, e.g, docker env, terraform, k8s and ecs?

hi, the welcome message from Slackbot has a no longer working link in it. #monitoring, should be replaced by #sre

I cannot get git to remove/ignore the .terraform folder
I've added it to the .gitignore file and tried git rm -r --cached .
I've also committed after the git rm

hi, I'm playing around with atmos and after deploying a terraform component I expected the state file to be in my s3 bucket but I don't see anything there and all state information is stored in the component directory. I'm doing this from within a container if that makes a difference. I'm using atmos version v1.3.30. I have

terraform:
  vars: {}

  backend_type: s3 # s3, remote, vault, static, azurerm, etc.
  backend:
    s3:
        bucket information here
  remote_state_backend:
    s3:
      role_arn: XXXX

as part of a global file in my stacks and the prod file references the global file. I'm feeling as though I'm missing a small configuration thing. I was wondering if someone could maybe point me in a direction?

Hello everyone, I am trying to use this to comment on a github PR https://github.com/cloudposse/github-commenter

Is there a way to use something else than just {{ . }}, I am a bit confused if I can create variables like {{ .Name }} {{ . status }} and if yes how

@Max Lobur has joined the channel

@Jeremy G (Cloud Posse) has joined the channel

@Ben Smith (Cloud Posse) has joined the channel

@Lucky has joined the channel

@Leo Przybylski has joined the channel

@Hugo Samayoa has joined the channel

@Yonatan Koren has joined the channel

@johncblandii has joined the channel

@Dan Meyers has joined the channel

@RB has joined the channel

Hi folks! Just ran into a problem with the CloudPosse TF S3 Cloudfront plugin (0.59.0) that's detailed here https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/issues/151 (issue when using an existing S3 bucket). Any chance anybody could help me out there? 🙂

Hi friends! Having trouble spinning up atlantis using the cloudposse module, I’m getting this error:
Error: InvalidParameterException: The target group with targetGroupArn arn:aws:elasticloadbalancing:us-east-2:121212121212:targetgroup/atlantis/e69e6e3e328b63dd does not have an associated load balancer. "atlantis"

The target group is created by the module, but it doesn’t create the target group association to the load balancer which was created outside of the module. What is the recommended approach for fixing this?

hey guys, if anyone can help me understand the https://registry.terraform.io/modules/cloudposse/eks-node-group/aws/latest module - I'd appreciate it. Right now it's creating everything except the nodes themselves. here's a snippet:
https://gist.github.com/todd-dsm/7a8f96fe488917f3d7dd1fc3516e3c3c#file-main-tf-L36-L60

$ tf state list
...
module.apps_nodes[0].data.aws_iam_policy_document.assume_role[0]
module.apps_nodes[0].data.aws_partition.current[0]
module.apps_nodes[0].aws_launch_template.default[0]
module.apps_nodes[1].data.aws_iam_policy_document.assume_role[0]
module.apps_nodes[1].data.aws_partition.current[0]
module.apps_nodes[1].aws_launch_template.default[0]
module.apps_nodes[2].data.aws_iam_policy_document.assume_role[0]
module.apps_nodes[2].data.aws_partition.current[0]
module.apps_nodes[2].aws_iam_role.default[0]
module.apps_nodes[2].aws_iam_role_policy_attachment.amazon_ec2_container_registry_read_only[0]
module.apps_nodes[2].aws_iam_role_policy_attachment.amazon_eks_cni_policy[0]
module.apps_nodes[2].aws_iam_role_policy_attachment.amazon_eks_worker_node_policy[0]
module.apps_nodes[2].aws_launch_template.default[0]
module.apps_nodes[3].data.aws_iam_policy_document.assume_role[0]
module.apps_nodes[3].data.aws_partition.current[0]
module.apps_nodes[3].aws_launch_template.default[0]

Hello, I'm a bit unsure what channel it would fit to ask this question.
---
I'll try and keep this short (new listener to the office-hours, inspired to ask this in Slack from the "finding a mentor" conversation).
My day job is with a team focused on AWS, doing traditional operations and some light automation work.

I haven't been given a "roughly-defined" roadmap on how to succeed in this type of role or career.
I am curious on how other people have gotten to where they were in this (or their own) space.

Hello there, I don't know where to ask a github related question. I did some PR on a repo and just want to know if there is something wrong with it or if I just need to wait someone have some time to review it.

I'll have to add this to the backlog and look into it. If you DM me an email I can probably send you an invite - that will be fastest.

Hrmmm good question! There should be a link, but I see what you mean.

@Stephen Lucero has joined the channel

@Jordan Peterson has joined the channel

@Gareth has joined the channel

@Darren has joined the channel

@Aabhusan has joined the channel