refarchArchived
7 messages
Cloud Posse Reference Architecture
Michael Dizonover 2 years ago
set up an aurora rds instance using aurora-postgres but canβt seem to access it over the internet. iβve added
0.0.0.0/0 to allowed_cidr_blocks and set publicly_accessible to true but still nothing π is there anything obvious that iβm missing?
jwoodover 2 years ago
Trying to cold start an AWS account with atmos, and I'm running into a problem with
Looks like
cloudposse/terraform-aws-components/tfstate-backend (git tag 1.210.0):Error: Unsupported argument
β
β on .terraform/modules/tfstate_backend.log_storage/main.tf line 158, in data "aws_iam_policy_document" "aggregated_policy":
β 158: source_json = var.policy
β
β An argument named "source_json" is not expected here.Looks like
source_json and override_json were deprecated in AWS provider v4, and removed in v5. Any good workaround for this?
Erik Osterman (Cloud Posse)over 2 years ago
N
Nat Williamsover 2 years ago
@Nat Williams has joined the channel
Colby Chenardover 2 years ago
After you deploy the account module, each member account gets an email like aws+<account_name>@mycompany.com. How do you access each email to get the reset password link?
In the docs you guys metion automation to get it forwarded to a shared slack channel. Did I miss a step?
In the docs you guys metion automation to get it forwarded to a shared slack channel. Did I miss a step?
For each new account:
Perform a password reset by attempting to log in to the AWS console as a "root user", using that account's email address, and then clicking the "Forgot password?" link. You will receive a password reset link via email, which should be forwarded to the shared Slack channel for automated messages. Click the link and enter a new password. (Use 1Password or <http://Random.org|Random.org> to create a password 26-38 characters long, including at least 3 of each class of character: lower case, uppercase, digit, and symbol. You may need to manually combine or add to the generated password to ensure 3 symbols and digits are present.) Save the email address and generated password as web login credentials in 1Password. While you are at it, save the account number in a separate field.
Imran Hussainover 2 years ago
I have a question related to bootstrapping a new account with atmos. When you have been given a fresh account no S3 or dynamoDB to store your backend is there a special case/actions that need to can be done by atmos to create those resources using local backend before it can be configured to use the S3 bucket and dynamodb as the backends for all subsequent runs. If so is there an example of said setup that I can refer to. So what I want is to run Atmos to create the remote backend then use the remote backend setup by atmos to then be used for further provisioning.
C
Colby Chenardover 2 years ago
I've deployed the account component but it had a failure. However all the accounts were actually created.
Now if I try to run the deploy again it fails because the accounts already exist. How can I fix my terraform state? Do I need to try and import all those accounts now?
Heres the output from the plan when I try to deploy it now. It should be 0 to add but it thinks the accounts aren't deployed so it wants to add them.
Error: error creating Organizations Policy (acme-gbl-root-organization): DuplicatePolicyException: A policy with the specified name and type already exists.
β
β with module.account.module.organization_service_control_policies[0].aws_organizations_policy.this[0],
β on .terraform/modules/account.organization_service_control_policies/main.tf line 37, in resource "aws_organizations_policy" "this":
β 37: resource "aws_organizations_policy" "this" {Now if I try to run the deploy again it fails because the accounts already exist. How can I fix my terraform state? Do I need to try and import all those accounts now?
Heres the output from the plan when I try to deploy it now. It should be 0 to add but it thinks the accounts aren't deployed so it wants to add them.