terraform-aws-modules
Archived02,069
Discussions related to https://github.com/terraform-aws-modules
Archive: https://archive.sweetops.com/terraform-aws-modules/
E
erik10 months ago
E
erik12 months ago
archived the channel
Erik LaBiancaabout 1 year ago
Is anybody using the latest v1.535.0 of https://github.com/cloudposse-terraform-components/aws-ssosync successfully? I'm getting an error back that looks like perhaps the cloudformation template it attempts to use wants to use a deprecated lambda runtime.
operation error Lambda: CreateFunction, https response error StatusCode: 400, RequestID: XXX, InvalidParameterValueException: The runtime parameter of go1.x is no longer supported for creating or updating AWS Lambda functions. We recommend you use a supported runtime while creating or updating functions.Pablo Costaover 1 year ago(edited)
Hi, I just wanted to suggest an update to this map code:
https://github.com/cloudposse/terraform-aws-cloudfront-cdn/blob/main/examples/wordpress/main.tf#L45
Terraform gives an error:
Call to function "map" failed: the "map" function was deprecated in
โ Terraform v0.12 and is no longer available; use tomap({ ... }) syntax to
โ write a literal map.
Instead you would have to use:
https://github.com/cloudposse/terraform-aws-cloudfront-cdn/blob/main/examples/wordpress/main.tf#L45
merge(local.wp_nocache_behavior, map("path_pattern", "wp-admin/*")),Terraform gives an error:
Call to function "map" failed: the "map" function was deprecated in
โ Terraform v0.12 and is no longer available; use tomap({ ... }) syntax to
โ write a literal map.
Instead you would have to use:
merge(local.wp_nocache_behavior, tomap({path_pattern = "wp-admin/*"})),Erik Parawellover 1 year ago
@Ben Smith (Cloud Posse) I heard you are the expert on Ecspresso partial task definition stuff. When we change something in the ECS Service terraform component, it should upload to the S3 Bucket and not touch the current live deployment yes? Right now we are experiencing when we do a
atmos terraform apply it is clobbering the live deployment with a new taskdef that isn't merged with the json in the bucket. We made sure the s3_mirror_name is set and that files are being uploaded to the bucket.Erik Parawellover 1 year ago
Hi, I wanted to know if anyone has come across this issue setting up / updating the datadog-integration component?
I have tried updating to a new API key and have followed the guide https://docs.cloudposse.com/layers/monitoring/datadog/setup/
As an aside I am also seeing the same issue crop up on our existing deployments via our "atmos tf diff" GHA jobs.
โท
โ Error: error getting AWS integration from /api/v1/integration/aws: 403 Forbidden: {"errors":["Forbidden"]}
โ
โ with module.datadog_integration.datadog_integration_aws.integration[0],
โ on .terraform/modules/datadog_integration/main.tf line 18, in resource "datadog_integration_aws" "integration":
โ 18: resource "datadog_integration_aws" "integration" {
โ
โต
exit status 1I have tried updating to a new API key and have followed the guide https://docs.cloudposse.com/layers/monitoring/datadog/setup/
As an aside I am also seeing the same issue crop up on our existing deployments via our "atmos tf diff" GHA jobs.
djk29aover 1 year ago
Wanted to get a quick sanity check before filing a Github issue but the most recent release for
terraform-aws-vpc-peering-multi-account seems to have caused a regression in my TF state. I'd like to verify if the issue is on my end due to state inconsistencies, for example. I have a state created under 0.20 that is now after the terraform init -upgrade with the 0.20.1 module giving me this during the plan:...accepter.tf line 128, in resource "aws_route" "accepter_ipv6":
2024-09-26 19:02:33 UTC โ 128: destination_ipv6_cidr_block = local.requester_ipv6_cidr_block_associations[count.index % local.requester_ipv6_cidr_block_associations_count]["cidr_block"]Daleover 1 year ago
hi! with the
terraform-aws-api-gateway module, is there a way to enable caching? if I enable it via the console, when I next deploy my TF it deletes the provisioned cache cluster. I have had a browse through the module code and I donโt think itโs possible to use caching with it, but thought Iโd check here to make sure Iโm not missing something!nnsenseover 1 year ago(edited)
Hi there, what's cloudposse point of view on policy passed as variable? Is it preferred to pass the whole policy as json, or use a datasource and partially pass part of the policy or create an object representing the policy and set the variable for the policy as object.. what's the preferred way? I'm not talking about
assumerole, which is quite standard and easy to set without passing the whole object, I'm talking for example about a resource policy. I cannot find an example of your repo, it seems all of the above ways have been used, I just wanted to check if there's a preference.RBover 1 year ago(edited)
What do you folks think about defaulting these inputs in the s3 bucket module ?
# Recommended by aws to use BucketOwnerEnforced
# ObjectWriter is used for backwards compatibility and documented here in PR
# <https://github.com/cloudposse/terraform-aws-s3-bucket/pull/127>
s3_object_ownership = "BucketOwnerEnforced"
# most s3 buckets do not need to enable versioning
# This was toggled to false due to a compliance PR
# <https://github.com/cloudposse/terraform-aws-s3-bucket/pull/70>
versioning_enabled = falseRBover 1 year ago
How come the terraform aws ec2 instance module ignores changes on
https://github.com/cloudposse/terraform-aws-ec2-instance/blob/cb7559596b69d0b4ca31942ca2eda59a1e5bb18e/main.tf#L171-L175
Came from PR https://github.com/cloudposse/terraform-aws-ec2-instance/pull/145 but wasnโt called out explicitly
ami changes ? What if you want to rotate a singleton and donโt mind the downtime ?https://github.com/cloudposse/terraform-aws-ec2-instance/blob/cb7559596b69d0b4ca31942ca2eda59a1e5bb18e/main.tf#L171-L175
Came from PR https://github.com/cloudposse/terraform-aws-ec2-instance/pull/145 but wasnโt called out explicitly
awlover 1 year ago
I've been looking for an terraform module(s) that will let me set up a website using cloudfront, backed by an s3 origin AND use api gateway with lambda as one single site. Anyone know of a module or have an example thats puts all of these together? I see modules around that do bits of this, but not one working together.
Marat Bakeevover 1 year ago
Hey everyone, we've hit a weird issue while updating eks/karpenter component from 1.416 to 1.468 (
).
It seems, the new version of the component wants to create an IAM policy for both legacy v1alpha and new v1 entities.
And the resulting policy is larger than the limit... And there's no way to disable old policy (except by creating an overrides file, which we did).
).It seems, the new version of the component wants to create an IAM policy for both legacy v1alpha and new v1 entities.
And the resulting policy is larger than the limit... And there's no way to disable old policy (except by creating an overrides file, which we did).
Error: creating IAM Policy (nsp-core-apse2-auto-karpenter-karpenter@kube-system): operation error IAM: CreatePolicy, https response error StatusCode: 409, RequestID: 714c38d8-30e6-4019-8ffc-071c236443a6, LimitExceeded: Cannot exceed quota for PolicySize: 6144
Marat Bakeevover 1 year ago
Does anyone use https://github.com/cloudposse/terraform-aws-vpn-connection together with atmos? -_- Maybe some kind soul can share configs to make it work with the rest of the components?
Shirisha Sudhakar Raoover 1 year ago
We are working with a customer that requires the development environment to be created in the commercial cloud of AWS but requires the production environment to be in GovCloud. We are investigating the potential for using the atmos framework for provisioning stacks in both commercial and GovCloud at the same time. I looked around in the various channels on this forum, but could not find any mentions of GovCloud integration. Is it possible to integrate account creation and role based access via aws-teams and aws-team-roles components so that we can create and access accounts in both commercial and GovCloud AWS accounts at the same time?
Is this level of integration across the commercial and GovCloud accounts possible within the atmos framework structure? Did anyone complete this integration successfully?
Is this level of integration across the commercial and GovCloud accounts possible within the atmos framework structure? Did anyone complete this integration successfully?
Evgenii Vasilenkoover 1 year ago
Hi team,
Can someone explain me how module
In this example https://github.com/cloudposse/terraform-aws-eks-cluster/blob/main/examples/complete/main.tf I see that we have almost in every module
What kind of fields it will include? I'm curious because I connect Infracost and got the error:
even if I added these tags in this module like this:
Can someone explain me how module
cloudposse/label/null works and how to use it properly?In this example https://github.com/cloudposse/terraform-aws-eks-cluster/blob/main/examples/complete/main.tf I see that we have almost in every module
context = module.this.contextWhat kind of fields it will include? I'm curious because I connect Infracost and got the error:
Missing mandatory tags:Service,Environment
even if I added these tags in this module like this:
module "label" {
source = "cloudposse/label/null"
version = "0.25.0"
namespace = "eg"
stage = "dev"
name = "work"
attributes = ["cluster"]
delimiter = "-"
tags = {
"Environment" = "Dev",
"Service" = "EKS Cluster"
}
context = module.this.context
}Jackie Virgoover 1 year ago
Has anyone used
terraform-aws-s3-bucket module for creating bi-directional replication?Marat Bakeevover 1 year ago
Hi guys, there seems to be an issue with the VPC component - would it be possible to update the version of
Details are here - https://github.com/cloudposse/terraform-aws-components/issues/1047
dynamic-subnet within it, so we can use ap-southeast-4 Melbourne?Details are here - https://github.com/cloudposse/terraform-aws-components/issues/1047
jaysunover 1 year ago(edited)
hey there, Iโm looking at the aws-config module and Iโm running into a few issues:
โข Iโm using an organization aggregator
โข Iโm using a central SNS topic and S3 bucket
โข I see resources in my child accounts showing up in the aggregators for my central account
โข i do not see configuration change events for my child accounts (configuration change timeline) in the central aggregator
โข I do see configuration change events in the configuration timeline on the child accounts
โข I do not see anything actually touching the central sns topic?
is this expected? Am I not supposed to see configuration timeline / change events in the central account? Should I see activity on the sns topic?
โข Iโm using an organization aggregator
โข Iโm using a central SNS topic and S3 bucket
โข I see resources in my child accounts showing up in the aggregators for my central account
โข i do not see configuration change events for my child accounts (configuration change timeline) in the central aggregator
โข I do see configuration change events in the configuration timeline on the child accounts
โข I do not see anything actually touching the central sns topic?
is this expected? Am I not supposed to see configuration timeline / change events in the central account? Should I see activity on the sns topic?
Quentin BERTRANDalmost 2 years ago
Hello,
https://github.com/cloudposse/terraform-aws-ec2-autoscale-group/commit/aa3840ee7874a74c27e4226eaab585fab9501faf#diff-dc46acf24af[โฆ]1f33d9bf2532fbbR1
With the
Would you have an idea for solving this problem?
https://github.com/cloudposse/terraform-aws-ec2-autoscale-group/commit/aa3840ee7874a74c27e4226eaab585fab9501faf#diff-dc46acf24af[โฆ]1f33d9bf2532fbbR1
With the
data , terraform plan no longer works if subnets donโt exist (which can happen when an entire infrastructure has to be created from scratch)Would you have an idea for solving this problem?
Marat Bakeevalmost 2 years ago
Hey everyone, could anyone help me with
How can I change the name format for the roles, that are generated by that module? For example, I'm getting a team role like this:
But I'm trying to use the name format 'namespace-tenant-environment-stage' - and when I run terraform in the org account, it wants to assume role nsp-core-gbl-dns-terraform. And fails %)
I've found out, that if I set
Then it works fine.
Is this the correct solution? Or I'm trying to do something backwards?
aws-team-roles module? ๐
How can I change the name format for the roles, that are generated by that module? For example, I'm getting a team role like this:
# aws_iam_role.default["admin"] will be created
+ resource "aws_iam_role" "default" {
...
+ name = "nsp-gbl-dns-admin"But I'm trying to use the name format 'namespace-tenant-environment-stage' - and when I run terraform in the org account, it wants to assume role nsp-core-gbl-dns-terraform. And fails %)
I've found out, that if I set
var.label_order to - namespace
- tenant
- environment
- stage Then it works fine.
Is this the correct solution? Or I'm trying to do something backwards?
Dalealmost 2 years ago
Hey! ๐ I have a question about this ECR module. It seems to enforce the idea that the lifecycle policy should be based on number of images in the repository (default: 500) rather than the number of days an image has hung around for, even though ECR supports both types of policies. Is that a conscious decision by-design, or an oversight? If by-design, is that because itโs a widely accepted best practice? Looking for either sources I can read or just a quick summary on why itโs the way it is please!
kevcubealmost 2 years ago
Hi, it looks like modules/components for AWS SQS queue exist at two locations,
I'm wondering why there hasn't been a root module published at
terraform-aws-components/modules/sqs-queue/modules/terraform-aws-sqs-queue and terraform-aws-components/modules/sqs-queue (which slightly wraps the former, adding compatibility with the account-roles component)I'm wondering why there hasn't been a root module published at
cloudposse/terraform-aws-sqs-queue to manage sqs queue resourcesDavid Jessalmost 2 years ago(edited)
Hi Team, we use the multi-az-subnets module and we have been getting argument is deprecated warnings:
โ Warning: Argument is deprecated
โ
โ with module.stg.module.vpc.module.isolated_subnet.aws_eip.public,
โ on .terraform/modules/stg.vpc.isolated_subnet/public.tf line 119, in resource "aws_eip" "public":
โ 119: vpc = true
โ
โ use domain attribute instead
โ
โ (and 14 more similar warnings elsewhere)
It looks like this module is not maintained any more? I just wondered if any one had any recommendations of similar subnet modules? or if there was a way to work around. Thanks!
โ Warning: Argument is deprecated
โ
โ with module.stg.module.vpc.module.isolated_subnet.aws_eip.public,
โ on .terraform/modules/stg.vpc.isolated_subnet/public.tf line 119, in resource "aws_eip" "public":
โ 119: vpc = true
โ
โ use domain attribute instead
โ
โ (and 14 more similar warnings elsewhere)
It looks like this module is not maintained any more? I just wondered if any one had any recommendations of similar subnet modules? or if there was a way to work around. Thanks!
Wendellalmost 2 years ago
Good morning kind folks! I have a question about the use of context modules in Cloudposseโs AWS DMS modules. When I try to plan anything using examples right off the readme:
I get `
If I remove the reference to context it will next complain about the content of
module "dms_replication_instance" {
source = "cloudposse/dms/aws//modules/dms-replication-instance"
# Cloud Posse recommends pinning every module to a specific version
version = "0.2.0"
# If `auto_minor_version_upgrade` is enabled,
# then we should omit the patch part of the version or Terraform will try to revert the version upon detected drift
engine_version = "3.4"
replication_instance_class = "dms.t2.small"
allocated_storage = 50
apply_immediately = true
auto_minor_version_upgrade = true
allow_major_version_upgrade = false
multi_az = false
publicly_accessible = false
preferred_maintenance_window = "sun:10:30-sun:14:30"
vpc_security_group_ids = [local.convox_instances_security_group_id, local.eks_security_group_id]
subnet_ids = data.terraform_remote_state.common.outputs.vpc.convox.private_subnets
context = module.this.context
# depends_on = [
# # The required DMS roles must be present before replication instances can be provisioned
# module.dms_iam
# ]
}I get `
Error: Reference to undeclared module
on dms-migration.tf line 22, in module "dms_replication_instance":
22: context = module.this.context
No module call named "this" is declared in the root module.If I remove the reference to context it will next complain about the content of
replication_id because it is composed of module.this.id which seems to evaluate to null or empty string.jaysunalmost 2 years ago
how are folks handing permissionsets defining permissions for teams that have varying levels of access to multiple accounts?
for example, say we have a business intelligence team.
we create a business intelligence permission set and create that in the various target accounts, but that permission set should have SLIGHTLY different permissions in each account. I donโt know if this a solvable โproblemโ i think the cloudposse module for permissionsets is nice, but I donโt think this pattern is possible?
for example, say we have a business intelligence team.
we create a business intelligence permission set and create that in the various target accounts, but that permission set should have SLIGHTLY different permissions in each account. I donโt know if this a solvable โproblemโ i think the cloudposse module for permissionsets is nice, but I donโt think this pattern is possible?
Craigalmost 2 years ago
Since I was relying on a data source (instead of variables) to discover my private subnets/AZs, I just ended up doing something like this
This...probably isn't ideal since I literally just repeat the list of availability_zone id's until that = the number of cache nodes being requested, however it seems to work just fine
data "aws_subnets" "private" {
filter {
name = "tag:Attributes"
values = ["private"]
}
}
data "aws_subnet" "selected" {
for_each = toset(data.aws_subnets.private.ids)
id = each.value
}
module "app_cache_memcached" {
source = "cloudposse/elasticache-memcached/aws"
version = "0.19.1"
availability_zones = [for i in range(var.app_cache_node_count) : values(data.aws_subnet.selected)[i % length(data.aws_subnet.selected)].availability_zone]
az_mode = "cross-az"
vpc_id = values(data.aws_subnet.selected)[0].vpc_id
subnets = [for s in data.aws_subnet.selected : s.id]
cluster_size = var.app_cache_node_count
instance_type = var.app_cache_instance_type
engine_version = var.app_cache_engine_version
apply_immediately = true
elasticache_parameter_group_family = var.app_cache_parameter_group_family
max_item_size = var.app_cache_max_item_size
context = module.app_cache.context
}This...probably isn't ideal since I literally just repeat the list of availability_zone id's until that = the number of cache nodes being requested, however it seems to work just fine
Craigalmost 2 years ago
ah nm I seem to have found a workaround. I was not relying on passing a list of availability zones in from variables, but rather finding specific availability zones with a data source. Once I'm absolutely happy with how I have it working I'll post something here ๐
Craigalmost 2 years ago
๐ I'm trying to deploy an elasticache memcached cluster using the https://github.com/cloudposse/terraform-aws-elasticache-memcached
I've got it mostly working, but now I'm attempting to spin a 10 node cluster in a VPC where I have 3 availability zones available and am getting an error:
Am I correct in understanding that I simply always have to pass in a list of availability zones, and just ensure the number of elements in that list matches the number of cache nodes being requested?
I've got it mostly working, but now I'm attempting to spin a 10 node cluster in a VPC where I have 3 availability zones available and am getting an error:
โ Error: length of preferred_availability_zones (3) must match num_cache_nodes (10)
โ
โ with module.app_cache_memcached.aws_elasticache_cluster.default[0],
โ on .terraform/modules/app_cache_memcached/main.tf line 101, in resource "aws_elasticache_cluster" "default":
โ 101: resource "aws_elasticache_cluster" "default" {Am I correct in understanding that I simply always have to pass in a list of availability zones, and just ensure the number of elements in that list matches the number of cache nodes being requested?
Quentin BERTRANDalmost 2 years ago
Hello @Erik Osterman (Cloud Posse),
I saw this repo has been created ; https://github.com/cloudposse/terraform-aws-batch
Is the CloudPosse team working on it, or do you need help getting started?
Iโm very interested in a Terraform module for AWS batch ๐
I saw this repo has been created ; https://github.com/cloudposse/terraform-aws-batch
Is the CloudPosse team working on it, or do you need help getting started?
Iโm very interested in a Terraform module for AWS batch ๐
Saichovskyalmost 2 years ago
Hey people,
Iโm not sure if this is the right channel for this question. My apologies if itโs not.
I have an EC2 instance that was created using a terraform module. I am creating an autoscaling group for it so that there is no downtime when there is a change to the instance. I have already written the code for the ASG, but terraform docs do not mention how to attach the existing instance to the ASG. AWS docs show that it is possible to do this using
Is this something that can be done using terraform and if it is, kindly show an example of how to go about it.
Thanks!
Iโm not sure if this is the right channel for this question. My apologies if itโs not.
I have an EC2 instance that was created using a terraform module. I am creating an autoscaling group for it so that there is no downtime when there is a change to the instance. I have already written the code for the ASG, but terraform docs do not mention how to attach the existing instance to the ASG. AWS docs show that it is possible to do this using
aws autoscaling attach-instancesIs this something that can be done using terraform and if it is, kindly show an example of how to go about it.
Thanks!
Alex Salmost 2 years ago
hiya folks, any chance of a review + merge on this: https://github.com/cloudposse/terraform-aws-rds-cluster/pull/186
jaysunalmost 2 years ago
Im sure its related to my use of a data call, but im trying to switch over to passing in a locals block outside of the module, to the input variable to โupdateโ it
jaysunalmost 2 years ago(edited)
I have a question about the aws_ecr module.
Iโve been using it for a while now, but just recently, the scenario came up where I need to update the prefix for the tag used for retention. Updating the value for the input variable for the prefix does not seem to trigger any changes from terraforms perspective when calling the existing module? Any thoughts?
Originally I was using a data call for the jsonencoded policy rules
Iโve been using it for a while now, but just recently, the scenario came up where I need to update the prefix for the tag used for retention. Updating the value for the input variable for the prefix does not seem to trigger any changes from terraforms perspective when calling the existing module? Any thoughts?
Originally I was using a data call for the jsonencoded policy rules
Hans Dalmost 2 years ago
Trying to get
The mentioned TGW does exist (it's a shared resource). Currently not spotting the obvious of why its not working. Anybody has this working?
default_route_enabled working with the tgw/spoke module. Currently stuck atโ Error: creating Route in Route Table (rtb-0b999f9d3ccb0f9c7) with destination (10.14.4.0/23): InvalidTransitGatewayID.NotFound: The transitGateway ID 'tgw-019c1d8199bc68916' does not exist.
โ status code: 400, request id: 53725870-12b1-4ae8-b5f6-61bc927222ae
โ
โ with aws_route.back_route[0],
โ on main.tf line 71, in resource "aws_route" "back_route":
โ 71: resource "aws_route" "back_route" {The mentioned TGW does exist (it's a shared resource). Currently not spotting the obvious of why its not working. Anybody has this working?
Matthew Reggleralmost 2 years ago
Found a bit of a weird situation with the recent updates to the Spacelift components as of 1.400.0. Was the addition of
https://github.com/cloudposse/terraform-aws-components/issues/996
space_name_pattern intended to be a breaking change? Using it is a hard requirement of the new releasehttps://github.com/cloudposse/terraform-aws-components/issues/996
J
Jonas Mellquistalmost 2 years ago(edited)
Greetings everyone. I'm using the
My module code is as follows
The 'calling' of the module
Should I not in the route tables inside route_table_ids see a non-propagated / aka static route to the contents of
I see Route propagation set to No under the Route table which is also what I want..
But where's my static route?
cloudposse/vpn-connection/aws module and I'm facing some issues that I really don't understand..My module code is as follows
module "vpn_connection" {
source = "cloudposse/vpn-connection/aws"
version = "1.0.0"
namespace = var.namespace
stage = var.env
name = var.vpn_connection_name
vpc_id = var.vpc_id
vpn_gateway_amazon_side_asn = var.amazon_asn
customer_gateway_bgp_asn = var.customer_asn
customer_gateway_ip_address = var.customer_gateway_ip_address
route_table_ids = var.route_table_ids
vpn_connection_static_routes_only = true
vpn_connection_static_routes_destinations = [var.vpn_connection_static_routes_destinations]
vpn_connection_local_ipv4_network_cidr = var.vpn_connection_static_routes_destinations
vpn_connection_remote_ipv4_network_cidr = var.vpc_cidr
}route_table_ids should contain a single element found using https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/route_tables and vpn_connection_static_routes_destinations is a simple ipv4 cidr coming in as a stringThe 'calling' of the module
module "vpn-connection" {
source = "../../modules/vpn-connection"
namespace = var.namespace
env = var.environment
vpn_connection_name = var.vpn_connection_name
vpc_id = module.staging-vpc.vpc_id
amazon_asn = var.amazon_asn
customer_asn = var.customer_asn
customer_gateway_ip_address = var.customer_gateway_ip_address
route_table_ids = data.aws_route_tables.route_tables_for_vpn_connection_to_public_subnets.ids
vpn_connection_static_routes_destinations = var.vpn_connection_static_routes_destinations
vpc_cidr = var.vpc_cidr
}Should I not in the route tables inside route_table_ids see a non-propagated / aka static route to the contents of
var.vpn_connection_static_routes_destinationsI see Route propagation set to No under the Route table which is also what I want..
But where's my static route?
Matthew Reggleralmost 2 years ago
One-line bug in the CloudPosse
https://github.com/cloudposse/terraform-aws-cloudwatch-logs/issues/52
This bug affects how this module is called by the lambda (and in fact any other) modules for a AWS resource where an underscore is a valid character in the resource name.
terraform-aws-cloudwatch-logs module:https://github.com/cloudposse/terraform-aws-cloudwatch-logs/issues/52
This bug affects how this module is called by the lambda (and in fact any other) modules for a AWS resource where an underscore is a valid character in the resource name.
Brianalmost 2 years ago
I am adding support for latest Karpenter. I noticed the IAM role for nodes provisioned or managed by Karpenter is created by the
eks/cluster component instead of eks/karpenter. I also noticed this is the "recommend" configuration. I cannot understand why, though. Can someone help me understand?gusseabout 2 years ago
Hey! Any chance this could be looked into https://github.com/cloudposse/terraform-aws-elasticache-redis/issues/194? It even has a proposed fix done as a PR ๐
Jeremy G (Cloud Posse)about 2 years ago
We have been eagerly anticipating the day when we could manage EKS cluster authentication via AWS APIs rather than the Kubernetes ConfigMap. That day is here, but there are still some bugs to be worked out. Please upvote this issue that, when resolved, will make upgrading to the new APIs significantly easier.
Matthew Regglerabout 2 years ago
Quick question about the
The lambda component is still regularly updated (e.g. v1.396.0, two weeks ago). Is there a reason for the listed version of the module being behind? Iโm not clear why the module version used here in the main repo has drifted behind its source โ as in most cases bumping the version after the
lambda component. The version of the cloudposse/lambda-function/aws module listed in the repo (https://github.com/cloudposse/terraform-aws-components) is 0.4.1. The current version of 0.5.3 and importantly contains the fixes to the names of function log groups from 0.5.1 .The lambda component is still regularly updated (e.g. v1.396.0, two weeks ago). Is there a reason for the listed version of the module being behind? Iโm not clear why the module version used here in the main repo has drifted behind its source โ as in most cases bumping the version after the
atmos vendor causes no problemsHans Dabout 2 years ago
https://github.com/cloudposse/terraform-aws-iam-account-settings/blob/78e9718eabbeca8e8c66bcf387e09b3c3333d411/main.tf#L3-L7
I don't believe the account alias is used anywhere in the Cloud Posse components. But wanted to double-check if there could be any unforeseen issues if we update these with different values.
I don't believe the account alias is used anywhere in the Cloud Posse components. But wanted to double-check if there could be any unforeseen issues if we update these with different values.
Peter Filbinabout 2 years ago
Does anybody have any ideas how I can get this working on listener port 443 instead of 80?
Peter Filbinabout 2 years ago
The only way I can get it to finish successfully is if I set
http_enabled = true but then my beanstalk app ends up on the wrong listener portPeter Filbinabout 2 years ago
What ends up happening is that the beanstalk application tries to map to port 80 rather than 443, and the whole thing errors out
Peter Filbinabout 2 years ago
Hi all - I'm trying to use this beanstalk module to spin up some infra https://github.com/cloudposse/terraform-aws-elastic-beanstalk-environment My requirement is that the beanstalk environment attaches itself to port 443 so that it's on SSL.
Here is my configuration:
Here is my configuration:
module "alb" {
source = "cloudposse/alb/aws"
version = "1.10.0"
namespace = "tpo"
name = "elastic-beanstalk"
vpc_id = data.aws_vpc.default.id
subnet_ids = data.aws_subnets.private.ids
internal = true
certificate_arn = data.aws_acm_certificate.cert.arn
security_group_ids = [module.security_groups.alb_sg]
http_enabled = false
https_enabled = true
enabled = true
stage = "prod"
access_logs_enabled = true
access_logs_prefix = "tpo-prod"
alb_access_logs_s3_bucket_force_destroy = true
# This additional attribute is required since both the `alb` module and `elastic_beanstalk_environment` module
# create Security Groups with the names derived from the context (this would conflict without this additional attribute)
attributes = ["shared"]
}
module "elastic_beanstalk_application" {
source = "cloudposse/elastic-beanstalk-application/aws"
version = "0.11.1"
enabled = true
for_each = toset(var.EB_APPS)
name = each.value
}
module "elastic_beanstalk_environment" {
source = "cloudposse/elastic-beanstalk-environment/aws"
for_each = toset(var.EB_APPS)
enabled = true
region = var.REGION
elastic_beanstalk_application_name = each.value
name = "prod-${each.value}-tpo"
environment_type = "LoadBalanced"
loadbalancer_type = "application"
loadbalancer_is_shared = true
shared_loadbalancer_arn = module.alb.alb_arn
loadbalancer_certificate_arn = data.aws_acm_certificate.cert.arn
tier = "WebServer"
force_destroy = true
instance_type = "t4g.xlarge"
vpc_id = data.aws_vpc.default.id
loadbalancer_subnets = data.aws_subnets.private.ids
application_subnets = data.aws_subnets.private.ids
application_port = 443
allow_all_egress = true
additional_security_group_rules = [
{
type = "ingress"
from_port = 0
to_port = 65535
protocol = "-1"
source_security_group_id = data.aws_security_group.vpc_default.id
description = "Allow all inbound traffic from trusted Security Groups"
}
]
solution_stack_name = "64bit Amazon Linux 2 v5.8.10 running Node.js 14"
additional_settings = [
{
namespace = "aws:elasticbeanstalk:application:environment"
name = "NODE_ENV"
value = "prod"
},
{
namespace = "aws:elbv2:listenerrule:${each.value}"
name = "HostHeaders"
value = "prod-${each.value}-<http://taxdev.io|taxdev.io>"
}
]
env_vars = {
"NODE_ENV" = "prod"
}
enable_stream_logs = true
extended_ec2_policy_document = data.aws_iam_policy_document.minimal_s3_permissions.json
prefer_legacy_ssm_policy = false
prefer_legacy_service_policy = false
}