#terraform - May 2020 | Slack Archive

terraform

187 messages

Archive: https://archive.sweetops.com/terraform/

Apr 2020

May 2020

Jun 2020

Zachary Loeberalmost 6 years ago

Anyone take the HashiCorp Certified Terraform Associate exam yet?

Eric Malenfantalmost 6 years ago

It may have been asked before, but I’m new to checking out these awesome modules.
I have an environment/account already setup (out of my control) - ie: vpc, ig, subnets, etc.. already created.
Is it possible to use a module, like: terraform-aws-elastic-beanstalk-environment and not create all the extras, or would I have to go through an import everything ?

msharma24almost 6 years ago(edited)

Hi everyone
A team at work has been developing their entire infrastructure in one single Cloudformation Template file which now over 4000 lines of spaghetti 🍝 I helped them fix a bunch of cyclic dependencies and now I want to re write the CFT => TF module's which mainly has alot of I inline lambda
Glue jobs, catalog, tables
CW alarms and events
A many S3 buckets

This infrastructure is live in production in five environments

Im seeking advise on what will the best approach to deploy the infrastructure I have developed into Terraform?

What about the existing S3 buckets which has TB of data? Should do a TF import on S3 bucket?
Deploy a parallel env with TF and delete CFT elements manually as I can't delete the CFT stack?

PePe Amengualalmost 6 years ago

it is going to take you a REALLY long time tod o

PePe Amengualalmost 6 years ago

anyone have seen this ?????

security_groups  = [
                  + "sg-015133333333d473b",
                  + "sg-05294444444432970",
                  + "sg-0a35555555553ea35",
                  + "sg-0c8a33333dbca389b",
                  + "sg-022222229ccf66e24",
                  + "terraform-20200502011517105000000003",
                ]

PePe Amengualalmost 6 years ago

WTH is that terraform-XXXX???

Carlos R.almost 6 years ago

Hello, I have a newbie-type question. Is there a way to force rebuilding a specific resource? Basically, using "terraform taint" in other resources than ec2 instances such as aws kinesis stream or dynamodb table, etc
(My current workaround is changing the resource name which usually forces the rebuild, however it not very practical.)

PePe Amengualalmost 6 years ago

well is you remove the resource and add it again it does it too

PePe Amengualalmost 6 years ago

you can do a count argument and enable and disable it

PePe Amengualalmost 6 years ago

I’m not so familiar with taint

Zachalmost 6 years ago

taint marks the state as ‘bad’ and terraform will destroy and recreate it

Zachalmost 6 years ago

You can also use ‘untaint’ for times when terraform gives up on a resource or gets confused and wants to destroy it, even though it turned out ok

RBalmost 6 years ago

Cloud Possealmost 6 years ago

Join us for "Office Hours" every Wednesday 11:30AM (PST, GMT-7) via Zoom.

This is an opportunity to ask us questions on terraform and get to know others in the community on a more personal level. Next one is May 13, 2020 11:30AM.

👉️ Register for Webinar

#office-hours (our channel)

Mr.Devopsalmost 6 years ago

Hoping someone can help - I'm curious how would you use the import command to import an existing resource within TFC if i'm using TFC to trigger plan/apply and not via cli?

rssalmost 6 years ago(edited)

HashiCorp Consul Service for Azure (HCS) Affected
May 5, 16:23 UTC
Investigating - We are currently experiencing a potential disruption of service to the HashiCorp Consul Service for Azure (HCS). HCS Cluster creations are currently failing. Teams are currently working to identify a solution and will update as soon as information is available.

OliverSalmost 6 years ago(edited)

Hi I'm using CloudPosse's terraform-aws-eks-cluster module, how do I decide whether to instantiate the worker nodes with their terraform-aws-eks-node-group module vs their terraform-aws-eks-workers modules? The node-group approach seems to use what is intended for EKS, whereas workers module uses autoscaling group. Am I correct that node-group module is the way to go?

Bre Gielissenalmost 6 years ago

Hi. I am hoping someone can help me with an interesting problem. I am trying to use the data lifecycle manager to create snapshots of the root volume of my instance but the root ebs volume needs to be tagged. Terraform doesn't have a way to add tags to the root_block_device of the aws_instance. I tried to use the data.aws_ebs_volume to find the ebs volume that is created but I can't figure out how to use that to tag it. The resource.aws_ebs_volume doesn't seem to have a way to reference the id from the data.aws_ebs_volume which means that I can't import the volume either. Hope that makes sense.

RBalmost 6 years ago

anyone know of a terraform module for opengrok or a similar code search app that can be run in aws ?

Joe Presleyalmost 6 years ago

Can Sentinel be used to enforce policies on IAM roles? For example, don’t grant IAM roles related to networking to a user? I searched through the documentation but couldn’t find any examples related to IAM.

cabrinhaalmost 6 years ago

It'd be nice if this module allowed additional IAM permissions: https://github.com/cloudposse/terraform-aws-emr-cluster

cabrinhaalmost 6 years ago

because in order to use bootstrap actions, the instance needs permissions to download the file

raghualmost 6 years ago

Hi Guys, Is there any example that creates global accelerator with alb as endpoint?

Haroon Rasheedalmost 6 years ago

Hi All - I would like to setup a simple AWS EKS cluster with 1 master and 2 worker nodes..which set of terraform files I need to use. Please guide..I have been trying to figure out and end up bringing up something I could not access from local machine

Martin Toomingalmost 6 years ago

Hey, I’m thinking about how to properly manage resources created by AWS with Terraform. One example is the S3 bucket which is created for Elastic Beanstalk (elasticbeanstalk-<region>-<account_id>). I would like to add cross-region replication and encryption for this bucket due to compliancy reasons. Any ideas?

PePe Amengualalmost 6 years ago

is this for a multi region setup ?

drexleralmost 6 years ago

Hi. I’m using TF modules and wondering if anyone has a hack to conditionally enable/disable one based on a variable.

Haroon Rasheedalmost 6 years ago

Managed to deploy EKS cluster using Terraform..with basic thing running. However when I try to connect from my local machine from where I ran terraform. I get below error message.
An error occurred (AccessDenied) when calling the AssumeRole operation: User: arn:awsiam:xxxxxxx:user/xxxx is not authorized to perform: sts:AssumeRole on resource: arn:awsiam:xxxxxxx:user/xxxx

Haroon Rasheedalmost 6 years ago

I am using same aws access key and secret key to deploy the EKS cluster using terraform but when I try to connect it from the same machine with same AWS config i get this error message..Any help would be really helpful?

x80486almost 6 years ago(edited)

One silly question: I use the terraform_state_backend, I was on version 0.16.0 and when I try to upgrade and use version 0.17.0 it's telling me something around Provider configuration not present because of null_data_source. I don't know how to solve that conflict and I can't run destroy 🤣 ...so is it safe to just remove all the modules with type "null_data_source" from terraform.tfstate? That's the only way I've found to make it work, or to better say: to not show that error message, I don't know if it works, I'm just running until terraform plan 😅

x80486almost 6 years ago

All right! I found that going back to 0.16.0 and running terraform destroy -target=the_troublemaker, then terraform plan will do it...after that, upgrading to 0.17.0 didn't give me any problems 😎

Andriy Knysh (Cloud Posse)almost 6 years ago

yea, we’ve seen that before as well. The problem is the explicitly defined providers in modules, e.g. https://github.com/cloudposse/terraform-null-label/blob/0.13.0/versions.tf#L5

Andriy Knysh (Cloud Posse)almost 6 years ago

if you define providers in modules, then you can’t just remove it from the code or rename it

Andriy Knysh (Cloud Posse)almost 6 years ago

TF will not be able to destroy it w/o the original provider present

Andriy Knysh (Cloud Posse)almost 6 years ago

label module 0.16.0 does not have it defined anymore

Andriy Knysh (Cloud Posse)almost 6 years ago

https://stackoverflow.com/questions/58393294/terraform-refactoring-modules-error-provider-configuration-not-present

Andriy Knysh (Cloud Posse)almost 6 years ago(edited)

(the moral of the store: try not to define providers in sub-modules, provide the providers from top-level modules. In most cases, they are inherited from top-level modules automatically)

PePe Amengualalmost 6 years ago

this is very true….I just hit this issue with the github webhooks module

Maarten van der Hoefalmost 6 years ago(edited)

I'm dealing with the following; different customers, different terraform projects across different github repositories, some on the customer github org some on mine. The different projects can have information in common like my ssh-keys, e-mail addresses, whitelisted ip's.
An idea which was opted was, why not put those semi-static vars in a private git terraform module and distribute it like that. I'm personally afraid this module will end up like the windows registry, but I have no valid alternative either. I'm curious to know what everyones take is on this.

Matt Gowiealmost 6 years ago

@Andriy Knysh (Cloud Posse) Does that mean you folks at CP will eventually be removing your usage of providers (like GH provider for GH webhooks) in your modules?

Tonyalmost 6 years ago

Does anyone know if its possible to create an AWS ClientVPN completely with Terraform? It seems like there are some resources missing from the provider such as Route Tables and authorizations

PePe Amengualalmost 6 years ago

correct

PePe Amengualalmost 6 years ago

I just went trough this a few months back

PePe Amengualalmost 6 years ago

Route Tables and authorizations need to be done manually

PePe Amengualalmost 6 years ago

or over CLI

Tonyalmost 6 years ago

ok thank you, ive been going crazy wondering why I stopped where I did on writing Terraform to create this a few weeks back

Tonyalmost 6 years ago

now it makes sense

PePe Amengualalmost 6 years ago

I was surprised too since without those, nothing works!!!!!

Tonyalmost 6 years ago

lol right? lets just give them half of what they need! One more quick question, do you have to associate the security groups with the networks you associate with the VPN manually as well?

Tonyalmost 6 years ago

i dont see a way to do that with that resource either

lorenalmost 6 years ago

https://www.hashicorp.com/blog/supporting-the-hashicorp-terraform-extension-for-visual-studio-code/

RBalmost 6 years ago

terraform registry now exposes the # of downloads per module. 1 more metric for vetting open source modules.

https://registry.terraform.io/search?q=shell

Julio Tain Sueirasalmost 6 years ago

@loren working with the guys for concurrent development with a unified goal, right now the hashicorp one is more stable , alot less features, and mine is less stable but more experimental features (is explained in the repo)

Andriy Knysh (Cloud Posse)almost 6 years ago

@Matt Gowie https://github.com/cloudposse/terraform-aws-ssm-parameter-store/releases/tag/0.2.0 (thanks for your contribution)

btaialmost 6 years ago(edited)

any eks + spotinst + terraform integration around here? Is it possible to do everything within terraform? Im POC-ing it right now through the portal (where it basically drains all your nodes to their nodes) but I’m curious how that would work w/ my existing terraform state

Conor Maheralmost 6 years ago

Hi Folks, I heard about this Slack on one of Anton's talks on YouTube videos

Conor Maheralmost 6 years ago

I have a pretty broad and general question about modules and module composition. In a previous role I built out a multi account / multi region AWS architecture very much following the terragrunt methodology. i.e a single repo that defined what modules were live in what accounts/regions based on directory structure and git tagged modules

Conor Maheralmost 6 years ago

In a new role I have a clean slate. Introducing Terraform to the organisation and using Terraform Cloud. Terraform Cloud supports private module registry where a repo of the form terraform-<provider>-<name> can be automatically published as a module when a git tag is pushed

Conor Maheralmost 6 years ago

Historically I am used to working with a big monorepo where all modules reside. A huge advantage of this is easier module composition. i.e a module called service_iam could include dozens of other IAM helper modules from the same repo

Conor Maheralmost 6 years ago

I suppose I am having a bit of trouble in my head figuring out what my new approach should be. I want to avoid code duplication and also a spaghetti of modules referring to other modules at specific versions

Conor Maheralmost 6 years ago

Theres a question in there somewhere... 😅

Conor Maheralmost 6 years ago

Has anyone else done this "transition" I dont think I want to end up with a repo per module as that has a management / operational costs

Conor Maheralmost 6 years ago

Should I just create registry modules that have many many sub modules nested inside?

Matt Gowiealmost 6 years ago

@Conor Maher If you’re wanting lean away from doing a module per-repo and you’re looking to use the registry then I’d check out of the modules from the terraform-aws-modules GH org. The terraform-aws-iam one is great. They do the multiple modules in one repo pattern and works well in my experience.

https://github.com/terraform-aws-modules/terraform-aws-iam

x80486almost 6 years ago

Cloud Posse folks, do you have any plans to publish a Terraform module for deploying a typical Lambda function? I can't find anything on your GitHub account 🤔

Matt Gowiealmost 6 years ago

Has anyone used https://github.com/liamg/tfsec and had it actually find legit security vulnerabilities? I’m skeptical.

Tehmasp Chaudhrialmost 6 years ago

So I’m noticing that we’re having issues w/ our child modules when folks remove them from their root module due to having a provider block in the child module. We currently use the provider block to setup the following for aws:

assume_role {
    role_arn = var.workspace_iam_roles[terraform.workspace]
  }

Is there a way to set up assume_role for the child module so we can test it without the provider block then as to not have missing provider error messages like the following?:

To work with module.kms.aws_kms_key.this its original provider configuration

at module.kms.provider.aws is required, but it has been removed. This occurs

when a provider configuration is removed while objects created by that

provider still exist in the state. Re-add the provider configuration to

destroy module.kms.aws_kms_key.this, after which you can remove the provider

configuration again.

Or a cleaner pattern to follow?

TIA

sheldonhalmost 6 years ago

Anyone have a cli or quick way to trigger a terraform cloud run? I'm can cobble together rest call but just checking. Have azure devops pipeline running packer and want to trigger it to run a terraform plan update to sync the SSM parameters for ami images after I'm done.

Mr.Devopsalmost 6 years ago

I’m sure someone out there may have thought about this, but it would be nice if terraform would have the ability to output its graph to lucid chart(3rd party integration) -feat request for Hasicorp? 😜

Zachary Loeberalmost 6 years ago

I suppose if you can figure out how to transform graphviz language into a csv you can simply import that into lucidchart (https://lucidchart.zendesk.com/hc/en-us/articles/115003866723-Process-Diagram-Import-from-CSV)

Zachary Loeberalmost 6 years ago

though it is an interesting challenge I'll leave that task up to you to figure out 🙂

Mr.Devopsalmost 6 years ago

🙂 thx @Zachary Loeber

Cloud Possealmost 6 years ago

👉️ Register for Webinar

#office-hours (our channel)

curious deviantalmost 6 years ago

Hello,

Do folks feel workspaces serve a purpose while using terraform open source? I personally have found the use of any other variable such as environment sufficient to distinguish between different environments. It may also be so that I haven't understood fully the purpose of workspaces in terraform. Any advice/insights appreciated.

Tonyalmost 6 years ago(edited)

has anyone ever created a ClientVPN configuration using Terraform to call CloudFormation templates? Or even if anyone has created a ClientVPN config in Cloudformation you might be able to help. I am getting this error when trying to create routes via cloudformation.

Error: ROLLBACK_COMPLETE: ["The following resource(s) failed to create: [alphaRoute]. . Rollback requested by user." "Property validation failure: [Encountered unsupported properties in {/}: [TargetVPCSubnetId]]"]

Code:

---
Resources:
  alphaRoute:
    Properties:
      ClientVpnEndpointId: "${aws_ec2_client_vpn_endpoint.alpha-clientvpn.id}"
      Description: alpha-Route-01
      DestinationCidrBlock: 172.31.32.0/20
      TargetVPCSubnetId: subnet-5c4a7916
    Type: AWS::EC2::ClientVpnRoute

Tonyalmost 6 years ago

I can make the exact resource in the console without issue

Joe Presleyalmost 6 years ago

I have a bash command that outputs a list in yaml format. I use yq to put that list into a file (each line is a value). There are about 2700 items in the file. How can I get that list from a file into a terraform variable? The only other approach I see is to do some magic to get a plain list into Terraform list variable file. Basically a .txt -> .tf transformation.

sheldonhalmost 6 years ago

Merge Issue With Terraform Maps

Conor Maheralmost 6 years ago

More terraform thinking out loud. I've been reading some of the cloudposse repos just getting a feel for how other organisations do terraform. The scale at my organization is small (handful of engineers and we will have at most 5 aws accounts across one maybe 2 regions) In the past I have handled all IAM in a single "root" module

Conor Maheralmost 6 years ago

This has its pros and cons

Conor Maheralmost 6 years ago

I've noticed in some cloudposse examples IAM resources are created alongside other resources. e.g an ECS service and the role it uses may be defined together. this is massively convenient

Conor Maheralmost 6 years ago

But its easier end up with issues like: Team A create a role called "pipeline_foo" and Team B (in another IAM state) create a role called "pipeline_foo"

Conor Maheralmost 6 years ago

They have no indication until the apply phase fails that this is an issue

Conor Maheralmost 6 years ago

As I move towards Terraform Cloud I also see the advantage of having a single IAM state / workspace

Conor Maheralmost 6 years ago

As just that state can be delegated to a team that manage IAM

Conor Maheralmost 6 years ago

Anyone have strong feelings on either approach?

sahil kambojalmost 6 years ago

Hey Guys,
having issue after adding vpc to my terraform(0.12), before i am using default vpc to extract info like subnet ids etc.
Error: Invalid for_each argument

on resource.tf line 63, in resource "aws_efs_mount_target" "efs":
63: for_each = toset(module.vpc-1.private_subnets)

The "for_each" value depends on resource attributes that cannot be determined
until apply, so Terraform cannot predict how many instances will be created.
To work around this, use the -target argument to first apply only the
resources that the for_each depends on.
how can i solve

aaratnalmost 6 years ago

You can try this
for_each = toset(compact(module.vpc-1.private_subnets))

Aabhusanalmost 6 years ago

Hello everyone

Aabhusanalmost 6 years ago

I am using cloudpoose module for vpc peering. I am having an issue can any one help me with it. Asap.
Thank you 😃

aaratnalmost 6 years ago

@Aabhusan please post your actual question so that someone can answer

Aabhusanalmost 6 years ago

Error: Invalid count argument

on .terraform/modules/vpc_peering-1/main.tf line 62, in resource "aws_route" "requestor":
62: count = var.enabled ? length(distinct(sort(data.aws_route_tables.requestor.0.ids))) * length(data.aws_vpc.acceptor.0.cidr_block_associations) : 0

The "count" value depends on resource attributes that cannot be determined
until apply, so Terraform cannot predict how many instances will be created.
To work around this, use the -target argument to first apply only the
resources that the count depends on.

Aabhusanalmost 6 years ago

module "vpc_peering-1" {
source = "git::https://github.com/cloudposse/terraform-aws-vpc-peering.git?ref=master"
namespace = "eg"
stage = "test-1"
name = "peering-1"
requestor_vpc_id = module.vpc1.vpc_id
acceptor_vpc_id = module.vpc3.vpc_id
}

aaratnalmost 6 years ago

requestor_vpc_id = module.vpc1.vpc_id
  acceptor_vpc_id  = module.vpc3.vpc_id

aaratnalmost 6 years ago

are these vpcs created ?

Aabhusanalmost 6 years ago

Yes

sahil kambojalmost 6 years ago

i think me and @Aabhusan have same problem

Mattalmost 6 years ago

Does anyone here have a Terraform example for provisioning a forecast monitor in DataDog? Not sure it's possible with the current provider, couldn't find any examples for this.

Julio Tain Sueirasalmost 6 years ago

@Matt do you still need help with that one?

Mattalmost 6 years ago

@Julio Tain Sueiras think I have it now

Mattalmost 6 years ago

need to test tomorrow

Mattalmost 6 years ago

it's basically just a variant of a query alert

rssalmost 6 years ago(edited)

v0.12.25
NOTES:
backend/s3: Region validation now automatically supports the new af-south-1 (Africa (Cape Town)) region. For AWS operations to work in the new region, the region must be explicitly enabled as outlined in the AWS Documentation. When the region is not enabled, the Terraform S3 Backend will return errors during credential validation (e.g. error validating provider credentials:...

Matt Gowiealmost 6 years ago

Does anyone know of a terraform plan review tool? Something like GitHub Pull Requests but for Terraform Plan? I know Atlantis will comment on a PR with the plan and allow review and what not, but I would love a tool that I can push a plan to it and then discuss that plan with my team.

sheldonhalmost 6 years ago

Took my first swing at some Go terraform-tfe sdk stuff today to create runs from azure devops/cli. Learned a bunch, including finding a much more mature project with great examples. Might fork and modify a bit. Looks like with this go-tfe project on you can easily run terraform cloud actions from github actions now. Super cool!

I'm going to modify this probably to accept command line args for my first PR on a go project
https://github.com/kvrhdn/tfe-run

Mo_Nazibalmost 6 years ago

Hi All, I'm looking for a solution in managing/creating multiple AWS route53 zones/records. Any suggestions

Ameliaalmost 6 years ago

Hey y'all, I did something really dumb and I'm still a bit too green at Terraform to understand how to resolve it. I'm keeping multiple state workspaces in S3 with a dynamo lock DB. I wanted to purge one of the workspaces and rebuild things from scratch. I didn't have any resources outstanding, so I blindly deleted the file directly from S3. Now I can't rebuild it, I suspect, because the lock db expects it to exist. Is there anyway to get back to a blank slate from here so that I can start over for this particular workspace?

Joe Presleyalmost 6 years ago

Does anyone have thoughts on how to scale Terraform when working with thousands of internal customers. The concurrent requests would be about 10 at a time. There’s a talk Uber did where they said DevOps tools don’t scale when you’re dealing with 100k servers, so there’s some upper limit. What would you say the limit is for Terraform? Is there a way to wrap Terraform around an api call so an application platform could enter a few parameters for a Terraform module to render the Terraform?

Andrewalmost 6 years ago

has anyone used this and have any opinions about it? https://github.com/liatrio/aws-accounts-terraform

Andrewalmost 6 years ago

or is control tower to be preferred?

Haroon Rasheedalmost 6 years ago

Hi All, I have my kubeconfig as terraform local value after eks deployment.. Now when I try to run a command "echo ${local.kubeconfig} > /.kube/config" using null_resource command option. I get command not found error guess due to multiple lines get replaced as part of local.kubeconfig..Need help on how to run this command. Right now I am coming out of terraform and doing "terraform output > /.kube/config" Any help to achieve it as part of null_resources are any terraform resources?

Kevin Chanalmost 6 years ago

Question how am I supposed to be running the tests? in a container or does calling the make file work? I'm trying to upgrade the iam module, but first I want to know how you guys are writing tests for the other modules first.

Haroon Rasheedalmost 6 years ago(edited)

I am trying to get the Kubernetes Pod IP..I have launched a kubernetes deployment...in terraform.tfstate file I dont see the IP address of the POD. I need to use that POD IP address to bring another POD. How to get kubernetes POD IP which is launched by Terraform. Any help would be great!

Erik Osterman (Cloud Posse)almost 6 years ago(edited)

anyone have a lambda for provisioning the databases inside of an RDS postgres instance? problem we're trying to solve is creating the databases (e.g. granana, keycloak, and vault) on the RDS cluster without direct access since it's in a private VPC. In this case we do not have #atlantis or VPN connectivity to the VPC. Looking for a solution we can use in pure terraform.

OliverSalmost 6 years ago(edited)

I submitted a bug that appears to break aws-tfstate-backend upgrade from 0.16 to 0.17 of the module, https://github.com/cloudposse/terraform-aws-tfstate-backend/issues/47, meanwhile if anyone can explain what the error means, I am unable to make sense of it.

Cloud Possealmost 6 years ago

👉️ Register for Webinar

#office-hours (our channel)

Maarten van der Hoefalmost 6 years ago

Has anyone worked with the golang hcl2 lib before ? I'm having the issue that the unquoted fields, for example the terraform type field for the variables is not parsing well. Just like if the lib would still be hcl1 which it's not.

sahil kambojalmost 6 years ago

Hey guys
i formatted my laptop and git pull my terraform script and facing error after terraform init
Error: Failed to instantiate provider "aws" to obtain schema: fork/exec /home/kratos/Documents/Projects/terra/.terraform/plugins/linux_amd64/terraform-provider-aws_v2.62.0_x4: permission denied

Error: Failed to instantiate provider "kubernetes" to obtain schema: fork/exec /home/kratos/Documents/Projects/terra/.terraform/plugins/linux_amd64/terraform-provider-kubernetes_v1.11.2_x4: permission denied

Error: Failed to instantiate provider "local" to obtain schema: fork/exec /home/kratos/Documents/Projects/terra/.terraform/plugins/linux_amd64/terraform-provider-local_v1.4.0_x4: permission denied

Error: Failed to instantiate provider "null" to obtain schema: fork/exec /home/kratos/Documents/Projects/terra/.terraform/plugins/linux_amd64/terraform-provider-null_v2.1.2_x4: permission denied

Error: Failed to instantiate provider "random" to obtain schema: fork/exec /home/kratos/Documents/Projects/terra/.terraform/plugins/linux_amd64/terraform-provider-random_v2.2.1_x4: permission denied

sahil kambojalmost 6 years ago

deleted .terraform folder and terraform init
but same problem

Azizalmost 6 years ago(edited)

Guys I can see that one PR is pending on s3 bucket module - https://github.com/cloudposse/terraform-aws-s3-bucket/pull/16
for adding CORS configuration, any updates when it can be merged?

PePe Amengualalmost 6 years ago

@Erik Osterman (Cloud Posse) do you guys have a delay when publishing modules to the terraform registry?

btaialmost 6 years ago

is there a way to use the terraform 12 for loops to create n number of terraform resources? or do we still do the count thing?

Joe Presleyalmost 6 years ago

I’m trying to think of a workflow where a ci/cd server would pass in parameters to a module. Is that a possibility? Are there any gotchas? I’m thinking the parameters would be passed in as TF_VAR variables. The downside that I see is that it would make it a mess to manage state.

Joe Presleyalmost 6 years ago

What I’m trying to explore is the boundaries of whether Terraform is ultimately a tool that is dependent on GitOps.

Harshal Vaidyaalmost 6 years ago

Hello I'm facing issues while spinning an eks_cluster using the cloudposse module

Harshal Vaidyaalmost 6 years ago

Need some help with that ..

Harshal Vaidyaalmost 6 years ago

module.eks_cluster.null_resource.wait_for_cluster[0]: Still creating... [2m10s elapsed]
module.eks_cluster.null_resource.wait_for_cluster[0]: Still creating... [2m20s elapsed]
module.eks_cluster.null_resource.wait_for_cluster[0]: Still creating... [2m30s elapsed]
module.eks_cluster.null_resource.wait_for_cluster[0]: Creation complete after 2m32s [id=2129570020838525894]
module.eks_cluster.kubernetes_config_map.aws_auth_ignore_changes[0]: Creating...

Error: configmaps "aws-auth" already exists

  on .terraform/modules/eks_cluster/auth.tf line 84, in resource "kubernetes_config_map" "aws_auth_ignore_changes":
  84: resource "kubernetes_config_map" "aws_auth_ignore_changes" {

Harshal Vaidyaalmost 6 years ago

My tf ends with this message ..

Harshal Vaidyaalmost 6 years ago

I've searched around on the web and there are some threads that discuss this ..but none of those solutions have worked

aaratnover 5 years ago

Checkout terraform version manager written by me, supports pip, docker and homebrew !!

Its already becoming popular with 40 ⭐️ .

https://github.com/aaratn/terraenv

Andrewover 5 years ago

anyone using terraform cloud? I am running a module that requires running awscli locally and their remote server does not have it installed. anyone have any advice?

Andrewover 5 years ago

I tried the obvious thing of apt-get installing it but that didn't work

Andrewover 5 years ago

nvm looks like "Your plans and applies occur on machines you control. Terraform Cloud is only used to store and synchronize state.
Save settings" is the way to go

Rajesh Babu Gangulaover 5 years ago

hello I am having the following code to create a launch configuration which creates one secondary volume but I need to create multiple EBS volumes as per the requirement ... can anyone suggest what would be the best approach to have that functionality

resource "aws_launch_configuration" "launch_config_with_secondary_ebs" {
  count = var.secondary_ebs_volume_size != "" ? 1 : 0

  ebs_optimized     = var.enable_ebs_optimization
  enable_monitoring = var.detailed_monitoring
  image_id          = var.image_id != "" ? var.image_id : data.aws_ami.asg_ami.image_id
  instance_type     = var.instance_type
  key_name          = var.key_pair
  name_prefix       = join("-", compact(["LaunchConfigWith2ndEbs", var.name, format("%03d-", count.index + 1)]))
  placement_tenancy = var.tenancy
  security_groups   = var.security_groups
  user_data_base64  = base64encode(data.template_file.user_data.rendered)

  ebs_block_device {
    device_name = local.ebs_device_map[local.ec2_os]
    encrypted   = var.secondary_ebs_volume_existing_id == "" ? var.encrypt_secondary_ebs_volume : false
    iops        = var.secondary_ebs_volume_iops
    snapshot_id = var.secondary_ebs_volume_existing_id
    volume_size = var.secondary_ebs_volume_size
    volume_type = var.secondary_ebs_volume_type
  }

  iam_instance_profile = element(
    coalescelist(
      aws_iam_instance_profile.instance_role_instance_profile.*.name,
      [var.instance_profile_override_name],
    ),
    0,
  )

  root_block_device {
    iops        = var.primary_ebs_volume_type == "io1" ? var.primary_ebs_volume_size : 0
    volume_size = var.primary_ebs_volume_size
    volume_type = var.primary_ebs_volume_type
  }

  lifecycle {
    create_before_destroy = true
  }
}

Azizover 5 years ago

Guys, there is PR raised by one of my colleague for fixing the auto-scaling issue in RDS cluster - can you guys review it ?
https://github.com/cloudposse/terraform-aws-rds-cluster/pull/67

Sumeet Shuklaover 5 years ago

@Erik Osterman (Cloud Posse) @Andriy Knysh (Cloud Posse) Could you please review the PR or have someone review it: https://github.com/cloudposse/terraform-aws-rds-cluster/pull/67

Andreas Pover 5 years ago

Guys do you have any reference articles/pointers on how to go to a ECS Fargate deployment for my microservices with CI/CD enabled?

Scottover 5 years ago

Is there any way to lookup names of IAM roles with wildcards? Situation: AWS SSO Federated roles are appended with a random string

lorenover 5 years ago

Looks interesting... Anyone use checkcov?

https://www.checkov.io/1.Introduction/Getting%20Started.html

lorenover 5 years ago

tf 0.13.0 betas coming soon... Sure hope this upgrade is less painful than 0.12!

https://discuss.hashicorp.com/t/terraform-v0-13-0-beta-program/9066

Chris Fowlesover 5 years ago

module expansion: modules will support count and for_each. We're still working on depends_on, but it's looking good and I think it'll make 0.13.0.

🎉

Chris Fowlesover 5 years ago

oh happiness 🙏

cli: Add state replace-provider subcommand to allow changing the provider source for existing resources [GH-24523]

raghuover 5 years ago

Hi Folks, Is there any command or something if i would like to use specific aws provider. Currently I am using latest + provider.aws v2.62.0 and would like to use v2.59.0 to get rid of below error. I am getting below error in v2.62.0 provider.

1 error occurred:
	* aws_autoscaling_group.asg: Error creating AutoScaling Group: ValidationError: You must use a valid fully-formed launch template. You cannot use PartitionNumber with a Placement Group that does not exist. Specify a valid Placement Group and try again.
	status code: 400, request id: 7db8c6a4-8061-47bb-9440-ded120c14d03

Chris Fowlesover 5 years ago

https://www.terraform.io/docs/configuration/providers.html#provider-versions

Chris Fowlesover 5 years ago

use:

terraform {
  required_providers {
    aws = "= 2.59.0"
  }
}

raghuover 5 years ago

Hi Guys, I am kind of new to terraform enterprise and we just starting using it.When I initiate queue plan from my workspace though configuring keys and all those, it just showing blank, doesn't do anything. I just canceled it.Am I missing anything? Appreciate your suggestion.

Andrewover 5 years ago

why does terraform init download the repo again from github and then terraform apply ignores the cwd and only executes the modules in .terraform? I have to edit my source files twice every time I do this and it is annoying.

Zachover 5 years ago(edited)

I keep hearing lately that ‘terraform should build your infra and not deploy your code’ - but how does that work if you are building immutable AMIs as the ‘code package’? If terraform isn’t the one ‘deploying’ the AMI, what else is being used, and how is the terraform state for the ASG/launch-template/etc being maintained?

Cloud Posseover 5 years ago

👉️ Register for Webinar

#office-hours (our channel)

Scottover 5 years ago

Does anyone have recommendations on how to best secure a terraform CI/CD pipeline when using federated logins/SSO? My initial thoughts are to create a IAM user in each account (dev/staging/prod) that would have static credentials, but there has to be a better way...

RBover 5 years ago(edited)

anyone running celery in ecs / fargate ? looking to run the worker and celerybeat (scheduler) in ecs if possible

• is it OK to run celery worker and beat in ECS ? is it OK to run in fargate?
• what tf modules, if any, would help ?
• any gotchas ?

rssover 5 years ago(edited)

Service degradation for Terraform Cloud
May 26, 18:50 UTC
Investigating - We have identified service degradation for Terraform Cloud and are investigating.

rssover 5 years ago

Service degradation for Terraform Cloud
May 26, 20:02 UTC
Update - We are continuing to investigate this issue.May 26, 18:50 UTC
Investigating - We have identified service degradation for Terraform Cloud and are investigating.

rssover 5 years ago

Service degradation for Terraform Cloud
May 26, 21:24 UTC
Resolved - We've mitigated the issue causing the service degradation and are now monitoring. All services are currently operating normally.May 26, 20:02 UTC
Update - We are continuing to investigate this issue.May 26, 18:50 UTC
Investigating - We have identified service degradation for Terraform Cloud and are investigating.

Zachover 5 years ago

https://github.com/hashicorp/terraform/issues/25016

module expansion: modules will support count and for_each. We’re still working on depends_on, but it’s looking good and I think it’ll make 0.13.0.

Chris Fowlesover 5 years ago

https://www.hashicorp.com/blog/deploy-any-resource-with-the-new-kubernetes-provider-for-hashicorp-terraform/

Andrew Rothover 5 years ago

https://twitter.com/kelseyhightower/status/1265423065304821760?s=09

Erik Osterman (Cloud Posse)over 5 years ago

Finally! This is great news.

Chris Fowlesover 5 years ago

this is excellent - it actually answers a really big question with how we move forward

Haroon Rasheedover 5 years ago

What would be the approach if my infra deployed by Terraform is messed up on (few resources got deleted manually) due to some external factor and I am trying to run terraform destroy but it fails with resources missing? How to get over this issue? I tried with terraform state rm <resource> but this is not viable if we have multiple resources. coz need to identify them one by one and delete? Is there any approach or recommendations?

Chris Fowlesover 5 years ago

terraform plan | grep '#'

Chris Fowlesover 5 years ago

i can't believe it took me this long to figure that out

Andrew Rothover 5 years ago

oooh that's a good one

Chris Fowlesover 5 years ago

i honestly feel like the sun just rose

Carlos R.over 5 years ago(edited)

Terraform AWS data aws_iam_policy_document

Problem: every time I do tf plan/apply when using a aws_iam_policy_document, terraform recomputes the policy document. Thus, it creates changes always in its plan. (See image below)

Question: How do you guys deal with it? Do you simply ignore? Do you avoid using the aws_iam_policy_document?

rssover 5 years ago

v0.12.26
v0.12.26

rssover 5 years ago(edited)

v0.12.26
ENHANCEMENTS:
backend/remote: Can now accept -target options when creating a plan using remote operations, if supported by the target server. (Server-side support for this in Terraform Cloud and Terraform Enterprise will follow in forthcoming releases of each.) (<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="611026832" data-permission-text="Title is private" data-url="https://github.com/hashicorp/terraform/issues/24834" data-hovercard-type="pull_request"...

Mr.Devopsover 5 years ago

Hi - I'm hoping the pros here can help me with understanding how to use dynamic block expression within the resource aws_autoscaling_group I've went over the TF doc many times and i still can't seem to wrap my head around understanding how to use this.

Maybe an example would be helpful to shed some light on how to use it.

Here's what i'm attempting to do with the resource aws_autoscaling_group. I would like to be able to use mixed_instances_policy but iterate through multiply instance_type (instance type varies) using the override block.

e.g

resource "aws_autoscaling_group" "example" {
  availability_zones = ["us-east-1a"]
  desired_capacity   = 1
  max_size           = 1
  min_size           = 1

  mixed_instances_policy {
    launch_template {
      launch_template_specification {
        launch_template_id = "${aws_launch_template.example.id}"
      }

      override {
        instance_type     = "c4.large"
        weighted_capacity = "3"
      }

      override {
        instance_type     = "c3.large"
        weighted_capacity = "2"
      }
    }
  }
}

rssover 5 years ago(edited)

Service impact to Terraform runs
May 27, 22:24 UTC
Investigating - We are currently investigating an issue affecting a subset of Terraform runs.

rssover 5 years ago

Service impact to Terraform runs
May 27, 22:51 UTC
Identified - The issue has been identified and a fix is being implemented.May 27, 22:51 UTC
Update - We are continuing to investigate this issue.May 27, 22:24 UTC
Investigating - We are currently investigating an issue affecting a subset of Terraform runs.

rssover 5 years ago

Service impact to Terraform runs
May 27, 23:45 UTC
Resolved - We've implemented a confirmed a fix to remedy this issue.May 27, 22:51 UTC
Identified - The issue has been identified and a fix is being implemented.May 27, 22:51 UTC
Update - We are continuing to investigate this issue.May 27, 22:24 UTC
Investigating - We are currently investigating an issue affecting a subset of Terraform runs.

Erik Osterman (Cloud Posse)over 5 years ago

https://github.com/mumoshu/terraform-provider-eksctl

Maarten van der Hoefover 5 years ago

Has anyone done this Terraform certification, how much Terraform Cloud is in there ?

Piotr Maksymiukover 5 years ago

sooo, tfmask only supports masking variables when they’re changed and not created?

Haroon Rasheedover 5 years ago

I am trying to use this git repo for converting yaml to HCL code. But make install is not working..so I could not proceed further. Any idea how to make it work
https://github.com/jrhouston/tfk8s

Haroon Rasheedover 5 years ago

Below is how I tried it.

auto@auto:~/tfk8s$ ls
CODEOWNERS  go.mod  go.sum  LICENSE  Makefile  README.md  tfk8s.go  tfk8s_test.go
auto@auto:~/tfk8s$ make install
go install -ldflags "-X main.toolVersion=0.1.3"
auto@auto:~/tfk8s$ tfk8s
tfk8s: command not found
auto@auto:~/tfk8s$

Rajesh Babu Gangulaover 5 years ago

I need value a should be z if var.x is null and y if var.x has some value , does the following statement works?
a = var.x != "" ? y || var.x == "" ? z

Eric Bergover 5 years ago

why don't you just try it out, @Rajesh Babu Gangula? Set up a quick experiment with a local block and an output.

Tyrone Meijnover 5 years ago

Hey guys I have a question, what is the difference between pinning your providers in the terraform block

terraform {
  required_providers {
    aws = "2.6.0"
  }
}

vs doing it like in the provider:

provider "aws" {
  version = "2.6.0"
}

Haroon Rasheedover 5 years ago

I would like to have AWS EKS setup using Terraform in such way that we have 2 VPCs. One VPC where I should deploy AWS control plane and other VPC I should have my worker nodes running. Do we terraform suite for this in cloudposse or any other repo?

Milosbover 5 years ago(edited)

Could someone explain me why outputs interpolation works differently if I reference locals in outputs.tf and for example in main.tf? If do something like

locals {
  s3_arn = "aws_iam_policy.s3_${var.environment}[0].arn"
}
output "s3_arn" {
  value = local.s3_arn
}

Milosbover 5 years ago(edited)

If i put locals in main it will output literal string, but if i put locals in outputs.tf it will interpolate correctly
Update: Strange enough i cant reproduce it now…

praveenover 5 years ago

hi, May I know if we have latest/working Terraform module available for enabling Azure Diagnosticas logging for all azure resources ?

praveenover 5 years ago

# terraorm , can you help me provide module for enabling diagnostics logging for all azure resources ?

Yage Huover 5 years ago

I'm using terragrunt . Let's say I want to deploy a VPC and an EKS cluster. Is it possible to put the VPC terragrunt code in one module and reference the vpc_id from the eks module?

Brij Sover 5 years ago(edited)

Hello, does anyone know of a terraform trick on how to turn a map like this

  tags = {
    "abc"  = "123"
    "bbb"  = "aaa"
  }

into

  [{Key=abc,Value=123},{Key=bbb,Value=aaa}]

April 2020 Browse by date June 2020