202 messages
C
Cloud Posseover 5 years ago
Join us for "Office Hours" every Wednesday 11:30AM (PST, GMT-7) via Zoom.This is an opportunity to ask us questions on
terraform and get to know others in the community on a more personal level. Next one is Jun 10, 2020 11:30AM.👉️ Register for Webinar
#office-hours (our channel)
jedineeperover 5 years ago
Is there a public conftest bundle for terraform? I figure there is some customisation for every system but there must be a core revolving around common practices the community uses?
RBover 5 years ago
Prasadover 5 years ago
Hi Folks...is there an easier way to get list of required aws permissions for a Terraform task...when we had to upload and Modify certificates we didn't have policy for DescribeCertificate and had some failures. we tried doing a trace to see if there are any insights but haven't been successful.
lorenover 5 years ago
anyone hear of a project to build the terraform website in a way that supports specific versions? for example, looking to browse the docs for a specific version of the azurerm provider... (and i do know how to use tags on the github repo to view specific pages, but it's not very navigable...)
lorenover 5 years ago
i am irrationally excited about this pr: https://github.com/hashicorp/aws-sdk-go-base/pull/38
Mr.Devopsover 5 years ago(edited)
Hoping to find some best practices here with module creations/tree structure or maybe some use cases if anyone has out there.
Here's what I have going:
I've created a separate repo for a module that contains both
Here's what I have going:
I've created a separate repo for a module that contains both
aws_launch_template AND aws_autoscaling_group resources (all in main.tf) . I would also like to attach/create an load_balancers Would it make sense for me to create a separate module for the resource aws_lb or incorporate that into the main.tf file ?OliverSover 5 years ago(edited)
Hey I am using CloudPosse's awsome terraform-aws-eks-cluster and node-group modules. The cluster module merges credentials info into my kube config, very nice. I have setup my terraform main.tf to also create a service account for my pods to integrate with IAM, using kubectl apply called by terraform. Sometimes this fails, apparently because the kube API server is not ready. Details at https://stackoverflow.com/questions/62173213/intermittent-kubectl-apply-error-when-run-from-terraform-after-aws-eks-cluster-c. If I can make it to the office hours today I will ask there, but I thought I should ask here first.
Anthony Cleavesover 5 years ago
Hey
Anthony Cleavesover 5 years ago
I am trying to use the elasticache module, on
Terraform still insists on having an
0.11 despitetransit_encryption_enabled = "false"
at_rest_encryption_enabled = "false"Terraform still insists on having an
auth_tokenError: module.eu-aws-nft-main-redis.aws_elasticache_replication_group.default: "auth_token" must contain from 16 to 128 alphanumeric characters or symbols (excluding @, ", and /)
Error: module.eu-aws-nft-main-redis.aws_elasticache_replication_group.default: "replication_group_id" must contain from 1 to 20 alphanumeric characters or hyphens
Error: module.eu-aws-nft-main-redis.aws_elasticache_replication_group.default: only alphanumeric characters or symbols (excluding @, ", and /) allowed in "auth_token"A
Anthony Cleavesover 5 years ago
Anthony Cleavesover 5 years ago
Am I doing something silly 🤔
Anthony Cleavesover 5 years ago
And then if you try to set it to shut up the error, the deployment fails:
* aws_elasticache_replication_group.default: Error creating Elasticache Replication Group: InvalidParameterValue: The AUTH token is only supported when encryption-in-transit is enabled
status code: 400, request id: ec8aa5fa-f5d6-48cd-b1fa-2dea064cc8e2rssover 5 years ago(edited)
v0.13.0-beta1
0.13.0-beta1 (June 03, 2020)
NEW FEATURES:
count and for_each for modules: Similar to the arguments of the same name in resource and data blocks, these create multiple instances of a module from a single module block. (#24461)
depends_on for modules: Modules can now use the depends_on argument to ensure that all module resource...
0.13.0-beta1 (June 03, 2020)
NEW FEATURES:
count and for_each for modules: Similar to the arguments of the same name in resource and data blocks, these create multiple instances of a module from a single module block. (#24461)
depends_on for modules: Modules can now use the depends_on argument to ensure that all module resource...
Eric Bergover 5 years ago(edited)
Hey, folks. I'm trying to grant Organization-level access to an S3 bucket. I have only 3 accounts that need this cross-account access, but I can't seem to get it to work. Here's my bucket policy:
With this in place, I can do an
The policy is definitely what's providing
Thanks for taking a look.
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowOrgAccountsReadOnly",
"Effect": "Allow",
"Principal": {
"AWS": [
"arn:aws:iam::123412341234:root"
]
},
"Action": "s3:*",
"Resource": [
"arn:aws:s3:::my-artifacts",
"arn:aws:s3:::my-artifacts/*"
]
}
]
}With this in place, I can do an
aws s3 ls on that bucket, but aws s3 cp returns this: (AccessDenied) when calling the GetObject operation error.The policy is definitely what's providing
ls access (s3:ListObject,I believe), which I have tested, by removing it. So, why can't I access s3:GetObject on that bucket from another account?Thanks for taking a look.
Gui Paivaover 5 years ago
HI guys.
When deploying terraform, I first run terraform plan then terraform apply based on the plan output. If there is no plan output then apply does not run.
It's been a few days now that I noticed that terraform plan includes "reading data"
This is causing the terraform apply to be triggered. I know it is not doing anything but it is kind annoying.
Is there any way to ignore readings output from terraform plan? Or is it a new way the plan works and we have to live with it?
When deploying terraform, I first run terraform plan then terraform apply based on the plan output. If there is no plan output then apply does not run.
It's been a few days now that I noticed that terraform plan includes "reading data"
data.aws_availability_zones.available: Reading... [id=2020-06-04 22:18:37.236953382 +0000 UTC]
data.aws_availability_zones.available: Read complete after 0s [id=2020-06-04 22:18:57.193921254 +0000 UTC]This is causing the terraform apply to be triggered. I know it is not doing anything but it is kind annoying.
Is there any way to ignore readings output from terraform plan? Or is it a new way the plan works and we have to live with it?
Eric Bergover 5 years ago
@Gui Paiva, I was just noticing that the plan info is not printed, when you run apply either with a plan file or with the
You can run
--auto-approve param. I like having that.You can run
terraform show <plan file> , to see the plan.Gui Paivaover 5 years ago
Showing the plan is fine when there are resources to be created, deleted or modified, it is just that "Reading" that looks like it is now part of the plan and then the apply job in my pipeline gets triggered because the plan output was not empty
Eric Bergover 5 years ago
So, you have an empty plan, but apply still runs...stuff, right? It gets the data
G
Gui Paivaover 5 years ago
yes, before the plan would be empty but now, there is this reading
Gui Paivaover 5 years ago
as you can see, there are no changes
Gui Paivaover 5 years ago
I only find annoying because now the apply jobs gets triggered even though it is not going to do anything
Eric Bergover 5 years ago
I see. that seems to be a maintainer-level issue.
Gui Paivaover 5 years ago
it must have been a recent change... I can't remember seeing it happening last week
Chris Fowlesover 5 years ago
try using the detailed exit code flag on your plan
that's probably the best way to determine if you need to apply in CI
-detailed-exitcode - Return a detailed exit code when the command exits. When provided, this argument changes the exit codes and their meanings to provide more granular information about what the resulting plan contains:
0 = Succeeded with empty diff (no changes)
1 = Error
2 = Succeeded with non-empty diff (changes present)that's probably the best way to determine if you need to apply in CI
Gui Paivaover 5 years ago
I am already using the detailed exitcode
Chris Fowlesover 5 years ago
oh really? that's super odd then - probably a bug
Gui Paivaover 5 years ago
but let me review my script.... I might be checking for the exit error only
Gui Paivaover 5 years ago
I am going to test showing the output exit code
Gui Paivaover 5 years ago
just want to see what it shows
G
Gui Paivaover 5 years ago
actually my script already does that
Gui Paivaover 5 years ago(edited)
yeah, looks like a bug
Gui Paivaover 5 years ago
now I wonder if it is with terraform itself or the aws provider
Gui Paivaover 5 years ago
🤔
Chris Fowlesover 5 years ago
are you literally just using something like this:
data "aws_availability_zones" "available" {
state = "available"
}Chris Fowlesover 5 years ago
or have you got some filters in there?
Gui Paivaover 5 years ago
found the issue
Gui Paivaover 5 years ago
at least I believe so
Gui Paivaover 5 years ago
the terraform binary upgrade had a bad logic and it download the new 0.13 beta version
Gui Paivaover 5 years ago
I am rolling back the terraform version to 0.12.26 and it should be fine now
Chris Fowlesover 5 years ago
🎉
Gui Paivaover 5 years ago
hate having to hack the terraform state files... but finally got the rollback done... you can't just change the terraform version, but also the provider like from
to
v0.13 beta
provider[\"<http://registry.terraform.io/hashicorp/aws\|registry.terraform.io/hashicorp/aws\>"]to
v0.12
provider.awsGui Paivaover 5 years ago
lesson learnt hahahaha
Jonathan Parkerover 5 years ago
Hi all, I’m trying to use the complete example of the terraform-aws-eks-workers project.
I thought that I could copy the files under https://github.com/cloudposse/terraform-aws-eks-workers/tree/master/examples/complete and then point the source for the
I thought that I could copy the files under https://github.com/cloudposse/terraform-aws-eks-workers/tree/master/examples/complete and then point the source for the
eks_cluster module to git::<https://github.com/cloudposse/terraform-aws-eks-workers.git?ref=tags/0.14.0> but I am getting a bunch of errorsError: Missing required argument
on main.tf line 64, in module "eks_cluster":
64: module "eks_cluster" {
The argument "cluster_certificate_authority_data" is required, but no
definition was found.
Error: Missing required argument
on main.tf line 64, in module "eks_cluster":
64: module "eks_cluster" {
The argument "cluster_endpoint" is required, but no definition was found.
Error: Missing required argument
on main.tf line 64, in module "eks_cluster":
64: module "eks_cluster" {
The argument "cluster_security_group_id" is required, but no definition was
found.Aymanover 5 years ago
Hey folks... how does everyone have their TF repos setup? I've seen some do 1:1 per AWS account, but others would do a repo per service that would go across all accounts (VPC, S3, etc). What worked for you?
Rahul Muraleedharanover 5 years ago
Hello guys, we need to use lifecycle hooks in eks worker node asg. Currently using below terraform git for eks workers. is it achievable?
https://github.com/cloudposse/terraform-aws-eks-workers?files=1
https://github.com/cloudposse/terraform-aws-eks-workers?files=1
OliverSover 5 years ago(edited)
Any suggestions for automatically populating a tag with date when the resource was created? Eg I'd like to have a function
where the value returned by
I suspect these do not exist, and cannot be easily implemented from within terraform (possibly as post-processing if terraform has a hook for that, which would give list of resources created and updated, then a script could loop over those and set the tags), what do people do? Same question arises for git commits, it would be nice to have a tag that identifies the git commit of the terraform root module used to produce a resource. What do you do for this kind of tracking/auditing?
resource aws_.... {
tags {
CreationDate = creation_date()
}
}where the value returned by
creation_date() is constant once the resource has been created, so that future runs of terraform apply do not modify the value. Similarly, an update_date() would only change on resources that have otherwise been flagged as needing a change, again otherwise all resources that have that tag will get a new update date whenever I run terraform apply, even those resources that have not changed!I suspect these do not exist, and cannot be easily implemented from within terraform (possibly as post-processing if terraform has a hook for that, which would give list of resources created and updated, then a script could loop over those and set the tags), what do people do? Same question arises for git commits, it would be nice to have a tag that identifies the git commit of the terraform root module used to produce a resource. What do you do for this kind of tracking/auditing?
Davidover 5 years ago
Hey guys, I'm kind of new to terraform (and devops in general). I'm wondering what the difference is between this: https://registry.terraform.io/modules/cloudposse/elastic-beanstalk-environment/aws/0.3.10
and this: https://www.terraform.io/docs/providers/aws/r/elastic_beanstalk_environment.html
Both api's look pretty similar, is there an advantage to using one over the other?
and this: https://www.terraform.io/docs/providers/aws/r/elastic_beanstalk_environment.html
Both api's look pretty similar, is there an advantage to using one over the other?
Alex Floresover 5 years ago
Hey everyone, do you have an example of an elastic beanstalk config for a single instance only? I imagine I just set
environment_type = single instance , but I can’t find anything to know for sure.Rahul Muraleedharanover 5 years ago
Hello guys, while using cloudposse terraform for eks worker nodes, can we create asg with custom name. Currently its comes up with a suffix(consists of date of creation). Name prefix we can modify, but about suffix?
R
Rahul Muraleedharanover 5 years ago
Reason is I need to create lifecycle hook for asg while it's spin up through terraform
Rahul Muraleedharanover 5 years ago
Here we have to explicitly provide asg name
sahil kambojover 5 years ago
Hey guys i have a situation like pipeline need some suggestions:
1. create ec2 and run a ansile command ( i can do that with user data)
2. after that make a ami from it
3. create launch group for autoscaling from that ami
1. create ec2 and run a ansile command ( i can do that with user data)
2. after that make a ami from it
3. create launch group for autoscaling from that ami
David Medinetsover 5 years ago
@sahil kamboj I do that all the time. I use python to handle the overall process, gather information, etc. Python also runs the ansible command and creates the ami.
sahil kambojover 5 years ago
can we do it in terraform
sahil kambojover 5 years ago
or python handle terraform
Stevenover 5 years ago
If the only reason for 1 is to create the AMI in 2, then you should look at packer to do this. Then terraform can do step 3
David Medinetsover 5 years ago
https://www.packer.io/intro/getting-started/build-image/ - i have not used packer but it is interesting to think about.
C
Cloud Posseover 5 years ago
Join us for "Office Hours" every Wednesday 11:30AM (PST, GMT-7) via Zoom.This is an opportunity to ask us questions on
terraform and get to know others in the community on a more personal level. Next one is Jun 17, 2020 11:30AM.👉️ Register for Webinar
#office-hours (our channel)
sahil kambojover 5 years ago
how can i call packer from terraform to create ami and resume like (depends on packer-ami)
Brandon Wilsonover 5 years ago
Is it possible to do
or comparisons in a terraform if? Example: name = var.branch == "master" || "sandbox" || "demo" ? "service-prod" : (var.branch == "staging" ? "service-staging" : "service-dev")Brandon Wilsonover 5 years ago
I see
|| listed under the logical operators, but terraform is throwing an error on a plan with this line. Unsuitable value for right operand: a bool is required.PePe Amengualover 5 years ago
is there a way to use something like
replace on an entire list ?PePe Amengualover 5 years ago
like
replace(var.atlantis_repo_whitelist[*], "/github.com/ORG//", "")Chris Fowlesover 5 years ago
Chris Fowlesover 5 years ago
e.g.
[for s in var.list : upper(s)]PePe Amengualover 5 years ago
awesome, I have used for for dynamics and never had to use it this way, thanks
Chris Fowlesover 5 years ago
👍️
deftunixover 5 years ago(edited)
is anyone using the https://github.com/cloudposse/terraform-aws-eks-workers to bring up windows workers?
sahil kambojover 5 years ago
can we write efs id or other resources id to a file that will auto uploaded to s3(all in terraform)
so i can use that file for ec2 provisioning with in terraform.OR is there any better way
so i can use that file for ec2 provisioning with in terraform.OR is there any better way
Marcos Hauerover 5 years ago
Hello everyone.
Using https://github.com/cloudposse/terraform-aws-elasticsearch, is it possible to define "Require HTTPS"?
Using https://github.com/cloudposse/terraform-aws-elasticsearch, is it possible to define "Require HTTPS"?
Erik Osterman (Cloud Posse)over 5 years ago
Mike Schuelerover 5 years ago
anyone using AWS Service Catalog? My company wants us to start using service catalog to let teams deploy things (RDS, s3 buckets, etc) w/ sane defaults/best practices.
Wondering if there’s some way to allow teams to provision terraform templates through it. i try to avoid writing CF if at all possible
Wondering if there’s some way to allow teams to provision terraform templates through it. i try to avoid writing CF if at all possible
PePe Amengualover 5 years ago
I was checking the docs of the terraform label module and I saw this :
terraform-terraform-label is a fork of terraform-null-label which uses only the core Terraform provider what is the benefit of using or or the other ?cabrinhaover 5 years ago(edited)
hey there … spinning up an EKS cluster with terraform-aws-eks, I get:
Error: the server has asked for the client to provide credentials (post configmaps)
on .terraform/modules/eks.eks/terraform-aws-eks-12.0.0/aws_auth.tf line 62, in resource "kubernetes_config_map" "aws_auth":
62: resource "kubernetes_config_map" "aws_auth" {cabrinhaover 5 years ago
when I run
KUBECONFIG=<my local kubeconfig, generated by the module> terraform apply for a second time, it workscabrinhaover 5 years ago
any idea how I can avoid running TF a second time?
Chris O.over 5 years ago
Howdy y'all
Chris O.over 5 years ago
I’ve got an existing AWS stack managed by terraform with a RDS Postgres db and replica inside a vpc with developer access provided by a bastion host and ssh forwarding. I’ve been tasked with adding an aurora postgres replica, and shortly thereafter replacing the pg primary/replica with aurora completely. I’m running into a few issues utilizing the terraform-aws-rds-cluster module (https://github.com/cloudposse/terraform-aws-rds-cluster/tree/0.15.0) and trying to get the steps correct.
Is there anyone here who has done this on terraform 11.x?
Is there anyone here who has done this on terraform 11.x?
btaiover 5 years ago
who else had gotten used to seeing a bunch of 0.12 syntax errors in their VSCode :P
C
Chris Fowlesover 5 years ago
Zachover 5 years ago(edited)
Saw that too, I had to remove some ‘legacy’ terraform extension from my settings which seemed to fix those errors.
However the bigger WTF is that the extension/server seems to expect that the workspace root == the terraform root. So it errors anyways if you’re using any sort of sub-folders in the path that you opened in VSCode
However the bigger WTF is that the extension/server seems to expect that the workspace root == the terraform root. So it errors anyways if you’re using any sort of sub-folders in the path that you opened in VSCode
Igorover 5 years ago
I switched to IntelliJ months ago and never looked back. The TF extension is really stable on 0.12.
Igor Bronovskyiover 5 years ago
Is it possible to show “Output” after the destroy in terraform?
Callum Robertsonover 5 years ago
Hey guys
Callum Robertsonover 5 years ago(edited)
Follow this thread for a temporary solution if you use Terragrunt with VSCode using the popular
vscode-terraform extension https://github.com/hashicorp/vscode-terraform/issues/372Callum Robertsonover 5 years ago
worked well for me
Pierre-Yvesover 5 years ago
hello,
is there a way to conditionally create a block in a terraform resource ?
is there a way to conditionally create a block in a terraform resource ?
Chris O.over 5 years ago
More specific question: is there a way to create a RDS Aurora cluster with a
cluster_identifier field and not have it force a new resource? Why tf does terraform think I need a new thing every time simply because I want to name it?!Sanjayover 5 years ago
Terraform cloud can give an estimate of cost before deploying. Is there a way we can do this from command line (with regular Terraform )
S
Sanjayover 5 years ago
Below are the supported resources Sanjayover 5 years ago
@loren ^^
lorenover 5 years ago(edited)
it's not my project, and i haven't used it myself. i honestly don't think it is possible to estimate aws costs with an accuracy worth making the effort. so, i'm just trying to answer the question you posed, and this is the only tool i'm aware of... feel free to keep looking, or maybe contribute to it until it addresses your needs
Sanjayover 5 years ago
ok. Thanks Loren.. Will research further on this topic
Chris O.over 5 years ago
I worked out used lifecycle ignore_changes, but what about this: when creating an aurora cluster replicating from rds postgres, the instance created is in writer mode, when it should be a reader, if I’m not much mistaken. Any pearls of wisdom? Here’s the relevant tf config:
resource "aws_db_instance" "rds_postgres" {
identifier = "${var.environment}-postgres-database"
allocated_storage = "${var.allocated_storage}"
engine = "postgres"
engine_version = "${var.db_version}"
instance_class = "${var.database_instance_class}"
multi_az = "${var.multi_az}"
name = "${var.database_name}"
username = "${var.database_username}"
password = "${var.database_password}"
db_subnet_group_name = "${aws_db_subnet_group.rds_subnet_group.id}"
vpc_security_group_ids = ["${aws_security_group.rds_sg.id}"]
skip_final_snapshot = true
backup_retention_period = 30
performance_insights_enabled = true
storage_encrypted = true
tags {
Environment = "${var.environment}"
Application = "company-api-postgres"
}
}
resource "aws_db_instance" "rds_postgres_r1" {
identifier = "${var.environment}-postgres-database-r1"
allocated_storage = "${var.allocated_storage}"
engine = "postgres"
engine_version = "${var.db_version}"
instance_class = "${var.database_instance_class}"
multi_az = "${var.multi_az}"
name = "${var.database_name}"
username = "${var.database_username}"
vpc_security_group_ids = ["${aws_security_group.rds_sg.id}"]
replicate_source_db = "${aws_db_instance.rds_postgres.identifier}"
skip_final_snapshot = true
performance_insights_enabled = true
storage_encrypted = true
tags {
Environment = "${var.environment}"
Application = "company-api-postgres"
}
}
resource "aws_rds_cluster" "default" {
cluster_identifier = "${var.environment}-aurora-cluster"
database_name = "${var.database_name}"
master_username = "${var.database_username}"
master_password = "${var.database_password}"
backup_retention_period = 30
preferred_backup_window = "03:00-07:00"
preferred_maintenance_window = "sat:04:00-wed:04:30"
skip_final_snapshot = true
storage_encrypted = true
kms_key_id = "${local.db_kms_key}"
vpc_security_group_ids = ["${aws_security_group.rds_sg.id}"]
db_subnet_group_name = "${aws_db_subnet_group.rds_subnet_group.id}"
engine = "aurora-postgresql"
engine_version = "${var.db_version}"
replication_source_identifier = "${aws_db_instance.rds_postgres.arn}"
port = 5432
lifecycle {
ignore_changes = [
"id",
"kms_key_id",
"cluster_identifier"
]
}
tags {
Environment = "${var.environment}"
Application = "company-api-aurora"
}
}
resource "aws_rds_cluster_instance" "default" {
identifier = "${var.environment}-aurora-r1"
cluster_identifier = "${aws_rds_cluster.default.id}"
instance_class = "${var.aurora_instance_class}"
db_subnet_group_name = "${aws_db_subnet_group.rds_subnet_group.id}"
publicly_accessible = false
engine = "aurora-postgresql"
engine_version = "11.6"
performance_insights_enabled = true
lifecycle {
ignore_changes = [
"identifier",
"cluster_identifier"
]
}
tags {
Environment = "${var.environment}"
Application = "company-api-aurora"
}
}sahil kambojover 5 years ago
Hey guys after attempting testing my terraform script many time
i am facing this issue now
module.vpc-1.aws_iam_role.vpc_flow_log_cloudwatch[0]: Still creating... [57m20s elapsed]
aws_iam_role.node-policy: Still creating... [57m30s elapsed]
aws_iam_role.ssm-role: Still creating... [57m30s elapsed]
module.vpc-1.aws_iam_role.vpc_flow_log_cloudwatch[0]: Still creating... [57m30s elapsed]
aws_iam_role.node-policy: Still creating... [57m40s elapsed]
aws_iam_role.ssm-role: Still creating... [57m40s elapsed]
module.vpc-1.aws_iam_role.vpc_flow_log_cloudwatch[0]: Still creating... [57m40s elapsed]
i am facing this issue now
module.vpc-1.aws_iam_role.vpc_flow_log_cloudwatch[0]: Still creating... [57m20s elapsed]
aws_iam_role.node-policy: Still creating... [57m30s elapsed]
aws_iam_role.ssm-role: Still creating... [57m30s elapsed]
module.vpc-1.aws_iam_role.vpc_flow_log_cloudwatch[0]: Still creating... [57m30s elapsed]
aws_iam_role.node-policy: Still creating... [57m40s elapsed]
aws_iam_role.ssm-role: Still creating... [57m40s elapsed]
module.vpc-1.aws_iam_role.vpc_flow_log_cloudwatch[0]: Still creating... [57m40s elapsed]
sahil kambojover 5 years ago
what could possibly go wrong here
sahil kambojover 5 years ago
same thing happening to me in terraform destroy
module.db.module.db_option_group.aws_db_option_group.this[0]: Still destroying... [id=frappe-db-20200612073045588700000002, 9m10s elapsed]
module.db.module.db_option_group.aws_db_option_group.this[0]: Still destroying... [id=frappe-db-20200612073045588700000002, 9m10s elapsed]
Chris Fowlesover 5 years ago
@sahil kamboj - aws are having issues with IAM role creation and related resources atm
sahil kambojover 5 years ago
@Chris Fowles Thnx
saved my day
saved my day
rssover 5 years ago(edited)
Terraform Cloud outage
Jun 12, 19:12 UTC
Monitoring - Terraform Cloud and our public registry underwent a 21-minute outage (18:43–19:04 UTC) due to a TLS failure in a cloud service provider on which the application depends. We're monitoring for further problems related to this outage and following up with the service provider.
Any Terraform runs that failed during this period can safely be re-queued.
Jun 12, 19:12 UTC
Monitoring - Terraform Cloud and our public registry underwent a 21-minute outage (18:43–19:04 UTC) due to a TLS failure in a cloud service provider on which the application depends. We're monitoring for further problems related to this outage and following up with the service provider.
Any Terraform runs that failed during this period can safely be re-queued.
ismail yenigulover 5 years ago
Hi,
I filed an issue about map_additional_iam_users at https://github.com/cloudposse/terraform-aws-eks-cluster/issues/63
I created eks cluster than add the following variable but terraform plan could not detect this change
I filed an issue about map_additional_iam_users at https://github.com/cloudposse/terraform-aws-eks-cluster/issues/63
I created eks cluster than add the following variable but terraform plan could not detect this change
map_additional_iam_users = [
{
userarn = "arn:aws:iam::xyz:user/myuser"
username = "myuser"
groups = ["system:masters"]
}
]ismail yenigulover 5 years ago
$ terraform plan
No changes. Infrastructure is up-to-date.
This means that Terraform did not detect any differences between your
configuration and real physical resources that exist. As a result, no
actions need to be performed.Pierre-Yvesover 5 years ago
Hello,
did you manage to install the newly terraform vscode language package on Windows ?
https://marketplace.visualstudio.com/items?itemName=HashiCorp.terraform
from github link it seems that the absolute path has to be set manually in the extension json, but I still got the error " Expected absolute path for Terraform binary"
https://github.com/hashicorp/vscode-terraform/wiki/Manually-Setting-the-Terraform-Executable-Path
did you manage to install the newly terraform vscode language package on Windows ?
https://marketplace.visualstudio.com/items?itemName=HashiCorp.terraform
from github link it seems that the absolute path has to be set manually in the extension json, but I still got the error " Expected absolute path for Terraform binary"
https://github.com/hashicorp/vscode-terraform/wiki/Manually-Setting-the-Terraform-Executable-Path
Rahul Muraleedharanover 5 years ago
While using this terraform git https://github.com/cloudposse/terraform-aws-eks-node-group/blob/master/README.md
Can we have existing iam roles to be attached in node groups?
Because autoscaling describe policies are not attached in the newly created iam role.
These policies are need to be attached in node iam role to have autoscaling to work.
Can we have existing iam roles to be attached in node groups?
Because autoscaling describe policies are not attached in the newly created iam role.
These policies are need to be attached in node iam role to have autoscaling to work.
Rahul Muraleedharanover 5 years ago
R
Rahul Muraleedharanover 5 years ago
rssover 5 years ago(edited)
Terraform Cloud outage
Jun 15, 13:38 UTC
Resolved - This incident has been resolved.Jun 12, 19:12 UTC
Monitoring - Terraform Cloud and our public registry underwent a 21-minute outage (18:43–19:04 UTC) due to a TLS failure in a cloud service provider on which the application depends. We're monitoring for further problems related to this outage and following up with the service provider.
Any Terraform runs that failed during this period can safely be re-queued.
Jun 15, 13:38 UTC
Resolved - This incident has been resolved.Jun 12, 19:12 UTC
Monitoring - Terraform Cloud and our public registry underwent a 21-minute outage (18:43–19:04 UTC) due to a TLS failure in a cloud service provider on which the application depends. We're monitoring for further problems related to this outage and following up with the service provider.
Any Terraform runs that failed during this period can safely be re-queued.
C
Cloud Posseover 5 years ago
Join us for "Office Hours" every Wednesday 11:30AM (PST, GMT-7) via Zoom.This is an opportunity to ask us questions on
terraform and get to know others in the community on a more personal level. Next one is Jun 24, 2020 11:30AM.👉️ Register for Webinar
#office-hours (our channel)
rssover 5 years ago
Scheduled Maintenance | Terraform Cloud
THIS IS A SCHEDULED EVENT Jun 21, 07:00 - 08:00 UTCJun 15, 16:58 UTC
Scheduled - Terraform Cloud will undergo scheduled maintenance on Sunday, June 21st beginning at 7:00 UTC. We expect this maintenance to complete in an hour. During this time, terraform runs themselves will be operational but output from the runs may be impacted for a short period of time.
THIS IS A SCHEDULED EVENT Jun 21, 07:00 - 08:00 UTCJun 15, 16:58 UTC
Scheduled - Terraform Cloud will undergo scheduled maintenance on Sunday, June 21st beginning at 7:00 UTC. We expect this maintenance to complete in an hour. During this time, terraform runs themselves will be operational but output from the runs may be impacted for a short period of time.
David Medinetsover 5 years ago(edited)
I just started using terraform today. I am seeing "(remote-exec): Catalog is not reachable. Try again later" when creating an ec2 instance. I can ssh into the server using the key pair. Any ideas?
(remote-exec): 12: Timeout on http://amazonlinux.us-east-1.amazonaws.com/2/core/latest/x86_64/mirror.list: (28, 'Connection timed out after 5001 milliseconds')
(remote-exec): 12: Timeout on http://amazonlinux.us-east-1.amazonaws.com/2/core/latest/x86_64/mirror.list: (28, 'Connection timed out after 5001 milliseconds')
Sean Turnerover 5 years ago
Has anyone heard anything about if / when Hashicorp is going to push a fix to the VS code extension? The language server constantly crashes and opens a terminal every time I save if there’s an error (I believe?)
Mr.Devopsover 5 years ago
Has anyone used TF new plugin for vsCode? Currently i'm using intellij and their TF plugin has been awesome (https://plugins.jetbrains.com/plugin/7808-hashicorp-terraform--hcl-language-support)
Frankover 5 years ago
I wanted to create a PR for one of the Cloudposse modules (the
Anything I'm doing wrong here? I simply forked the repo, made the required changes and executed
terraform-aws-ses one to be exact) but for some reason the make readme is changing "bla_bla" into "bla\_bla" and adds in <pre> and <br> tags for some reason.Anything I'm doing wrong here? I simply forked the repo, made the required changes and executed
make init and make readme.Chris O.over 5 years ago
is there a way to display <computed> values in terraform 0.11.14 when running plan or apply?
Prasadover 5 years ago
i'm unable to understand the significance of terraform.tfstate created on the .terraform directory along with the plugins directory when we give a terraform init. i initially wasn't aware a state file existed on .terraform directory until i ran into a issue when i changed my backend.
lorenover 5 years ago
oh yeah, playing with tf 0.13 today, and the ability to disable a module using
count = 0 is the 💣️... eliminates so much of the cruft in advanced modulesBruceover 5 years ago
Hey! Just a quick one hopefully. How does everyone deploy a new version of an ECS service when a new version image has been uploaded to the ECR?
RogierDover 5 years ago
Hey, Im looking at the cloudposse terraform modules today to see if i can use some of the modules to replace our own work and i see a difference between ssh key behaviour between two modules. We have placed an SSH key in our AWS environment, and we are able to reuse this in the single EC2 instance without the need to generate a new SSH key.
This works, the ssh key is found in the existing AWS environment and a plan is made.
When similar setup is used in the ec2 instance group setup like this:
The result is this:
I found the difference between the two modules in the ec2 instance resource:
In terraform-aws-ec2-instance
In terraform-aws-ec2-instance-group
Is this last the intended behaviour?
module "public_node" {
source = "git::<https://github.com/cloudposse/terraform-aws-ec2-instance.git?ref=master>"
ssh_key_pair = "id_rsa_test"
vpc_id = module.vpc.vpc_id
security_groups = [module.vpc.vpc_default_security_group_id]
subnet = module.subnets.public_subnet_ids[0]
associate_public_ip_address = true
name = "public"
namespace = var.namespace
stage = var.stage
ebs_volume_count = 2
allowed_ports = [22, 80, 443]
}This works, the ssh key is found in the existing AWS environment and a plan is made.
When similar setup is used in the ec2 instance group setup like this:
module "public_nodes" {
source = "git::<https://github.com/cloudposse/terraform-aws-ec2-instance-group.git?ref=master>"
namespace = var.namespace
stage = var.stage
name = var.name
region = var.region
ami = var.public_ami
ami_owner = var.owner_id
vpc_id = module.vpc.vpc_id
subnet = module.subnets.public_subnet_ids[0]
security_groups = [module.vpc.vpc_default_security_group_id]
assign_eip_address = "true"
associate_public_ip_address = "true"
instance_count = var.public_instances_count
root_volume_type = var.root_volume_type
root_volume_size = var.root_volume_size
delete_on_termination = "false"
ssh_key_pair = "id_rsa_test"
}The result is this:
Error: Error in function call
on .terraform/modules/public_nodes.ssh_key_pair/main.tf line 30, in resource "aws_key_pair" "imported":
30: public_key = file(local.public_key_filename)
|----------------
| local.public_key_filename is "/Users/rogierd/Git/platform/terraform/infrastructure/eu-c1-core-test-cluster.pub"
Call to function "file" failed: no file exists at
/Users/rogierd/Git/platform/terraform/infrastructure/eu-c1-core-test-cluster.pub.I found the difference between the two modules in the ec2 instance resource:
In terraform-aws-ec2-instance
key_name = var.ssh_key_pairIn terraform-aws-ec2-instance-group
key_name = signum(length(var.ssh_key_pair)) == 1 ? var.ssh_key_pair : module.ssh_key_pair.key_nameIs this last the intended behaviour?
Joe Hostenyover 5 years ago
Hi all - does anyone know how to perform a
state rm using the CP tooling on TF 0.12? I believe I am running into a variant of https://github.com/hashicorp/terraform/issues/17300.zeidover 5 years ago
I hope this patch I created to tfmask will be useful, https://github.com/cloudposse/tfmask/pull/17
rssover 5 years ago(edited)
v0.13.0-beta2
0.13.0-beta2 (June 17, 2020)
NOTES:
backend/s3: Deprecated lock_table, skip_get_ec2_platforms, and skip_requesting_account_id arguments have been removed (#25134)
backend/s3: Credential ordering has changed from static, environment, shared credentials, EC2 metadata, default AWS Go SDK (shared configuration, web identity, ECS, EC2...
0.13.0-beta2 (June 17, 2020)
NOTES:
backend/s3: Deprecated lock_table, skip_get_ec2_platforms, and skip_requesting_account_id arguments have been removed (#25134)
backend/s3: Credential ordering has changed from static, environment, shared credentials, EC2 metadata, default AWS Go SDK (shared configuration, web identity, ECS, EC2...
Erik Osterman (Cloud Posse)over 5 years ago
David Medinetsover 5 years ago
Here is a fragment of my terraform code. This issue is how does my ansible script know about the eip that is created after the instance. I hope there is a way. Alternatively, can I run the ansible script after the eip is created? I'm shutting down tonight. Hopefully, someone can answer while I am sleeping! Thanks.
resource "aws_instance" "openrmf" {
ami = var.ami
... details ...
# this provisioner waits for the instance to accept SSH.
provisioner "remote-exec" {
inline = [
"sudo yum install -y python3"
]
}
# this provisioner runs the ansible script. however, the eip is not available yet?
provisioner "local-exec" {
command = "ansible-playbook --extra-vars \"rmf_admin_password=${var.rmf_admin_password}\" -u ${var.ssh_user} -i '${self.public_ip},' --private-key ${var.pki_private_key} playbook.openrmf.yml"
environment = {
ANSIBLE_HOST_KEY_CHECKING = "False"
}
}
# here is the eip creation and association.
resource "aws_eip" "openrmf" {
instance = aws_instance.openrmf.id
vpc = true
tags = {
Name = "openrmf"
}
}David Medinetsover 5 years ago
I was able to run the local-exec (to execute the ansible playbook) inside the aws_eip resource.
Bircan Biliciover 5 years ago
Hi Everyone,
Is there any one who updated to Terraform 0.13 Beta, Would you please explain how to build 0.13 Beta
Is there any one who updated to Terraform 0.13 Beta, Would you please explain how to build 0.13 Beta
Jason Fover 5 years ago
have a few questions around backend/tfstate and migrating things around ( a thread) :
DJover 5 years ago
Hello, I’m getting an error running the following in
The error is:
terraform plan. From everything I read, this seems like it should work. If anyone can see what I’m doing wrong, I would appreciate the help.variable restrict_to_az {
type = list
description = "Optional list of Availability Zone IDs (not names) to restrict the deployment to."
default = []
}
locals {
subnet_az = length(var.restrict_to_az) > 0 ? var.restrict_to_az : []
}
data aws_subnet_ids public {
vpc_id = var.vpc_id
tags = {
Visibility = "public"
}
# Optionally filter the subnets we deploy to by a list of availability zone IDs
dynamic "filter" {
for_each = local.subnet_az
name = "availabilityZoneId"
values = [filter.value]
}
}The error is:
Error: Unsupported argument
on .terraform/modules/…/subnets.tf line 31, in data “aws_subnet_ids” “public”:
31: name = “availabilityZoneId”
An argument named “name” is not expected here.
Error: Unsupported argument
on .terraform/modules/…/subnets.tf line 32, in data “aws_subnet_ids” “public”:
32: values = [filter.value]
An argument named “values” is not expected here.
Igorover 5 years ago
@DJ You want to wrap name and values in a
block
content {}block
zadkielover 5 years ago
Hello SweetOps!
zadkielover 5 years ago(edited)
Any other workaround than moving everything to the config dir that has all the tf files?
zadkielover 5 years ago
I just need to
terraform output 😞Erik Osterman (Cloud Posse)over 5 years ago(edited)
btw, @zadkiel any insights on what we can do about this? https://github.com/aslafy-z/helm-git/issues/9 😃
vickenover 5 years ago
Hi all! Just saw this and was wondering for any GitLab shops or greenfield stuff, has anybody tried out “GitLab managed Terraform State” https://docs.gitlab.com/ee/user/infrastructure/#gitlab-managed-terraform-state
lorenover 5 years ago
in case ya'll haven't switched to the
templatefile() function, away from the template_file provider yet, the provider was just archived... https://github.com/hashicorp/terraform-provider-template/issues/85rssover 5 years ago(edited)
Scheduled Maintenance | Terraform Cloud
Jun 21, 07:01 UTC
In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.Jun 15, 16:58 UTC
Scheduled - Terraform Cloud will undergo scheduled maintenance on Sunday, June 21st beginning at 7:00 UTC. We expect this maintenance to complete in an hour. During this time, terraform runs themselves will be operational but output from the runs may be impacted for a short period of time.
Jun 21, 07:01 UTC
In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.Jun 15, 16:58 UTC
Scheduled - Terraform Cloud will undergo scheduled maintenance on Sunday, June 21st beginning at 7:00 UTC. We expect this maintenance to complete in an hour. During this time, terraform runs themselves will be operational but output from the runs may be impacted for a short period of time.
rssover 5 years ago
Scheduled Maintenance | Terraform Cloud
Jun 21, 08:05 UTC
Completed - The scheduled maintenance has been completed.Jun 21, 07:01 UTC
In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.Jun 15, 16:58 UTC
Scheduled - Terraform Cloud will undergo scheduled maintenance on Sunday, June 21st beginning at 7:00 UTC. We expect this maintenance to complete in an hour. During this time, terraform runs themselves will be operational but output from the runs may be impacted for a short period of time.
Jun 21, 08:05 UTC
Completed - The scheduled maintenance has been completed.Jun 21, 07:01 UTC
In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.Jun 15, 16:58 UTC
Scheduled - Terraform Cloud will undergo scheduled maintenance on Sunday, June 21st beginning at 7:00 UTC. We expect this maintenance to complete in an hour. During this time, terraform runs themselves will be operational but output from the runs may be impacted for a short period of time.
rssover 5 years ago(edited)
Scheduled Maintenance - Terraform Cloud
THIS IS A SCHEDULED EVENT Jun 25, 08:00 - 09:00 UTCJun 22, 10:17 UTC
Scheduled - Terraform Cloud will undergo scheduled maintenance on Thursday, June 25th 2020 beginning at 8:00 UTC. We anticipate the maintenance will take no longer than an hour. During this time, some Terraform Cloud plans or runs may be delayed.
THIS IS A SCHEDULED EVENT Jun 25, 08:00 - 09:00 UTCJun 22, 10:17 UTC
Scheduled - Terraform Cloud will undergo scheduled maintenance on Thursday, June 25th 2020 beginning at 8:00 UTC. We anticipate the maintenance will take no longer than an hour. During this time, some Terraform Cloud plans or runs may be delayed.
C
Cloud Posseover 5 years ago
Join us for "Office Hours" every Wednesday 11:30AM (PST, GMT-7) via Zoom.This is an opportunity to ask us questions on
terraform and get to know others in the community on a more personal level. Next one is Jul 01, 2020 11:30AM.👉️ Register for Webinar
#office-hours (our channel)
PePe Amengualover 5 years ago
ME
PePe Amengualover 5 years ago
ME
Tehmasp Chaudhriover 5 years ago
Us to.
Tehmasp Chaudhriover 5 years ago
Just came here to check.
PePe Amengualover 5 years ago
the status page is shows nothing
Tehmasp Chaudhriover 5 years ago
failing on AWS provider CI tests as well: https://github.com/terraform-providers/terraform-provider-aws/runs/796393230
Andrew Rothover 5 years ago
They are fixing it now: https://github.com/terraform-providers/terraform-provider-aws/issues/13877
PePe Amengualover 5 years ago
maybe I should pin the providers……
Jeff McCollumover 5 years ago
How many people pin their providers? Does it depend on the provider? Personally I never pin the AWS one, and it hasn't bitten me very often. But some on my team pin providers all the time.
Bruceover 5 years ago
Has anyone overcome the issue with CloudFront not accepting a Lambd@Edge version of
$latest ? I've tried creating an alias and referencing that but still get $LATEST as the version number.Erik Osterman (Cloud Posse)over 5 years ago
if any volunteers are interested in helping out in maintaining our modules, please reach out to me. we have a private contributors channel where we coordinate efforts. Typical things we need help with are terraform code reviews, fixing terratest (golang) integration tests, helping other contributors get their PRs merged, etc.
curious deviantover 5 years ago(edited)
Hello, I am trying to dynamically find the NAT gateways in my various env VPCs using datasources for both subnets and nat gateways. However the nat gateway datasource expects a single value as an output. Our subnets are across multiple azs and each has a NAT. Is there a way for still dynamically retrieving nat gateway IPs dynamically using TF ?
RBover 5 years ago(edited)
for this module https://github.com/cloudposse/terraform-aws-ecs-alb-service-task
it creates a
it creates a
aws_iam_role.ecs_service task role but we already have the AWSServiceRoleForECSaws iam list-roles --path-prefix /aws-service-role/ecs.amazonaws.com/peteover 5 years ago(edited)
Morning! I'm using this module: https://github.com/cloudposse/terraform-aws-ec2-autoscale-group and it's working great except I'm trying to figure out how to lifecycle ignore
Anyone know how to get around this?
latest_version because it increases every time I do a terraform apply and I'd like to prevent doing an update in-place on every run.Anyone know how to get around this?
PePe Amengualover 5 years ago
I’m having a stupid issue with lists : I’m passing a list as an argument
[aws_iam_role.AuroraAccessToDataBuckets.arn, aws_iam_role.AuroraIamAuth[*].arn]David Medinetsover 5 years ago
In my variables.tf file, I set an AMI value. Instead of hard-coding it I'd like to get the value from a script execution. Is there a way to do that? This is the equivalent of $(./get-current-centos7-ami.sh) in a shell script.
muhahaover 5 years ago
what interpolation can I use to detect dir from terragrunt is run ? like I am using
terragrunt --terragrunt-working-dirmuhahaover 5 years ago
how can I use terraform func in terragrunt ? Like in inputs ?
wont work
inputs = {
foo = path.cwd()
}wont work
Pierre-Yvesover 5 years ago
Hello, did you use https://github.com/eerkunt/terraform-compliance ?
I have installed it but 1.2.7 use the latest terraform version 0.13.0-beta1 and don't run against 0.12
Is there a way to find a version compatible with the stable terraform 0.12.26 ?
I have installed it but 1.2.7 use the latest terraform version 0.13.0-beta1 and don't run against 0.12
Is there a way to find a version compatible with the stable terraform 0.12.26 ?
Andrewover 5 years ago
qq on https://github.com/cloudposse/terraform-aws-jenkins a required option is
var.github_branchGitHub repository branch, e.g. 'master'. By default, this module will deploy '<https://github.com/cloudposse/jenkins>' master branchAndrewover 5 years ago
is this asking for the branch name or the url to the github repo?
RBover 5 years ago
For the devs who create and maintain company specific terraform modules, how do you maintain your modules? do you have pre-commit hooks? automatic terraform fmt? terraform-docs? chatops?
would love to hear what you do to initialize your repository and what you use to maintain your internal modules.
would love to hear what you do to initialize your repository and what you use to maintain your internal modules.
David Scottover 5 years ago
To get full coverage (all regions) in an account with AWS Config and AWS Guardduty, am I correct in thinking that I have to add AWS providers for every active region in the account, and add one of each of the following for each region/provider?:
aws_config_configuration_recorderaws_config_configuration_recorder_status { is_enabled = true }aws_guardduty_detectorPePe Amengualover 5 years ago
I just made a mistake …..I was using
resource “random_string” and I realize the terraform plan and apply are showint the password in the terminal, I thought there was a sensitive clause or something like that to obscure them ?rssover 5 years ago(edited)
Scheduled Maintenance - Terraform Cloud
Jun 25, 08:00 UTC
In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.Jun 22, 10:17 UTC
Scheduled - Terraform Cloud will undergo scheduled maintenance on Thursday, June 25th 2020 beginning at 8:00 UTC. We anticipate the maintenance will take no longer than an hour. During this time, some Terraform Cloud plans or runs may be delayed.
Jun 25, 08:00 UTC
In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.Jun 22, 10:17 UTC
Scheduled - Terraform Cloud will undergo scheduled maintenance on Thursday, June 25th 2020 beginning at 8:00 UTC. We anticipate the maintenance will take no longer than an hour. During this time, some Terraform Cloud plans or runs may be delayed.
rssover 5 years ago(edited)
Scheduled Maintenance - Terraform Cloud
Jun 25, 09:00 UTC
Completed - The scheduled maintenance has been completed.Jun 25, 08:00 UTC
In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.Jun 22, 10:17 UTC
Scheduled - Terraform Cloud will undergo scheduled maintenance on Thursday, June 25th 2020 beginning at 8:00 UTC. We anticipate the maintenance will take no longer than an hour. During this time, some Terraform Cloud plans or runs may be delayed.
Jun 25, 09:00 UTC
Completed - The scheduled maintenance has been completed.Jun 25, 08:00 UTC
In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.Jun 22, 10:17 UTC
Scheduled - Terraform Cloud will undergo scheduled maintenance on Thursday, June 25th 2020 beginning at 8:00 UTC. We anticipate the maintenance will take no longer than an hour. During this time, some Terraform Cloud plans or runs may be delayed.
David Medinetsover 5 years ago(edited)
I was hoping to use interpolation in the following way but it is not allowed. What is the better way?
I can create tags using interpolation, but wanted to centralize the value.
variable "tag_name" {
default = "centos-${formatdate("YYYYMMDDhhmmss", timestamp())}"
}I can create tags using interpolation, but wanted to centralize the value.
tags = { Name = "centos-${formatdate("YYYYMMDDhhmmss", timestamp())}" }David Medinetsover 5 years ago
How come https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/password does not say how to find the password for later use?
David Medinetsover 5 years ago
I am creating a password as resource
Then trying to use inside a template_file so that I can push it to Ansible.
Terraform does not like the interpolation. The message is
resource "random_password" "centos_user_password" {
length = 16
special = true
override_special = "_%@"
}Then trying to use inside a template_file so that I can push it to Ansible.
data "template_file" "tf_ansible_vars_file" {
template = "${file("./tr_ansible_vars_file.yml.tpl")}"
vars = {
centos_password = random_password.centos_user_password.result
}
}Terraform does not like the interpolation. The message is
There is no variable named "centos_user_password"David Medinetsover 5 years ago
Is there a terraform equivalent to ansible's
password_hash? I know about the random_password resource. I want to do something like "my_password | password_hash('sha512')"Pierre-Yvesover 5 years ago
Hello, it seems terraform
resource "azurerm_template_deployment" to deploy ARM template don't print out the outputs values 😕 unlike what is stated in https://www.terraform.io/docs/providers/azurerm/r/template_deployment.htmlRBover 5 years ago
This would make vetting terraform modules a lot easier
https://github.com/segmentio/terraform-docs/issues/276
https://github.com/segmentio/terraform-docs/issues/276
David J. M. Karlsenover 5 years ago
Hi - I’d like to use the ecr module, but can the version-range be changed to allow for 0.13? I want to iterate over a collection in the module - which is a TF0.13 feature
Erik Osterman (Cloud Posse)over 5 years ago
We've just pushed a cloudposse reference module example. This is the scaffolding we use to create new modules following all the best practices I know of 😃
Matt Gowieover 5 years ago
Terraform v0.12.20 launched some sweet helper functions that I am just now finding out about:
https://levelup.gitconnected.com/using-terraforms-try-can-and-input-validation-eb45037af2b2
can() and try().variable_validation + can is pretty rad — definitely could use that in CP modules for better input validation / messaging to consumers at some point once it’s more widely supported and more folks are on v0.12.20+.https://levelup.gitconnected.com/using-terraforms-try-can-and-input-validation-eb45037af2b2
Haroon Rasheedover 5 years ago(edited)
During remote execution (remote-exec) my script supposed to run to completion. however it got terminated in halfway mark and it made my deployment unusable. If I am not wrong I guess this got terminated due to some string from the script output made terraform to assume script execution is complete. If this is the case, any idea how to make terraform to wait until script is completed? is there a way to overcome this?
ismailover 5 years ago(edited)
Hi Guys I am using https://github.com/cloudposse/terraform-aws-cloudtrail to setup cloudtrail
I am currently facing issues with:
And here is my tf file
Can't get it what is wrong here... Can someone please suggest something...
Thanks!
I am currently facing issues with:
The given value is not suitable for child module variable "event_selector"
defined at ../modules/terraform-aws-cloudtrail/variables.tf:90,1-26: list of
object required.And here is my tf file
event_selector = {
read_write_type = "All"
include_management_events = true
data_resource = {
type = "AWS::S3::Object"
values = ["arn:aws:s3:::"]
}
}Can't get it what is wrong here... Can someone please suggest something...
Thanks!
C
Cloud Posseover 5 years ago
Join us for "Office Hours" every Wednesday 11:30AM (PST, GMT-7) via Zoom.This is an opportunity to ask us questions on
terraform and get to know others in the community on a more personal level. Next one is Jul 08, 2020 11:30AM.👉️ Register for Webinar
#office-hours (our channel)
Tom Howarthover 5 years ago
I am trying to create two redis cashes on azure, on for with a standard profile and another with a premium profile I have copied this code form Microsoft, but I believe that it is for 0.11 or lower not 012
resource "azurerm_redis_cache" "standard" {
count = var.redissku == "Standard" ? 1 : 0
name = "${var.prefix}.Redis${random_id.redis.hex}"
location = "$azurerm_resource_group.main.location"
resource_group_name = "$azurerm_resource_group.main.name"
capacity = var.redisvmcapacity
family = var.redisvmfamily
sku_name = var.redissku
}
when I run a terrafrom plan or validate I get an error here:
Error: "resource_group_name" may only contain alphanumeric characters, dash, underscores, parentheses and periods
on Lamp-Azure.tf line 274, in resource "azurerm_redis_cache" "standard":
274: resource "azurerm_redis_cache" "standard" {
I think it is to do with the format of the name option. none of the outputs from my variables have any banned characters, so I suspect that is something to do with the way my variable is built up and that terraform is reading it as ${var.prefix{Redis${random.id.redis.hex} rather than "myValueRedis6d (or some other random hex value)
resource "azurerm_redis_cache" "standard" {
count = var.redissku == "Standard" ? 1 : 0
name = "${var.prefix}.Redis${random_id.redis.hex}"
location = "$azurerm_resource_group.main.location"
resource_group_name = "$azurerm_resource_group.main.name"
capacity = var.redisvmcapacity
family = var.redisvmfamily
sku_name = var.redissku
}
when I run a terrafrom plan or validate I get an error here:
Error: "resource_group_name" may only contain alphanumeric characters, dash, underscores, parentheses and periods
on Lamp-Azure.tf line 274, in resource "azurerm_redis_cache" "standard":
274: resource "azurerm_redis_cache" "standard" {
I think it is to do with the format of the name option. none of the outputs from my variables have any banned characters, so I suspect that is something to do with the way my variable is built up and that terraform is reading it as ${var.prefix{Redis${random.id.redis.hex} rather than "myValueRedis6d (or some other random hex value)
Tom Howarthover 5 years ago
ignore my last, I found the error
Iiro Niinikoskiover 5 years ago
Anyone using Dependabot with Terraform updates...? I've been trying to find some real-life examples and haven't had a moment to try out yet anything, just wanted to check if someone has experience already. I might ask GitHub as well, they had their KB-forum...
peteover 5 years ago(edited)
Reposting one last time:
Morning! I'm using this module: https://github.com/cloudposse/terraform-aws-ec2-autoscale-group and it's working great except I'm trying to figure out how to lifecycle ignore latest_version because it increases every time I do a terraform apply and I'd like to prevent doing an update in-place on every run.
Anyone know how to get around this?
Joe Hostenyover 5 years ago
@Erik Osterman (Cloud Posse) not sure if you caught my comment, but it looks like the
ecs-web-app module failure is due to https://github.com/terraform-providers/terraform-provider-github/commit/5e9d0756b071efa05a909fcff6428010ad661181#diff-9d0b8010dc61a844fd5ffde3f9a8c38e. The webhooks module is going to start breaking again for people.benover 5 years ago
anyone know what the difference is between
https://github.com/cloudposse/terraform-null-label/blob/master/variables.tf#L7-L16
They are very similar.
real word use cases would be nice to see
environment and stage in the label module:https://github.com/cloudposse/terraform-null-label/blob/master/variables.tf#L7-L16
They are very similar.
real word use cases would be nice to see
Erik Osterman (Cloud Posse)over 5 years ago
Has anyone toyed around with https://www.terraform.io/docs/providers/aws/r/servicequotas_service_quota.html
Erik Osterman (Cloud Posse)over 5 years ago
?
joshmyersover 5 years ago
Anyone using Open Policy Agent/Conftest with Terraform?
Tom Howarthover 5 years ago
Can anybody help with what it think is a basic Terraform issue.
Tom Howarthover 5 years ago
I am having issues wtih parsing derived values with the azurerm provider.
Tom Howarthover 5 years ago
it seems to be related to the resource.examp[le.id value
Tom Howarthover 5 years ago
I am using 0.12.16 on windows