146 messages
J
Josh Duffneyover 5 years ago
What's a recommended way to manage the provider versions across modules?
Requirements:
• Ability to test modules independently
Please feel free to direct me to some reading if necessary.
Requirements:
• Ability to test modules independently
Please feel free to direct me to some reading if necessary.
rssover 5 years ago(edited)
v0.13.0-beta3
0.13.0-beta3 (July 01, 2020)
BUG FIXES:
backend/azurerm: support for snapshotting the blob used for remote state storage prior to change (#24069)
backend/remote: Prevent panic when there's a connection error (<a href="https://github.com/hashicorp/terraform/issues/25341" data-hovercard-type="pull_request"...
0.13.0-beta3 (July 01, 2020)
BUG FIXES:
backend/azurerm: support for snapshotting the blob used for remote state storage prior to change (#24069)
backend/remote: Prevent panic when there's a connection error (<a href="https://github.com/hashicorp/terraform/issues/25341" data-hovercard-type="pull_request"...
Sean Turnerover 5 years ago
Is there a way to deploy lambdas to lambda@edge via tf? Or is the only way to do it via api calls?
Maheshover 5 years ago
Hi All, anyone facing issues with
Terraform v0.12.24 running inside EKS Pod? somehow Terraform is assuming EKS worker node's role than Pod's ServiceAccount, the worker node's role doesn't have admin policy so its failing. Terraform v0.12.20 works fine with same setup. any leads?
Tom Howarthover 5 years ago
OK i have hit this little issuette with AzureRM and Vault where the token issued from vault is not being accepted by Azure as AD has not replicated. everything I have read suggests using a bash script to insert an artificial delay of 120 seconds into the authentication process.
I have this script that I nicked
subscription_id=$1
sleep $2
echo “{ \"subscription_id\”: \”$subscription_id\” }”
data “external” “subscription_id” {
program = [“./install.sh”, "<subscription_id>", “120”]
} (edited)
✅️👀🙌
[8:09 AM] and according to the post I was reading I replace the line subscription_id = <subscription_id> with subscription_id = "data.external.subscription_id.result["subscription_id"]"
however when I issue a terraform plan against that i receive:
There are some problems with the configuration, described below.
The Terraform configuration must be valid before initialization so that
Terraform can determine which modules and providers need to be installed.
Error: Missing newline after argument
on test.tf line 3, in provider "azurerm":
3: subscription_id = "data.external.subscription_id.result["subscription_id"]"
An argument definition must end with a newline.
I know I am missing something simple but i just cant see it.
I have this script that I nicked
subscription_id=$1
sleep $2
echo “{ \"subscription_id\”: \”$subscription_id\” }”
data “external” “subscription_id” {
program = [“./install.sh”, "<subscription_id>", “120”]
} (edited)
✅️👀🙌
[8:09 AM] and according to the post I was reading I replace the line subscription_id = <subscription_id> with subscription_id = "data.external.subscription_id.result["subscription_id"]"
however when I issue a terraform plan against that i receive:
There are some problems with the configuration, described below.
The Terraform configuration must be valid before initialization so that
Terraform can determine which modules and providers need to be installed.
Error: Missing newline after argument
on test.tf line 3, in provider "azurerm":
3: subscription_id = "data.external.subscription_id.result["subscription_id"]"
An argument definition must end with a newline.
I know I am missing something simple but i just cant see it.
Tim Birkettover 5 years ago
Could you maybe post the full bit of appropriate code in a code block? It's hard to understand above... Is it literally:
subscription_id=$1
sleep $2
echo "{ \"subscription_id\": \"$subscription_id\" }"
data "external" "subscription_id" {
program = ["./install.sh", "<subscription_id>", "120"]
}Tim Birkettover 5 years ago
Or is:
The contents of install.sh?
subscription_id=$1
sleep $2
echo "{ \"subscription_id\": \"$subscription_id\" }"The contents of install.sh?
Tom Howarthover 5 years ago
that is the script.
this is the code:
provider "azurerm" {
version = "~>2.0"
subscription_id = "data.external.subscription_id.result["subscription_id"]"
tenant_id = "tenant_id"
client_id = "data.vault_generic_secret.azure.data[“client_id”]"
client_secret = "data.vault_generic_secret.azure.data[“client_secret”]"
features {}
}
provider "vault" {
address = "vault_address:8200/"
auth_login {
path = "auth/approle/login"
parameters = {
role_id = "role_id"
secret_id = "secret_id"
}
}
}
data "vault_generic_secret" "azure" {
path = "azure/creds/Azure-Terraform"
}
resource "azurerm_resource_group" "rg" {
name = "myRemoteAmazicTest-rg"
location = "northeurope"
}
this is the code:
provider "azurerm" {
version = "~>2.0"
subscription_id = "data.external.subscription_id.result["subscription_id"]"
tenant_id = "tenant_id"
client_id = "data.vault_generic_secret.azure.data[“client_id”]"
client_secret = "data.vault_generic_secret.azure.data[“client_secret”]"
features {}
}
provider "vault" {
address = "vault_address:8200/"
auth_login {
path = "auth/approle/login"
parameters = {
role_id = "role_id"
secret_id = "secret_id"
}
}
}
data "vault_generic_secret" "azure" {
path = "azure/creds/Azure-Terraform"
}
resource "azurerm_resource_group" "rg" {
name = "myRemoteAmazicTest-rg"
location = "northeurope"
}
Tim Birkettover 5 years ago
You could also use a local-exec on a null resource to sleep for a bit in your terraform code like:
resource "null_resource" "pause_a_bit" {
provisioner "local-exec" {
command = "sleep 120"
}
}Tom Howarthover 5 years ago
I might try that cheers
Tom Howarthover 5 years ago
nope that did not work. the delay needs to be in the provider authentication not putting a pause on the code use.
Tom Howarthover 5 years ago
the issue is that the vault generated tokens have not been replicated arround the Azure AD so when they are presented back to Azure they are not seen as valid
Tom Howarthover 5 years ago
Error: Error building account: Error getting authenticated object ID: Error listing Service Principals: autorest.DetailedError{Original:adal.tokenRefreshError{message:"adal: Refresh request failed. Status Code = '400'. Response body: {\"error\":\"unauthorized_client\",\"error_description\":\"AADSTS700016: Application with identifier 'data.vault_generic_secret.azure.data[“client_id”]' was not found in the directory '7aeb5a8a-a7d2-40c1-8019-859b3549e7f1'. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You may have sent your authentication request to the wrong tenant.\\r\\nTrace ID: 5073fbfa-8f18-4ba9-a0c7-6f0934bf6c00\\r\\nCorrelation ID: f640271c-6e6f-49e2-8ede-5d24d6b46bb2\\r\\nTimestamp: 2020-07-03 10:06:44Z\",\"error_codes\":[700016],\"timestamp\":\"2020-07-03 10:06:44Z\",\"trace_id\":\"5073fbfa-8f18-4ba9-a0c7-6f0934bf6c00\",\"correlation_id\":\"f640271c-6e6f-49e2-8ede-5d24d6b46bb2\",\"error_uri\":\"https://login.microsoftonline.com/error?code=700016\"}", resp:(http.Response)(0xc000449950)}, PackageType:"azure.BearerAuthorizer", Method:"WithAuthorization", StatusCode:400, Message:"Failed to refresh the Token for request to https://graph.windows.net/7aeb5a8a-a7d2-40c1-8019-859b3549e7f1/servicePrincipals?%24filter=appId+eq+%27data.vault_generic_secret.azure.data%5B%E2%80%9Cclient_id%E2%80%9D%5D%27&api-version=1.6", ServiceError:[]uint8(nil), Response:(http.Response)(0xc000449950)}
on test.tf line 1, in provider "azurerm":
1: provider "azurerm" {
this is the generated account the enbolded section show an AD error code that says not valid account details.
on test.tf line 1, in provider "azurerm":
1: provider "azurerm" {
this is the generated account the enbolded section show an AD error code that says not valid account details.
Maarten van der Hoefover 5 years ago
@Tom Howarth you have this in quotes
client_id = "data.vault_generic_secret.azure.data["client_id"]"
client_secret = "data.vault_generic_secret.azure.data["client_secret"]"Maarten van der Hoefover 5 years ago(edited)
you need to remove those double quotes like so:
client_id = data.vault_generic_secret.azure.data["client_id"]
client_secret = data.vault_generic_secret.azure.data["client_secret"]Tom Howarthover 5 years ago
Error: Invalid character
on test.tf line 8, in provider "azurerm":
8: client_id = data.vault_generic_secret.azure.data[“client_id”]
This character is not used within the language.
Error: Invalid expression
on test.tf line 8, in provider "azurerm":
8: client_id = data.vault_generic_secret.azure.data[“client_id”]
Expected the start of an expression, but found an invalid expression token.
Error: Invalid character
on test.tf line 8, in provider "azurerm":
8: client_id = data.vault_generic_secret.azure.data[“client_id”]
This character is not used within the language.
Error: Invalid character
on test.tf line 9, in provider "azurerm":
9: client_secret = data.vault_generic_secret.azure.data[“client_secret”]
This character is not used within the language.
Error: Invalid character
on test.tf line 9, in provider "azurerm":
9: client_secret = data.vault_generic_secret.azure.data[“client_secret”]
This character is not used within the language.
on test.tf line 8, in provider "azurerm":
8: client_id = data.vault_generic_secret.azure.data[“client_id”]
This character is not used within the language.
Error: Invalid expression
on test.tf line 8, in provider "azurerm":
8: client_id = data.vault_generic_secret.azure.data[“client_id”]
Expected the start of an expression, but found an invalid expression token.
Error: Invalid character
on test.tf line 8, in provider "azurerm":
8: client_id = data.vault_generic_secret.azure.data[“client_id”]
This character is not used within the language.
Error: Invalid character
on test.tf line 9, in provider "azurerm":
9: client_secret = data.vault_generic_secret.azure.data[“client_secret”]
This character is not used within the language.
Error: Invalid character
on test.tf line 9, in provider "azurerm":
9: client_secret = data.vault_generic_secret.azure.data[“client_secret”]
This character is not used within the language.
Tom Howarthover 5 years ago
that is after removing the quotes
Tom Howarthover 5 years ago
removing the quotes for the value in the brackets results in this:
Error: Reference to undeclared resource
on test.tf line 3, in provider "azurerm":
3: subscription_id =data.external.subscription_id.result[subscription_id]
A data resource "external" "subscription_id" has not been declared in the root
module.
Error: Invalid reference
on test.tf line 3, in provider "azurerm":
3: subscription_id =data.external.subscription_id.result[subscription_id]
A reference to a resource type must be followed by at least one attribute
access, specifying the resource name.
Error: Invalid reference
on test.tf line 8, in provider "azurerm":
8: client_id = data.vault_generic_secret.azure.data[client_id]
A reference to a resource type must be followed by at least one attribute
access, specifying the resource name.
Error: Invalid reference
on test.tf line 9, in provider "azurerm":
9: client_secret = data.vault_generic_secret.azure.data[client_secret]
A reference to a resource type must be followed by at least one attribute
access, specifying the resource name.
Error: Reference to undeclared resource
on test.tf line 3, in provider "azurerm":
3: subscription_id =data.external.subscription_id.result[subscription_id]
A data resource "external" "subscription_id" has not been declared in the root
module.
Error: Invalid reference
on test.tf line 3, in provider "azurerm":
3: subscription_id =data.external.subscription_id.result[subscription_id]
A reference to a resource type must be followed by at least one attribute
access, specifying the resource name.
Error: Invalid reference
on test.tf line 8, in provider "azurerm":
8: client_id = data.vault_generic_secret.azure.data[client_id]
A reference to a resource type must be followed by at least one attribute
access, specifying the resource name.
Error: Invalid reference
on test.tf line 9, in provider "azurerm":
9: client_secret = data.vault_generic_secret.azure.data[client_secret]
A reference to a resource type must be followed by at least one attribute
access, specifying the resource name.
S Lover 5 years ago(edited)
hi all, I used the
Enabling
Any ideas?
cloudposse/terraform-aws-documentdb-cluster repo to create a documentdb instance in aws. How can I configure the docdb instance to send logs to Cloudwatch?Enabling
enabled_cloudwatch_logs_exports only enables the cluster logging. However, it does not enable the parameter group's audit_logs variable.Any ideas?
Igor Bronovskyiover 5 years ago
How to make a load balancer that after a successful health check not switched to the old version of the container?
Igor Bronovskyiover 5 years ago
About a minute I opened new and old version.
Igor Bronovskyiover 5 years ago
how to fix it?
Avi Khandelwalover 5 years ago
Hi guys! I am new to terraform and trying to get my hands on terraform functions. I have created main.tf file:
and variables.tf file:
It seems like
Thanks in advance.
resource "aws_lb_listener" "backend_alb_listener" {
load_balancer_arn = aws_lb.backend_alb.arn
port = lookup(var.alb_http_listeners, "port")
protocol = lookup(var.alb_http_listeners, "protocol", null)
# default_action - (Required) An Action block.
dynamic "default_action" {
for_each = var.alb_http_listeners
content {
type = lookup(default_action.value, "action_type", "forward")
target_group_arn = aws_lb_target_group.backend_alb_target_group.arn
}
}
} and variables.tf file:
variable "alb_http_listeners" {
default = {
"block 1" = {
port = 443
protocol = "HTTPS"
default_action = {
action_type = "forward"
}
}
}
type = any
description = "A list of maps describing the HTTP listeners or TCP ports for this ALB."
}It seems like
lookup the function is not able to read from variables.tf file as when I run terraform plan , it takes default values i.e, port = 80 and protocol = HTTP, not which I set in variables.tf file. Can anyone help me in writing the variables.tf file correctly.Thanks in advance.
C
Cloud Posseover 5 years ago
Join us for "Office Hours" every Wednesday 11:30AM (PST, GMT-7) via Zoom.This is an opportunity to ask us questions on
terraform and get to know others in the community on a more personal level. Next one is Jul 15, 2020 11:30AM.👉️ Register for Webinar
#office-hours (our channel)
Eric Alfordover 5 years ago(edited)
Hey everyone huge fan of what yall do. Been using your terraform modules for a long time.
Question: I'm switching our worker modules from terraform-aws-eks-workers to terraform-aws-eks-node-group and I noticed the node group module is missing the
Question: I'm switching our worker modules from terraform-aws-eks-workers to terraform-aws-eks-node-group and I noticed the node group module is missing the
bootstrap_extra_args parameter that the workers module has. This is a blocker for us so I wanted to see if there was something I was missing or if maybe this was on the road map to add?Eric Alfordover 5 years ago
Looks like this isn't actually possible with managed node groups. Nvm can ignore.
Brandon Wilsonover 5 years ago
Here’s a question for the crowd. I’m conditionally creating an NLB based off of a variable, and I need to conditionally add said NLB as an additional load balancer to an ECS cluster. I know this example doesn’t work, but this is basically what I’m trying to do, and wondering if anyone has done something similar
resource "aws_ecs_service" "service" {
name = "${var.namespace}-${var.stage}-${var.service}"
cluster = aws_ecs_cluster.cluster.id
task_definition = aws_ecs_task_definition.td.arn
launch_type = "FARGATE"
desired_count = var.desired_count
network_configuration {
security_groups = [aws_security_group.ecs_tasks_sg.id]
subnets = var.internal == true ? tolist(var.private_subnets_ids) : tolist(var.public_subnets_ids)
assign_public_ip = true
}
load_balancer {
target_group_arn = aws_lb_target_group.alb_tg.arn
container_name = var.container_name
container_port = var.public_container_port
}
load_balancer {
count = var.nlb_enabled == true ? 1 : 0
target_group_arn = aws_lb_target_group.nlb_tg[0].arn
container_name = var.container_name
container_port = var.private_container_port
}
}S Lover 5 years ago
Hello, I had a question about configuring parameter group settings using
cloudposse/terraform-aws-documentdb-cluster . Is there currently no way to update parameter group settings (such as enabling tls, ttl_monitor, and profiler logs) using that terraform template?
btaiover 5 years ago(edited)
when terraforming EKS with node groups, how do you add ingress for the automatically provisioned security group to the cluster SG and vice versa? I don’t see a SG attribute that is exported
rssover 5 years ago(edited)
Partial Outage of Workspace Updates, some Runs may not complete
Jul 8, 19:47 UTC
Identified - We are currently working on a fix for an issue that affects workspace changes. The underlying problem affects the ability for some runs to start or complete.
Jul 8, 19:47 UTC
Identified - We are currently working on a fix for an issue that affects workspace changes. The underlying problem affects the ability for some runs to start or complete.
rssover 5 years ago(edited)
Partial Outage of Workspace Updates, some Runs may not complete
Jul 8, 20:08 UTC
Resolved - We've tested and rolled out a fix for this issue. Runs that aren't completing can be discarded and re-queued. Locked workspaces can now be force-unlocked (via a new run or via settings --> locking --> force unlock). https://www.terraform.io/docs/cloud/workspaces/settings.html#lockingJul 8, 19:47 UTC
Identified - We are currently working on a fix for an issue that affects workspace changes. The underlying problem affects the ability for some runs to start or...
Jul 8, 20:08 UTC
Resolved - We've tested and rolled out a fix for this issue. Runs that aren't completing can be discarded and re-queued. Locked workspaces can now be force-unlocked (via a new run or via settings --> locking --> force unlock). https://www.terraform.io/docs/cloud/workspaces/settings.html#lockingJul 8, 19:47 UTC
Identified - We are currently working on a fix for an issue that affects workspace changes. The underlying problem affects the ability for some runs to start or...
sheldonhover 5 years ago
Does terraform registry nondeterministic versioning give you enough cause to stop using GitHub tag based sources and instead use the private registry that Terraform cloud offers? Seems like I could do non breaking updates this way while GitHub tags wouldn't
Haroon Rasheedover 5 years ago(edited)
Below local-exec was able to update .bashrc file in macOS but it never works. My execution fails with aws credentials are not configured..Same works fine in ubuntu OS. Any idea why it is failing and any solution to make it work. I cant configure using aws configure command as I am doing it on run time. Below is the way for me but why it is not working on macOS need to solve. Please suggest.
resource "null_resource" "aws_configure" {
provisioner "local-exec" {
command = "grep -qwF 'export AWS_ACCESS_KEY_ID' ~/.bashrc || echo 'export AWS_ACCESS_KEY_ID=${module.globals.aws_details["access_key"]}' >> ~/.bashrc;grep -qwF 'export AWS_SECRET_ACCESS_KEY' ~/.bashrc || echo 'export AWS_SECRET_ACCESS_KEY=${module.globals.aws_details["secret_key"]}' >> ~/.bashrc;grep -qwF 'export AWS_DEFAULT_REGION' ~/.bashrc || echo 'export AWS_DEFAULT_REGION=${module.globals.aws_details["region"]}' >> ~/.bashrc;"
interpreter = ["bash", "-c"]
}
}
Rajesh Babu Gangulaover 5 years ago
I am trying to update codebuild project with EFS settings as terraform aws_codebuild_project does not have the option to do it during initial setup .. I am getting the following error .... I am sure its something simple that I am missing here .. let me know if anyone can point me what is that I am missing here
null_resource.output-id: Provisioning with 'local-exec'...
null_resource.output-id (local-exec): Executing: ["/bin/sh" "-c" "aws codebuild update-project --name supercell-shared-infra --file-system-locations [type=EFS,location=<http://fs-865b7b05.efs.us-east-1.amazonaws.com|fs-865b7b05.efs.us-east-1.amazonaws.com>,mountPoint=mount-point,identifier=efs-identifier]"]
null_resource.output-id (local-exec): Expecting value: line 1 column 2 (char 1)
Sai Krishnaover 5 years ago
Hi Everyone - I have a question on terraform.
I wrote a aws pipeline setup script in terraform that gets all the config values from variables with the intention of reusing the script for creating multiple pipelines. But , if I update my variables to create a new pipeline then as the state file has information on the previous terraform builds its overriding the existing pipeline with new values. How do I handle this situation?
I wrote a aws pipeline setup script in terraform that gets all the config values from variables with the intention of reusing the script for creating multiple pipelines. But , if I update my variables to create a new pipeline then as the state file has information on the previous terraform builds its overriding the existing pipeline with new values. How do I handle this situation?
Erik Osterman (Cloud Posse)over 5 years ago
E
erikover 5 years ago
Erik Osterman (Cloud Posse)over 5 years ago
Excited to see that third party providers will be as easy to leverage as modules
lorenover 5 years ago
I hope they make it easy to host your own registry, or proxy/cache the terraform registry at your own endpoint
lorenover 5 years ago
or provide a git-source option for providers, like they do for modules
organicnzover 5 years ago(edited)
Hi guys, how would you try to resolve this issue? I dive more in depth through this workshop 😅https://www.techcrumble.net/2020/01/how-to-configure-terraform-aws-backend-with-s3-and-dynamodb-table/
terraform apply -auto-approve
Acquiring state lock. This may take a few moments...
Error: Error locking state: Error acquiring the state lock: 2 errors occurred:
* ResourceNotFoundException: Requested resource not found
* ResourceNotFoundException: Requested resource not found
Terraform acquires a state lock to protect the state from being written
by multiple users at the same time. Please resolve the issue above and try
again. For most commands, you can disable locking with the "-lock=false"
flag, but this is not recommended.
C
Cloud Posseover 5 years ago
Join us for "Office Hours" every Wednesday 11:30AM (PST, GMT-7) via Zoom.This is an opportunity to ask us questions on
terraform and get to know others in the community on a more personal level. Next one is Jul 22, 2020 11:30AM.👉️ Register for Webinar
Mr.Devopsover 5 years ago
can someone help me understand the diff between why one should use
.tfvars vs auto.tfvars? Reading several blogs/docs they seems to be used in the same mannerRajesh Babu Gangulaover 5 years ago
whats the best way to run a loop on module?
I need to be able to build an small environment automatically based on a list variable , I see the loop for the module is going to be available in 0.13 but since its not available yet .. is there any other way that I can accomplish this ... I am looking at for_each but I am confused if the cross resource dependencies will work as I needed to pass other resource outputs .. any help would be greatly appreciated
I need to be able to build an small environment automatically based on a list variable , I see the loop for the module is going to be available in 0.13 but since its not available yet .. is there any other way that I can accomplish this ... I am looking at for_each but I am confused if the cross resource dependencies will work as I needed to pass other resource outputs .. any help would be greatly appreciated
Vucomir Ianculovover 5 years ago
Hey everyone. i'm using terraform-aws-eks-workers 0.7.1 still on terraform 0.11 😞, i'm looking for a way to add availability zone in the tags so i can spread my pods on all nodes evenly across all nodes topologySpreadConstraints, is there a easy way of doing this?
HarjotSinghover 5 years ago(edited)
hi Team.. I want to create iam users for my team so that they can access AWS console and perform operations on dynamo db and sqs. I want to do it using terraform.. Any good pointers on that? I checked these 2 links but are very basic https://www.terraform.io/docs/providers/aws/r/iam_user.html https://www.terraform.io/docs/providers/aws/r/iam_access_key.html Need some advanced options and multiple policies which I can enforce for those IAM users
Sai Krishnaover 5 years ago
Hi Team - I have my terraform scripts bundled as modules, now I have a main.tf under root directory and I have multiple module configurations reusing same module but with different variables with the intent of reusing the module code for multiple module configurations. But when I do a terraform plan instead of creating 2 resources its basically overriding 1st one with 2nd configuration why does this happen and what is the way to create multiple resources ?
Mr.Devopsover 5 years ago
Has anyone ran into the error below when using dynamic block function on tags?
here's what i'm inserting
on main.tf line 50, in resource "aws_launch_template" "default":
50: dynamic tags {
Blocks of type "tags" are not expected herehere's what i'm inserting
dynamic "tags" {
for_each = local.common_tags
content {
key = tags.key
value = tags.value
}
}
Anirudh Srinivasanover 5 years ago
How can narrow down my filter to just “id”. Here is what i am running
terraform state show module.controlplane.aws_security_group.worker
terraform state show module.controlplane.aws_security_group.worker
resource "aws_security_group" "worker" {
arn = "arn:aws:ec2:us-west-2:000000000:security-group/sg-000000000000"
id = "sg-000000000000"
ingress = []
name = "foobar"
owner_id = "000000000"
revoke_rules_on_delete = false
vpc_id = "vpc-000000000000"
}B
bondarover 5 years ago
hey there, having legacy terraform 0.11 and aws provider 1.32.0
goal - manage credentials through 3 aws accounts (environments
the question is that am i overcomplicating or exists more easier way to handle theses?
goal - manage credentials through 3 aws accounts (environments
dev, test, prod) and 5 logical domains for each environment into SSMthe question is that am i overcomplicating or exists more easier way to handle theses?
B
bondarover 5 years ago
here’s
module code
bondarover 5 years ago
note:
• yes, i know regarding a security concerns
• state locally managed
• yes, i know regarding a security concerns
• state locally managed
Michał Czeraszkiewiczover 5 years ago
Trying to use a private GitLab repository as Terraform module.
It works fine when I hardcode the token like this:
It also works like this:
When I extend my
Is there a way I could provide the
It works fine when I hardcode the token like this:
module "resource_name" {
source = "git::<https://oauth2>:<GITLAB_TOKEN>@gitlab.com/user/repo.git?ref=tags/v0.1.2"
...
}It also works like this:
module "resource_name" {
source = "git::<https://gitlab.com/user/repo.git?ref=tags/v0.1.2>"
...
}When I extend my
~/.gitconfig with:[url "<https://oauth2>:<GITLAB_TOKEN>@gitlab.com"]
insteadOf = <https://gitlab.com>Is there a way I could provide the
GITLAB_TOKEN via environment variable?
Jonathan Leover 5 years ago
damn damn damn, this is good: https://registry.terraform.io/modules/cloudposse/iam-policy-document-aggregator/aws/0.1.0. We're doing it a different crappier way where I'm at. Going to suggest we swap over to this.
Luisover 5 years ago
Hi! anyone facing this issue when destroying/creating an AWS EKS cluster? https://github.com/cloudposse/terraform-aws-eks-cluster/issues/67
rssover 5 years ago
Terraform Cloud Outage
Jul 17, 21:31 UTC
Investigating - Due to a failure in a third-party DNS provider, Terraform Cloud runs are failing and the Terraform Cloud web interface is unavailable.
Jul 17, 21:31 UTC
Investigating - Due to a failure in a third-party DNS provider, Terraform Cloud runs are failing and the Terraform Cloud web interface is unavailable.
rssover 5 years ago
Terraform Cloud Outage
Jul 17, 21:41 UTC
Monitoring - Terraform Cloud is currently back to normal functionality. We're continuing to monitor DNS functionality and communicate with our provider.Jul 17, 21:31 UTC
Investigating - Due to a failure in a third-party DNS provider, Terraform Cloud runs are failing and the Terraform Cloud web interface is unavailable.
Jul 17, 21:41 UTC
Monitoring - Terraform Cloud is currently back to normal functionality. We're continuing to monitor DNS functionality and communicate with our provider.Jul 17, 21:31 UTC
Investigating - Due to a failure in a third-party DNS provider, Terraform Cloud runs are failing and the Terraform Cloud web interface is unavailable.
rssover 5 years ago(edited)
Terraform Cloud Outage
Jul 17, 22:35 UTC
Resolved - The upstream DNS provider has fixed the issue.
Terraform Cloud is operational again - if a run failed during this outage, please re-queue it.
If you have problems queueing runs, please reach out to support.Jul 17, 21:41 UTC
Monitoring - Terraform Cloud is currently back to normal functionality. We're continuing to monitor DNS functionality and communicate with our provider.Jul 17, 21:31 UTC
Investigating - Due to a failure in a third-party DNS provider, Terraform...
Jul 17, 22:35 UTC
Resolved - The upstream DNS provider has fixed the issue.
Terraform Cloud is operational again - if a run failed during this outage, please re-queue it.
If you have problems queueing runs, please reach out to support.Jul 17, 21:41 UTC
Monitoring - Terraform Cloud is currently back to normal functionality. We're continuing to monitor DNS functionality and communicate with our provider.Jul 17, 21:31 UTC
Investigating - Due to a failure in a third-party DNS provider, Terraform...
C
Châu Anh Tuấnover 5 years ago
Hi everyone,
I have got a problem with Terraform when I add more than 6 tags on the AWS services.
I have got a problem with Terraform when I add more than 6 tags on the AWS services.
Châu Anh Tuấnover 5 years ago
It didn't update the "kubernetes.io/role/elb" = "1" to stage file (edited)
I cannot find the reason for that.
Can you help me find out?
I cannot find the reason for that.
Can you help me find out?
sheldonhover 5 years ago
What's the latest from 01.13 hands on? Has it saved a lot of repeat code for you so far? Haven't tried as using Terraform cloud primarily. Overall reaction to improvements would be great.
Vucomir Ianculovover 5 years ago(edited)
Hi, i was using EKS worker nodes in the past our our staging ENV and now i would like to switch to terraform-aws-eks-node-group my question is
1. if i use terraform-aws-eks-node-group is there a way to encrypt the disk and also set scaling policy(CPU limit) ?
2. if i use EKS worker nodes is there a way to automatically dain nodes before removing them, at the moment i'm using
thanks.
1. if i use terraform-aws-eks-node-group is there a way to encrypt the disk and also set scaling policy(CPU limit) ?
2. if i use EKS worker nodes is there a way to automatically dain nodes before removing them, at the moment i'm using
termination_policies = ["OldestInstance", "OldestLaunchConfiguration", "Default"] ? thanks.
C
Cloud Posseover 5 years ago
Join us for "Office Hours" every Wednesday 11:30AM (PST, GMT-7) via Zoom.This is an opportunity to ask us questions on
terraform and get to know others in the community on a more personal level. Next one is Jul 29, 2020 11:30AM.👉️ Register for Webinar
Paul Catineanover 5 years ago
Hi, has anyone here used terraform with helmfile together?
sheldonhover 5 years ago
Would like clarification so I can expand on the actual expression syntax used in this draft blog post I wrote on using expressions with Terraform for iteration with for_each. PR#40 - Iteration through list of objects
If you are up for it, I’d love any comments on the pull request itself, as I’m a bit unclear about if this is a Terraform foreach type of construct. It seems to be using syntax that is partially go, with the for key,val in list syntax.
I’d like to understand this better as I’ve seen the flatten function used before with some more complex cases and can’t find any reference on the for each syntax itself explaining the schema of it such as
If you are up for it, I’d love any comments on the pull request itself, as I’m a bit unclear about if this is a Terraform foreach type of construct. It seems to be using syntax that is partially go, with the for key,val in list syntax.
I’d like to understand this better as I’ve seen the flatten function used before with some more complex cases and can’t find any reference on the for each syntax itself explaining the schema of it such as
for <itemvariable> in <Collection>: <object> => <propertyforkey> and as a result I’m guessing too much on this stuff.Mr.Devopsover 5 years ago
hi hoping someone have ran into this and was able to come with a solution.
I have the following
If i ran terraform plan the error is thrown
how can i use a variable in the value w/out running into this? Maybe some way of escaping the value?
I have the following
resource "tfe_variable" "lt_vpc_security_group_ids" {
category = "terraform"
key = "lt_vpc_security_group_ids"
value = var.lt_vpc_security_group_ids
hcl = true
workspace_id = tfe_workspace.id
}If i ran terraform plan the error is thrown
Inappropriate value for attribute "value": string required.how can i use a variable in the value w/out running into this? Maybe some way of escaping the value?
Mr.Devopsover 5 years ago
the variable type is set to use
list(string)Mr.Devopsover 5 years ago
maybe i can change it to use value =
"[<http://var.lt|var.lt>_vpc_security_group_ids]"M
Mr.Devopsover 5 years ago
and the final result if i use the above.
Pierre-Yvesover 5 years ago
hello,
is there a terraform command that allow to fetch and inspect data output ?
by example I would to get and print the values availables by :
is there a terraform command that allow to fetch and inspect data output ?
by example I would to get and print the values availables by :
data.terraform_remote_state.core_state.outputs.mymodule.*Pierre-Yvesover 5 years ago(edited)
when I fetch
terraform console print me an id value for the given data.terraform_remote_state key, and the output value is the expected one.
but when I give it to a module
I have the error
what should I change to give the id to my module ?
terraform console print me an id value for the given data.terraform_remote_state key, and the output value is the expected one.
data.terraform_remote_state.core_state.outputs.placement_groups[0].entry_point.id
/subscriptions/07xyz/resourceGroups/tf_stage_placement_groups/providers/Microsoft.Compute/proximityPlacementGroups/tf_stage_placement_group_entry_pointbut when I give it to a module
module "haproxy" {
placement_group_id = data.terraform_remote_state.core_state.outputs.placement_groups[0].entry_point.id
}I have the error
on main.tf line 74, in module "haproxy":
74: placement_group_id = data.terraform_remote_state.core_state.outputs.placement_groups[0].entry_point.id
|----------------
| data.terraform_remote_state.core_state.outputs.placement_groups[0] is tuple with 1 element
This value does not have any attributes.what should I change to give the id to my module ?
rssover 5 years ago(edited)
Scheduled Maintenance | Terraform Cloud
THIS IS A SCHEDULED EVENT Jul 26, 07:00 - 09:00 UTCJul 22, 08:30 UTC
Scheduled - We will be undergoing a scheduled maintenance for Terraform Cloud on July 26th at 7:00am UTC. During this window, there may be interruptions to terraform run output, and some runs might be delayed.
THIS IS A SCHEDULED EVENT Jul 26, 07:00 - 09:00 UTCJul 22, 08:30 UTC
Scheduled - We will be undergoing a scheduled maintenance for Terraform Cloud on July 26th at 7:00am UTC. During this window, there may be interruptions to terraform run output, and some runs might be delayed.
xluffyover 5 years ago
Hi, I want to create a peering cross accout. I follow this module https://github.com/cloudposse/terraform-aws-vpc-peering-multi-account
When I run
So I try to decode this message with
This is my IAM policy
Very confuse now. The error message said I don't have permission to create a Peering Connection, but I have this permission in my Policy. Any idea?
When I run
tf apply, I have a error like thatError creating VPC Peering Connection: UnauthorizedOperation: You are not authorized to perform this operation. Encoded authoriza
tion failure message: f0JL_4uWp-Mwhq3z3IXzmRBpgU1j5tAqDBCqcAadPglsZUj221QT_jFXXJiZU4Ff--t_mdBRNLntwBgWBUvbLS8Z_MGQAMbmRg07sLwu66nJas330iV5tosDVC1RVPsW07ooR9M2nr2zyqcz8QTIe0m1dKCJ1MNrBJNS980XtIpmuvv6Zurajip2-3GAyXaRxM6eQj3IYz-rI5seHfoSdiA34k3Tm4rFEx7ITP2aIHgc5tmsH-OMltrn0Nr6z-vgAtxq4SYYFyNNOVLEL9wxXMn1JDfEGKqxVaN88cw4KbuErUPTwwquTR6p9PkfBv_Z9ADm8xcKuzde
f3t9i9o_WxF2_Y01ybW1I-Avb9wBhU38RJ7WAaT-meVRqF0iJMrvg0ZAsaFcAl44J98XItv1Jr0xUozJNQmWQbYwvAOEcdkRvtfOlElUhUsqVdGDMCfDtmCTFdDqQWAgR-KqjZLJpPHqMpyd6g5YF1wRtZkm9IrLg8L5ZXuCuoURvR8Q4
AvCRPNuTHDhfSxhotKP9-D_rgr3T1YixQOwwppw1u6BuXIWTsF0GkshxxP55i7xMecabyop1T7yUyWhkfBOvFCGgDAwfddHMOT_7l-o_qmm7z-iiZRpsRo2cF4HbBauzcQbOKC2RO1CS5M5HtiXx29YoOmo272EhNL7fUl2N3PQ9QEfPnjfRAG_xlf4CnBT6jzohOYEn7NoLFhhJyZLtj3HwFYIQcoXzhtJu7sSo I try to decode this message with
aws sts decode-authorization-message ...{
"allowed": false,
"explicitDeny": false,
"matchedStatements": {
"items": []
},
"failures": {
"items": []
},
"context": {
"principal": {
"id": "AROARX57SNBJI7LD7TL5Q:1111111111111111",
"arn": "arn:aws:sts::22222222222:assumed-role/r_ops_peering_access/1111111111111111"
},
"action": "ec2:CreateVpcPeeringConnection",
"resource": "arn:aws:ec2:us-west-2:22222222222:vpc/vpc-33333333333",
"conditions": {
"items": [
{
"key": "22222222222:Env",
"values": {
"items": [
{
"value": "Prod"
}
]
}
},
{
"key": "ec2:ResourceTag/Env",
"values": {
"items": [
{
"value": "Prod"
}
]
}
},
{
...This is my IAM policy
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:CreateRoute",
"ec2:DeleteRoute"
],
"Resource": "arn:aws:ec2:*:XXXXXXXX:route-table/*"
},
{
"Effect": "Allow",
"Action": [
"ec2:DescribeVpcPeeringConnections",
"ec2:DescribeVpcs",
"ec2:ModifyVpcPeeringConnectionOptions",
"ec2:DescribeSubnets",
"ec2:DescribeVpcAttribute",
"ec2:DescribeRouteTables"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"ec2:AcceptVpcPeeringConnection",
"ec2:DeleteVpcPeeringConnection",
"ec2:CreateVpcPeeringConnection",
"ec2:RejectVpcPeeringConnection"
],
"Resource": [
"arn:aws:ec2:*:XXXXXXXX:vpc-peering-connection/*",
"arn:aws:ec2:*:XXXXXXXX:vpc/*"
]
},
{
"Effect": "Allow",
"Action": [
"ec2:DeleteTags",
"ec2:CreateTags"
],
"Resource": "arn:aws:ec2:*:XXXXXXXX:vpc-peering-connection/*"
}
]
}Very confuse now. The error message said I don't have permission to create a Peering Connection, but I have this permission in my Policy. Any idea?
rssover 5 years ago(edited)
v0.13.0-rc1
0.13.0-rc1 (July 22, 2020)
BUG FIXES:
command/init: Fix confusing error message for locally-installed providers with invalid package structure (#25504)
core: Prevent outputs from being evaluated during destroy (<a href="https://github.com/hashicorp/terraform/issues/25500" data-hovercard-type="pull_request"...
0.13.0-rc1 (July 22, 2020)
BUG FIXES:
command/init: Fix confusing error message for locally-installed providers with invalid package structure (#25504)
core: Prevent outputs from being evaluated during destroy (<a href="https://github.com/hashicorp/terraform/issues/25500" data-hovercard-type="pull_request"...
ibrahimover 5 years ago
I am looking for an EKS module
Pedro Henriquesover 5 years ago
Hello everyone
A coleague of mine asked for me to present this pull request
https://github.com/cloudposse/terraform-aws-elasticsearch/pull/61
adding the possibility to insert a different aws ec2 service identifier
A coleague of mine asked for me to present this pull request
https://github.com/cloudposse/terraform-aws-elasticsearch/pull/61
adding the possibility to insert a different aws ec2 service identifier
praveenover 5 years ago
#terraform I have the following error
on ..\..\modules\BaseInfrastructure\main.tf line 225, in module "diagnostic_settings":
225: resource_id = azurerm_virtual_network.this[each.key].id
The "each" object can be used only in "resource" blocks, and only when the
"for_each" argument is set.
on ..\..\modules\BaseInfrastructure\main.tf line 225, in module "diagnostic_settings":
225: resource_id = azurerm_virtual_network.this[each.key].id
The "each" object can be used only in "resource" blocks, and only when the
"for_each" argument is set.
praveenover 5 years ago
#terraform . Here is the snippet of resource and module to which I am using to calling the resource
module "diagnostic_settings" {
source = "../DiagnosticSettings"
resource_id = azurerm_virtual_network.this[each.key].id
module "diagnostic_settings" {
source = "../DiagnosticSettings"
resource_id = azurerm_virtual_network.this[each.key].id
praveenover 5 years ago
resource "azurerm_network_security_group" "this" {
for_each = var.network_security_groups
name = each.value["name"]
for_each = var.network_security_groups
name = each.value["name"]
praveenover 5 years ago
and I get the following error
praveenover 5 years ago
Error: Reference to "each" in context without for_each
on ..\..\modules\BaseInfrastructure\main.tf line 225, in module "diagnostic_settings":
225: resource_id = azurerm_virtual_network.this[each.key].id
The "each" object can be used only in "resource" blocks, and only when the
"for_each" argument is set.
on ..\..\modules\BaseInfrastructure\main.tf line 225, in module "diagnostic_settings":
225: resource_id = azurerm_virtual_network.this[each.key].id
The "each" object can be used only in "resource" blocks, and only when the
"for_each" argument is set.
drexlerover 5 years ago
Hi i have MFA setup on certain AWS accounts. With the AWS CLI, i get prompted to enter the serial when executing commands in those accounts. How can i use Terraform to provision infrastructure there with MFA enabled?
Jonover 5 years ago
Hello, I am trying to use the
cloudposse/kms-key/aws public module. On the Terraform Registry, I do not see the option to use a configure a custom KMS key policy but when I click the link to go to the GitHub repo, I see that as an available input. Unfortunately, I haven't been able to setup a custom policy. Is this possible to do using this module? Thanks in advance!
Eric Bergover 5 years ago
I'm having a difficult time getting my providers set up right in the caller and called modules i'm using. For the most part, i'm trying to have my top-level mod providers look like this, where
Then, i pass them down -- all but one of course has an alias:
And in the called module, i just stub out the provider like this:
But i'm getting this error:
So, what am i doing wrong? I had full configs for some providers in the called modules, but moving that to the top-level mods I believe is the right thing to do, since TF seems to be subject to really weird dependencies, like one module relying on the provider from another module that was called as well.
infra is the profile name of the master account:provider "aws" {
region = var.aws_region
profile = "infra"
assume_role {
role_arn = "arn:aws:iam::${var.aws_account_id}:role/OrganizationAccountAccessRole"
}
forbidden_account_ids = local.forbidden_account_ids
}Then, i pass them down -- all but one of course has an alias:
module "stack_install" {
source = "../../../../../application-stack"
providers = {
aws = aws
aws.infra = aws.infra
<http://aws.cf|aws.cf> = aws
aws.cf-us-east-1 = aws.cf-us-east-1
aws.client-us-east-1 = aws.cf-us-east-1
aws.route53 = aws.infra
}And in the called module, i just stub out the provider like this:
provider "aws" {
region = local.default_region
forbidden_account_ids = [local.master_account_id]
}But i'm getting this error:
Error: No valid credential sources found for AWS Provider.
Please see <https://terraform.io/docs/providers/aws/index.html> for more information on
providing credentials for the AWS ProviderSo, what am i doing wrong? I had full configs for some providers in the called modules, but moving that to the top-level mods I believe is the right thing to do, since TF seems to be subject to really weird dependencies, like one module relying on the provider from another module that was called as well.
MrAtheistover 5 years ago
Anyone familiar with the TGW for terraform? Why does it create 2x transit gateway route table for me?
https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/blob/master/main.tf#L39-L51
https://github.com/terraform-aws-modules/terraform-aws-transit-gateway/blob/master/main.tf#L39-L51
Briet Sparksover 5 years ago
Hi, I'm trying to use terraform-aws-ecs-codepipeline to pull from a personal github repo, but the module thinks my gh username is a gh org. I get an error:
GET <https://api.github.com/orgs/brietsparks>: 404 Not Found []
on .terraform/modules/ecs_push_pipeline.github_webhooks/main.tf line 7, in provider "github":
7: provider "github" {
Markover 5 years ago
Anyone else observing windows ec2 instances and route53 records taking more time than normal to create? I notice these two resources take a considerable amount of time even though I can see them created through the AWS Console already. A windows ec2 instance taking ~7minutes
rssover 5 years ago(edited)
Scheduled Maintenance | Terraform Cloud
Jul 26, 07:01 UTC
In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.Jul 22, 08:30 UTC
Scheduled - We will be undergoing a scheduled maintenance for Terraform Cloud on July 26th at 7:00am UTC. During this window, there may be interruptions to terraform run output, and some runs might be delayed.
Jul 26, 07:01 UTC
In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.Jul 22, 08:30 UTC
Scheduled - We will be undergoing a scheduled maintenance for Terraform Cloud on July 26th at 7:00am UTC. During this window, there may be interruptions to terraform run output, and some runs might be delayed.
rssover 5 years ago
Scheduled Maintenance | Terraform Cloud
Jul 26, 07:49 UTC
Completed - The scheduled maintenance finished successfully. The system is fully operational again.Jul 26, 07:01 UTC
In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.Jul 22, 08:30 UTC
Scheduled - We will be undergoing a scheduled maintenance for Terraform Cloud on July 26th at 7:00am UTC. During this window, there may be interruptions to terraform run output, and some runs might be delayed.
Jul 26, 07:49 UTC
Completed - The scheduled maintenance finished successfully. The system is fully operational again.Jul 26, 07:01 UTC
In progress - Scheduled maintenance is currently in progress. We will provide updates as necessary.Jul 22, 08:30 UTC
Scheduled - We will be undergoing a scheduled maintenance for Terraform Cloud on July 26th at 7:00am UTC. During this window, there may be interruptions to terraform run output, and some runs might be delayed.
Pierre-Yvesover 5 years ago(edited)
hello,
I manage terraform code in multiple repos. Is there a way to add a resource tag recording the repos name ? alternatively I can manually set it.
I manage terraform code in multiple repos. Is there a way to add a resource tag recording the repos name ? alternatively I can manually set it.
Michał Czeraszkiewiczover 5 years ago
Hi, any thoughts about Terraform modules coming from registry vs git? I can't find any benefit of the registry other than centralizing modules and abstracting access to a different layer...
Waliover 5 years ago(edited)
hello,
is it possible to override the default_actions config in
is it possible to override the default_actions config in
terraform-aws-modules/alb/aws v5.6.0. I notice it automatically creates an lb listener with default_actions , but I'd like to tweak it a bit
RBover 5 years ago(edited)
anyone use a module to create scheduled ecs tasks ? looking at this module, but open to other modules too.
- https://github.com/cloudposse/terraform-aws-ecs-alb-service-task (56 stars but not as applicable)
- https://github.com/turnerlabs/terraform-ecs-fargate-scheduled-task (33 stars, seems applicable but not possible to disable iam resources)
- https://github.com/dxw/terraform-aws-ecs-scheduled-task (21 stars, same, cannot disable iam resources)
- https://github.com/tmknom/terraform-aws-ecs-scheduled-task (8 stars, can disable iam resources)
leaning on the last one
- https://github.com/cloudposse/terraform-aws-ecs-alb-service-task (56 stars but not as applicable)
- https://github.com/turnerlabs/terraform-ecs-fargate-scheduled-task (33 stars, seems applicable but not possible to disable iam resources)
- https://github.com/dxw/terraform-aws-ecs-scheduled-task (21 stars, same, cannot disable iam resources)
- https://github.com/tmknom/terraform-aws-ecs-scheduled-task (8 stars, can disable iam resources)
leaning on the last one
C
Cloud Posseover 5 years ago
Join us for "Office Hours" every Wednesday 11:30AM (PST, GMT-7) via Zoom.This is an opportunity to ask us questions on
terraform and get to know others in the community on a more personal level. Next one is Aug 05, 2020 11:30AM.👉️ Register for Webinar
Jonover 5 years ago
How do I properly get outputs working for the S3 module?
source = "cloudposse/s3-bucket/aws"
version = "0.14.0"RBover 5 years ago
Been looking more into how to deny CRUD on aws resources outside of terraform
it seems like it may be possible with a conditional policy with
it seems like it may be possible with a conditional policy with
stringlike on the useragent since the useragent contains the word terraform
Valter Silvaover 5 years ago
Hi everybody
Valter Silvaover 5 years ago
Anyone have use the
terraform-aws-key-pair module on Terraform Cloud?Valter Silvaover 5 years ago(edited)
I've used it in a new workspace, and every time I queue a plan, it gives me the following error:
Valter Silvaover 5 years ago
Error: Error in function call
on .terraform/modules/aws_key_pair/main.tf line 30, in resource "aws_key_pair" "imported":
30: public_key = file(local.public_key_filename)
|----------------
| local.public_key_filename is "secrets/acme-dev-myapp.pub"
Call to function "file" failed: no file exists at secrets/acme-dev-myapp.pub.Valter Silvaover 5 years ago
Now I can't queue any plans because it will force a new key pair to be created..
Pierre-Yvesover 5 years ago(edited)
hello,
i am looking on a way to simplify this code that is generating azure lb config with a for or for_each loop. may be the data structure needs to be changed
the point is that I would like to loop over the public ip ( ip1 and ip2) and then over each remote_port and lb_port ..
can you help ?
i am looking on a way to simplify this code that is generating azure lb config with a for or for_each loop. may be the data structure needs to be changed
the point is that I would like to loop over the public ip ( ip1 and ip2) and then over each remote_port and lb_port ..
can you help ?
locals {
lbconfig = {
ip1 = {
remote_port = {
http = ["Tcp", "80"]
https = ["Tcp", "443"]
}
lb_port = {
http = ["80", "Tcp", "80"]
http = ["443", "Tcp", "443"]
}
}
ip2 = {
remote_port = {
http = ["Tcp", "80"]
https = ["Tcp", "443"]
}
lb_port = {
http = ["80", "Tcp", "80"]
http = ["443", "Tcp", "443"]
}
}
}
}
resource "azurerm_lb_rule" "azlb" {
count = length(local.lbconfig["ip1"]["lb_port"])
resource_group_name = var.resource_group_name
loadbalancer_id = azurerm_lb.azlb.id
name = "${var.prefix}-${var.env}-${element(keys(local.lbconfig["ip1"]["lb_port"]), count.index)}"
protocol = element(local.lbconfig["ip1"]["lb_port"]["${element(keys(local.lbconfig["ip1"]["lb_port"]), count.index)}"], 1)
frontend_port = element(local.lbconfig["ip1"]["lb_port"]["${element(keys(local.lbconfig["ip1"]["lb_port"]), count.index)}"], 0)
backend_port = element(local.lbconfig["ip1"]["lb_port"]["${element(keys(local.lbconfig["ip1"]["lb_port"]), count.index)}"], 2)
frontend_ip_configuration_name = var.frontend_name
enable_floating_ip = false
backend_address_pool_id = azurerm_lb_backend_address_pool.azlb.id
idle_timeout_in_minutes = 5
probe_id = element(azurerm_lb_probe.azlb.*.id, count.index)
depends_on = [azurerm_lb_probe.azlb]
}
Johnover 5 years ago
Hi all, can anyone direct me on how to use multiple_definitions from terraform-aws-ecs-container-definition with the module terraform-aws-ecs-alb-service-task?
Pierre-Yvesover 5 years ago(edited)
Hello, I am looking for resources and examples on how to use
terraform console there is not so much information around .. can you point me to videos or web pages ?
Brij Sover 5 years ago
Hey all! Does anyone here use TFE? If so, do you know if it supports submodules? example
MrAtheistover 5 years ago
Anyone got a recommended full fledged terraform template to run an app in ECS? (specifically on ec2)
Frankover 5 years ago(edited)
Hello. Is anyone using the terraform-aws-ecs-web-app module with EFS Volumes on Fargate? I'm looking for an example on how to configure it
zeidover 5 years ago(edited)
anyone else notice a slowdown with terraform plan/apply targeting AWS? I only started noticing it a couple of days ago, or maybe I'm imagining things
Eric Bergover 5 years ago
I'm trying to set
I'm just not able to visualize how to reference this in the dynamic block. Anybody have any ideas?
I tried this:
Thanks for any help you can provide.
cors_rule in an aws_s3_bucket resource, using a dynamic block. the data looks like this: cors_rules = {
cdn = {
allowed_headers = ["*"]
allowed_methods = ["POST", "GET"]
allowed_origins = concat([
"<https://borrower>-${var.name}.<http://brace.ai|brace.ai>",
"<https://servicer>-${var.name}.<http://brace.ai|brace.ai>"
],
lookup(local.extra_bucket_origins, var.name, [])
)
expose_headers = ["ETag"]
max_age_seconds = 3000
},
borrower = {
allowed_headers = ["*"]
allowed_methods = ["POST", "GET"]
allowed_origins = concat([
"<https://borrower>-${local.name}.<http://brace.ai|brace.ai>",
"<https://servicer>-${local.name}.<http://brace.ai|brace.ai>"
],
lookup(local.extra_bucket_origins, var.name, [])
)
expose_headers = ["ETag"]
max_age_seconds = 3000
},
servicer = {
}
}I'm just not able to visualize how to reference this in the dynamic block. Anybody have any ideas?
I tried this:
dynamic "cors_rule" {
for_each = lookup(local.cors_rules, var.service)
content {
allowed_headers = lookup(cors_rule.value, "allowed_headers", null)
allowed_methods = lookup(cors_rule.value, "allowed_methods", null)
allowed_origins = lookup(cors_rule.value, "allowed_origins", null)
expose_headers = lookup(cors_rule.value, "expose_headers", null)
max_age_seconds = lookup(cors_rule.value, "max_age_seconds", null)
}
}Thanks for any help you can provide.
Waliover 5 years ago
Hi all - terraform's explanation of
self is rather confusing for someone using terraform for the first time like myself. Can anyone ELI5 it for me please, thanks in advance.
joshmyersover 5 years ago
Random question. During a TF run, I want to pull in a JSON file from another github repo….can’t use git submodules as a) they are kinda nasty b) (upstream) Atlantis doesn’t support cloning submodules. Anything bad about (ab)using the terraform module source code to pull in the repo?
joshmyersover 5 years ago
module "badgers" {
source = "git::git@github.com:foo/bar"
}
output "schema" {
value = jsondecode(file("${path.module}/badgers/db_schema/table_account_schema.json"))
}joshmyersover 5 years ago
works…but I’m not sure if it is a terrible idea 😂
joshmyersover 5 years ago
to be clear,
git@github.com:foo/bar is not a Terraform codebase.joshmyersover 5 years ago
Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
Outputs:
schema = {
"AttributeDefinitions" = [
{
"AttributeName" = "id"
"AttributeType" = "S"
},
]
"KeySchema" = [
{
"AttributeName" = "id"
"KeyType" = "HASH"
},
]
"ProvisionedThroughput" = {
"ReadCapacityUnits" = 1
"WriteCapacityUnits" = 1
}
"TableName" = "foobar"
}joshmyersover 5 years ago
¯\(ツ)/¯
lorenover 5 years ago(edited)
and you can't add a little tf to that remote git repo to just output the file, so you can reference module outputs?
joshmyersover 5 years ago
Could, but rather not, there are a lot of services
lorenover 5 years ago
the only "bad" thing about it i can think of is that you need to embed a lot of info in this module about how the remote repo is structured
lorenover 5 years ago
can protect against changes in the remote using a ref, of course
joshmyersover 5 years ago
Aye, this will be at the top level wrapper module (terraform-root-module style) and I actually want to get a few JSON files from there
joshmyersover 5 years ago
Aye
lorenover 5 years ago
i kinda like it. i've vendored entire repos before, but this is easier to maintain
joshmyersover 5 years ago
Cool, thanks for the 👀 people
RBover 5 years ago
im using atlantis 0.14.0 with submodules without any issue
joshmyersover 5 years ago
I kinda like it too, but it feels too easy hah
RBover 5 years ago
¯\(ツ)/¯
joshmyersover 5 years ago
cloudposse/atlantis @RB?
RBover 5 years ago
nope, using the official one
joshmyersover 5 years ago
hmm, are you doing something special in your atlantis.yml ?
RBover 5 years ago
nah
RBover 5 years ago
"it just works"
joshmyersover 5 years ago
hmm
RBover 5 years ago
oh oh wait a minute...
RBover 5 years ago
i was thinking "submodules" were specific directories (modules) in a git repo
RBover 5 years ago
that is for "git submodules"
RBover 5 years ago
yes, i dont use "git submodules"
joshmyersover 5 years ago
OK, makes sense, cheeers
joshmyersover 5 years ago
TIL during a terraform init for a git source it will also pull in submodules if there are any.