163 messages
Yoni Leitersdorf (Indeni Cloudrail)over 5 years ago
As more and more people are switching to using infrastructure-as-code (like Terraform) to manage their cloud environments, we’re seeing an increase in the desire to do security reviews of the IaC code files. There’s a bunch of tools out there, and a couple of big challenges. Would appreciate your thoughts on the matter. Please see a blog post we’ve just published:
https://indeni.com/blog/identifying-security-violations-in-the-cloud-before-deployment/
https://indeni.com/blog/identifying-security-violations-in-the-cloud-before-deployment/
joshmyersover 5 years ago
Just me or since Terraform moved the docs to the registry, google search for resources documentation is rubbish…keep getting random mirror sites (SEO f*cked?)
RBover 5 years ago
is there a way to get analytics on terraform modules usage ?
ricardo.velasquezover 5 years ago(edited)
Hi. I am new to Terraform and have been struggling with something for the last few days. I'm trying to deploy and AWS ECS Fargate cluster for my django application.
In my setup I have a task definition with two containers: one for the django app and one for nginx.
My problem is I haven't been able to make the django static files to work.
I usually use this via docker compose using volumes in the definition like this:
If someone can point me in the right direction on how to do this with terraform, that would be awesome
In my setup I have a task definition with two containers: one for the django app and one for nginx.
My problem is I haven't been able to make the django static files to work.
I usually use this via docker compose using volumes in the definition like this:
If someone can point me in the right direction on how to do this with terraform, that would be awesome
version: '3.0'
services:
web:
build: .
command: >
sh -c "echo yes | python manage.py collectstatic
&& gunicorn wormhole.wsgi:application --bind 0.0.0.0:8080"
volumes:
- ./:/usr/src/app/
- static_volume:/usr/src/app/static
- media_volume:/usr/src/app/media
expose:
- 8080
nginx:
build:
context: .
dockerfile: ./Dockerfile-nginx
volumes:
- static_volume:/usr/src/app/static
- media_volume:/usr/src/app/media
ports:
- 8000:8000
depends_on:
- web
volumes:
static_volume:
media_volume:RBover 5 years ago
are there any good terraform modules for ecs scheduled tasks ?
Erik Osterman (Cloud Posse)over 5 years ago
Anyone know what terraform cloud for business is charging? (This is the one that supports on prem runners)
Chris Fowlesover 5 years ago
nah - i've asked a couple of times and got the typical "let's sit down and talk about your needs and we'll work out a price"
Chris Fowlesover 5 years ago
i complain about it everytime i talk to anyone there
Chris Fowlesover 5 years ago
pressuring a couple of partners to push back on it too
Chris Fowlesover 5 years ago
it's really frustrating - especially at a tier targeted at small/medium business
Somnathover 5 years ago
It seems not able to create new aws_ecs_task_definition version even if I force the definition parts like Tags to change. I have below as part of the code, If someone can help that will be great. 🙂 Really looking for pure terraform solution.
resource "aws_ecs_task_definition" "ecs-service-taskdef" {
family = "${local.name}-${var.task_definition_name}"
container_definitions = data.template_file.startup.rendered
dynamic "volume" {
for_each = var.td_volumes
content {
name = volume.value["name"]
host_path = volume.value["host_path"]
}
}
// For new builds the images will change and force the task to change, Earlier code was, tags = local.tags
tags = merge( local.tags, {"app-image"=element(split(":", local.json_data_images), 1)} )
lifecycle {
create_before_destroy = true
}
}
### Create service data
data "template_file" "startup" {
template = file("task-definitions/${var.task_file}")
vars = {
name = var.domainname
image = local.json_data_images
API = local.json_data_ecs.appsn
APP = var.appname
ENV_NAME = var.environment
ENV = var.environment
awsstnm = local.awsstackname
CommonEnv = regex("^[a-z]+", var.environment)
}
}
resource "aws_ecs_task_definition" "ecs-service-taskdef" {
family = "${local.name}-${var.task_definition_name}"
container_definitions = data.template_file.startup.rendered
dynamic "volume" {
for_each = var.td_volumes
content {
name = volume.value["name"]
host_path = volume.value["host_path"]
}
}
// For new builds the images will change and force the task to change, Earlier code was, tags = local.tags
tags = merge( local.tags, {"app-image"=element(split(":", local.json_data_images), 1)} )
lifecycle {
create_before_destroy = true
}
}
### Create service data
data "template_file" "startup" {
template = file("task-definitions/${var.task_file}")
vars = {
name = var.domainname
image = local.json_data_images
API = local.json_data_ecs.appsn
APP = var.appname
ENV_NAME = var.environment
ENV = var.environment
awsstnm = local.awsstackname
CommonEnv = regex("^[a-z]+", var.environment)
}
}
Somnathover 5 years ago
Matt Gowieover 5 years ago
Just found this gem: https://github.com/flosell/iam-policy-json-to-terraform
Hope it’s useful to some folks!
Hope it’s useful to some folks!
Abhinav Khannaover 5 years ago
terraform-aws-eks-fargate-profile is it compatible with aws 3.* provider? any plans to change version restrictions?
lorenover 5 years ago(edited)
https://www.scalr.com/blog/announcing-public-beta/
Dearest Terraform Community,
It is with great pleasure that I stand before your virtual selves to publicly present the fruit of the last 18 months of our labor: Scalr, a remote backend for Terraform to compete with Terraform Cloud and Terraform Enterprise.
- Sebastian Stadil, CEO
Erik Osterman (Cloud Posse)over 5 years ago(edited)
the most fair/transparent pricing in the history of SaaS pricing:
• no contact sales link (e.g. terraform cloud!)
• no SSO tax (https://sso.tax)
• no fee for idle users (similar to slack)
If only more companies would adopt this minimum level of transparency in pricing.
• no contact sales link (e.g. terraform cloud!)
• no SSO tax (https://sso.tax)
• no fee for idle users (similar to slack)
If only more companies would adopt this minimum level of transparency in pricing.
Erik Osterman (Cloud Posse)over 5 years ago
(btw, Scalr is an alternative for terraform cloud)
Zachover 5 years ago
They also have an interesting feature with the ‘template registry’ as a self-serve infra launch
Yashover 5 years ago(edited)
Do you manually update the
versions.tf in each module with the required version? Are there any tools to automate that?
MrAtheistover 5 years ago
Does anyone know how to generate the github oauth token specifically for private org repo? Im trying to spin up a codepipeline and its asking for a token for the source stage. While TF is trying to setup the github hook, it's complaining that the repo doesnt exist since it's targeting ${my_github_username}/${repo} and not the org. Anyone knows a trick to this?
terraform-github-repository-webhooks
Error: POST <https://api.github.com/repos/$user/$repo/hooks>: 404 Not Found []
on codepipeline.tf line 128, in resource "github_repository_webhook" "webhook":
128: resource "github_repository_webhook" "webhook" {terraform-github-repository-webhooks
S
Sean Turnerover 5 years ago
Hey all, has anyone had any success with dynamically passing a provider to a module? It doesn't quite seem like it's possible from what I've read so far, but figured I would check as this would be such a powerful feature
reiover 5 years ago
Hi,
does someone know the difference between:
https://github.com/cloudposse/terraform-aws-eks-workers/
https://github.com/cloudposse/terraform-aws-eks-node-group
And if any, which one should I use?
Deploying a new infra 😉
does someone know the difference between:
https://github.com/cloudposse/terraform-aws-eks-workers/
https://github.com/cloudposse/terraform-aws-eks-node-group
And if any, which one should I use?
Deploying a new infra 😉
Tomekover 5 years ago
👋 I'm trying to automate terraform, specifically running
terraform plan when a PR is opened on github. I'm having trouble finding what a least-privileged IAM policy would look like to run terraform plan where the backend is on S3
Jaesonover 5 years ago
I'm trying to track down all of the TF .12 preview blog posts. Does anyone know if there a place where these are listed in a linear way? Hashi's blog seems engineered for distraction.
Jaesonover 5 years ago
Has anyone had terraform crash ... seemingly permanently? I can't get it to run anymore.
Johandryover 5 years ago
Hi guys, I'd like to know if it's a good practice to use/execute a module directly or have a code to use it, even if this code only have this module ... and maybe 2-3 more resources? ... (more details in the thread)
J
Jaesonover 5 years ago
Quick question about dynamic content for TF 12 -- all of the content above (and the grant block) should be skipped, right? I'm having difficulties because TF seems intent on processing that block of code.
lorenover 5 years ago
New to me, looks like could be useful, https://github.com/sysdogs/tfmodvercheck
Sean Turnerover 5 years ago
So on the one hand I feel like its not great to create a module that creates only one type of resource. On the other hand, I think there is a good amount of benefit behind only using cross account providers with modules. Thoughts? Take
aws_route53_record for example, I think it's semi-worth creating a module around only this resource as it provides nice isolation to things that have a large blast radius (especially when cross account), and also allows for templating to dynamically render alias blocks as needed.
Alex Jurkiewiczover 5 years ago(edited)
locals {
endpoint_config = local.is_test ? {"writer": writer_endpoint} : {"writer": writer_endpoint, "reader": reader_endpoint }
}Is there some way to refactor this so I don't have to repeat the "writer" config? I can think of this:
locals {
endpoint_config = merge({"writer": writer_endpoint}, local.is_test ? {} : {"reader": reader_endpoint })
}But it's a little ugly IMO
Erik Osterman (Cloud Posse)over 5 years ago
I also struggle to see a better way.
IMO this is cleaner as it's very descriptive. It's very similar to what you wrote in your second solution, but more verbose.
IMO this is cleaner as it's very descriptive. It's very similar to what you wrote in your second solution, but more verbose.
locals {
writer_config = { "writer": writer_endpoint }
reader_config = { "reader": reader_endpoint }
endpoint_config = local.is_test ? local.writer_config : merge( local.reader_config, local.writer_config )
}Alex Jurkiewiczover 5 years ago
The inability to put extra newlines in Terraform expressions can really hurt readability. Especially since Terraform syntax highlighting / editor support is so poor
Chris Fowlesover 5 years ago
what version of terraform are you talking about?
this is perfectly valid:
this is perfectly valid:
service_dependency = {
for l in chunklist(flatten([
for k, v in local.technical_services :
[
for s in v.depends_on :
[k, s]
] if can(v.depends_on)
]), 2) : join("_", l) => l
}
Mads Hvelplundover 5 years ago
Does anyone have expirence using the Terraform ACME provider with AWS Route 53?
My problem is that I have a module B that uses the ACME provider to make a certificate. Module B is included in module A, and has its provicer injected, like this:
Module A:
Module B:
When the ACME provider in B performs the challenge, it doesn't use the role and credentials from module A's "dns" provider. Instead it seems to use whatever credentials I have in the shell where I run terraform.
I know that I can provide a "config" blob to the "dns_challeng" block, but I only have temporary credentials, so how would I extract those from module A's provider?
Has anyone had this problem?
My problem is that I have a module B that uses the ACME provider to make a certificate. Module B is included in module A, and has its provicer injected, like this:
Module A:
provider "aws" {
alias = "dns"
...
}
module "b" {
providers = { aws = aws.b }
...
}Module B:
...
resource "acme_certificate" "certificate" {
...
dns_challenge {
provider = "route53"
}
}When the ACME provider in B performs the challenge, it doesn't use the role and credentials from module A's "dns" provider. Instead it seems to use whatever credentials I have in the shell where I run terraform.
I know that I can provide a "config" blob to the "dns_challeng" block, but I only have temporary credentials, so how would I extract those from module A's provider?
Has anyone had this problem?
Mads Hvelplundover 5 years ago
Hmm. The Foqal bot linked me to some disappointing documentation: https://www.terraform.io/docs/providers/acme/r/certificate.html#relation-to-terraform-provider-configuration
Mads Hvelplundover 5 years ago
Does anyone have a good workaround to avoid a setup like:
dns_challenge {
provider = "route53"
config = {
AWS_ACCESS_KEY_ID = "${var.aws_access_key}"
AWS_SECRET_ACCESS_KEY = "${var.aws_secret_key}"
AWS_DEFAULT_REGION = "us-east-1"
}
}J
Jaesonover 5 years ago
When trying to set up dual replication between two sets of buckets in different regions, TF informed me that I had a cycle error. I tried to control through a variable by making the block that caused the error dynamic -- I didn't really mind the thought of running it twice, once for each replication direction. But TF seems a little pessimistic. Did I do something wrong in my configuration, or is TF just really not going to let me control this through a variable?
I found this post which describes one way to handle this, but I'm wondering if there is a better way?
I found this post which describes one way to handle this, but I'm wondering if there is a better way?
Nitin Prabhuover 5 years ago
👋 Hello guys
Does anyone has recommendation to test terraform modules or like say testing AWS ECK module ? We are currently using https://github.com/cloudposse/terraform-aws-eks-cluster and testing it manually but wanted to know what other people are following. I am aware that we can use terratest but problem with that is it will provision the resources on aws cloud which is time consuming plus it will cost money
Does anyone has recommendation to test terraform modules or like say testing AWS ECK module ? We are currently using https://github.com/cloudposse/terraform-aws-eks-cluster and testing it manually but wanted to know what other people are following. I am aware that we can use terratest but problem with that is it will provision the resources on aws cloud which is time consuming plus it will cost money
Nitin Prabhuover 5 years ago
thanks
rssover 5 years ago(edited)
v0.14.0-alpha20201007
0.14.0 (Unreleased)
UPGRADE NOTES:
configs: The version argument inside provider configuration blocks has been documented as deprecated since Terraform 0.12. As of 0.14 it will now also generate an explicit deprecation warning. To avoid the warning, use provider requirements declarations instead. (<a href="https://github.com/hashicorp/terraform/issues/26135" data-hovercard-type="pull_request"...
0.14.0 (Unreleased)
UPGRADE NOTES:
configs: The version argument inside provider configuration blocks has been documented as deprecated since Terraform 0.12. As of 0.14 it will now also generate an explicit deprecation warning. To avoid the warning, use provider requirements declarations instead. (<a href="https://github.com/hashicorp/terraform/issues/26135" data-hovercard-type="pull_request"...
Laurynasover 5 years ago
Hi, I have the following terraform structure where I use diferent variable files for different environments.
During the deployment I simply run:
Let me know if you have some ideas about how can
├── main.tf
├── mock_api.tf
├── variables.tf
├── vars
├── dev.tfvars
├── prod.tfvars During the deployment I simply run:
terraform init -reconfigure -backend-config="bucket= and then terraform plan -out=api_tfplan -var-file=${tf_var_file} However, recently I added mock_api.tf and it only needs to be applied to dev environment only. What is the best way to do that? I could use if env != prod in resources field but mock_api doesn't have resources. I purposely didn't use modules because dev/prod (and other) environments needed to be the same but with different variables.Let me know if you have some ideas about how can
mock_api.tf only be applied for dev env.
Miguelover 5 years ago
hi guys!
first of all, it's my first comment so let me thank you for your repos, they are very helpful for me 🙂
I'm reading the one for autoscaling but I have a doubt about how to use it with custom metrics. I have created policies for predefined metrics, but I'm not sure about how to use it when creating custom metrics. Any tip?
Thank you and keep the hard work!
first of all, it's my first comment so let me thank you for your repos, they are very helpful for me 🙂
I'm reading the one for autoscaling but I have a doubt about how to use it with custom metrics. I have created policies for predefined metrics, but I'm not sure about how to use it when creating custom metrics. Any tip?
Thank you and keep the hard work!
Erik Osterman (Cloud Posse)over 5 years ago
Anyone know if Terraform Cloud Agents support a healthcheck endpoint or health check command? e.g. something like https://www.terraform.io/docs/enterprise/admin/monitoring.html
Alex Jurkiewiczover 5 years ago
I'd like to use
(Would create six role policy attachments.)
But this gives an error:
Suggestions for how to implement this? The list of policies I'm attaching is hardcoded, so I could create three
for_each to create a set of resources defined by the product of two arrays:resource aws_iam_role_policy_attachment {
for_each = setproduct(["role1", "role2"], ["policy1", "policy2", "policy3"])
role = each.key[0]
policy_arn = each.key[1]
}(Would create six role policy attachments.)
But this gives an error:
The given "for_each" argument value is unsuitable: the "for_each" argument
must be a map, or set of strings, and you have provided a value of type list
of tuple.Suggestions for how to implement this? The list of policies I'm attaching is hardcoded, so I could create three
resource blocks. But surely there's a better way!!
Steve Wade (swade1987)over 5 years ago
@loren 😄
Jagan Rajagopalover 5 years ago
Hi @Erik Osterman (Cloud Posse), what is the best way to learn the terraform and integrate with ci and cd pipeline.
Jagan Rajagopalover 5 years ago
thanks alot
Aumkar Prajapatiover 5 years ago
Anyone have a solution to making use of variables in backend.tf to define statefiles via tfvars?
sheldonhover 5 years ago
Finally got some interest on a gitops workflow for security group whitelisting. I can plug this in with terraform cloud. Would like to know if there is any thing someone is done to post the preview of changes from terraform cloud as a comment into GitHub pull requests. The person that will approve the pull requests doesn't have access to terraform cloud so I'd like to show the plan output similar to Atlantis directly in the pull request.
John McGeheeover 5 years ago
I have adopted your label Terraform modules and your
namespace-environment-name-attribute naming style. I have added an additional naming rule: when the resource is global, such as S3 buckets, I specify namespace, using an abbreviation for my company name (sometimes adding my department). When the resource is not global, such as for EC2 instances, I omit namespace. What do you think of my additional rule?John McGeheeover 5 years ago(edited)
At the risk of wearing out my welcome today, I'll ask another question. I just can't find any documentation, only lots of examples on GitHub. What is
module.this?Laurynasover 5 years ago
Hi, what's the best way to output everything from terraform module?
for example if I have
for example if I have
module "alb" {} I can useoutput "alb" {
value = module.alb
}Laurynasover 5 years ago(edited)
but that makes accessing outputs a bit strange:
listener_arn = data.terraform_remote_state.alb.outputs.alb.alb_https_listener_arn
Aleksey Tsalolikhinover 5 years ago
Hello. Can anyone suggest a workaround for managing WAV v2 ACL with Terraform when the ACL is nested more than 3 levels, please? https://github.com/terraform-providers/terraform-provider-aws/issues/15580#issuecomment-706613897
Jonover 5 years ago(edited)
Hi everyone. I'm running into an issue using trying to redeploy CloudTrail at the organizational level but keep running into an issue getting the module to apply successfully. The credentials that I am using have administrator access but I keep running into a permissions issue. Anyone have any idea?
_module.aws_cloudtrail.aws_cloudtrail.default[0]: Creating..._
_Error: Error creating CloudTrail: InsufficientEncryptionPolicyException: Insufficient permissions to access S3 bucket cloudtrail-bucket or KMS key <<KMS_ARN>>_
_on .terraform/modules/aws_cloudtrail/main.tf line 13, in resource "aws_cloudtrail" "default":_
_13: resource "aws_cloudtrail" "default" {_
Releasing state lock. This may take a few moments...
ERROR: Job failed: exit code 1
module "aws_cloudtrail" {
source = "cloudposse/cloudtrail/aws"
version = "0.11.0"_module.aws_cloudtrail.aws_cloudtrail.default[0]: Creating..._
_Error: Error creating CloudTrail: InsufficientEncryptionPolicyException: Insufficient permissions to access S3 bucket cloudtrail-bucket or KMS key <<KMS_ARN>>_
_on .terraform/modules/aws_cloudtrail/main.tf line 13, in resource "aws_cloudtrail" "default":_
_13: resource "aws_cloudtrail" "default" {_
Releasing state lock. This may take a few moments...
ERROR: Job failed: exit code 1
sheldonhover 5 years ago
Anyone know how to add pagerduty subscribers to an escalation policy/service in pagerduty? I can’t figure out the provider for this. I tried adding someone and they weren’t able to be an observer because they
admin cannot take team role observer despite the fact they aren’t an admin in this service.
Milosbover 5 years ago
sns_list = toset(["first", "second", "third"])
# SNS
resource "aws_sns_topic" "this" {
for_each = local.sns_list
name = "${each.key}-${var.environment}"
tags = merge(
{
Environment = var.environment
Terraform = "true"
},
var.tags)
}
data "aws_iam_policy_document" "this" {
for_each = local.sns_list
policy_id = "__default_policy_ID"
statement {
actions = [
"SNS:Publish",
"SNS:GetTopicAttributes"
]
effect = "Allow"
principals {
type = "AWS"
identifiers = ["*"]
}
resources = [
aws_sns_topic.this[each.value].arn,
]
sid = "__default_statement_ID"
}
depends_on = []
}
resource "aws_sns_topic_policy" "this" {
for_each = local.sns_list
arn = aws_sns_topic.this[each.value].arn
policy = data.aws_iam_policy_document.this[each.value].json
}Error: Invalid index
on main.tf line 150, in resource “aws_sns_topic_policy” “this”:
150: policy = data.aws_iam_policy_document.this[each.value].json
|----------------
| data.aws_iam_policy_document.this is object with 2 attributes
| each.value is “third”
The given key does not identify an element in this collection value.
Hi all, does this look like a bug? this works ok if I create from scratch, but if I want to change resource name or to add new one it will complain with this error.
joshmyersover 5 years ago
Anyone got a pro/con of Terraform Cloud vs e.g. Terraform + Atlantis? Other than pricing. What gotchas are there with TF Cloud? Easy to move infra into, hard to move out of/workspaces/runners etc…..
Callum Robertsonover 5 years ago
Atlantis is the hotness
Callum Robertsonover 5 years ago
what provisioner is running in that
null_resource?
Cody Mooreover 5 years ago
Not sure if this is the right place to post this, but I was curious if I can get some eyes on: https://github.com/cloudposse/terraform-aws-eks-node-group/pull/36
Erik Osterman (Cloud Posse)over 5 years ago
We've released our first version of the terraform module for the terraform (tfc) cloud agent for kubernetes: https://registry.terraform.io/modules/cloudposse/tfc-cloud-agent/kubernetes/latest
PePe Amengualover 5 years ago
ANYONE watching the keynote????? HashiConf Digital thread here
OliverSover 5 years ago(edited)
Hey does anyone know how to see the
It is one of the reasons for new resource so just seeing the hash of the script is not very helpful.
user_data in a plan with terraform 0.11:-/+ aws_launch_configuration.master-us-east-1c-masters-... (new resource required)
id: "master-us-east-1c.masters....648338700000004" => <computed> (forces new resource)
...
user_data: "39e5e6f604706....43600e3513aaa2616" => "093492cc54eea....7c0a89df99fa72783" (forces new resource)It is one of the reasons for new resource so just seeing the hash of the script is not very helpful.
rssover 5 years ago(edited)
v0.14.0-beta1
0.14.0 (Unreleased)
NEW FEATURES:
terraform init: Terraform will now generate a lock file in the configuration directory which you can check in to your version control so that Terraform can make the same version selections in future. (#26524)
If you wish to retain the previous behavior of always taking the newest version allowed...
0.14.0 (Unreleased)
NEW FEATURES:
terraform init: Terraform will now generate a lock file in the configuration directory which you can check in to your version control so that Terraform can make the same version selections in future. (#26524)
If you wish to retain the previous behavior of always taking the newest version allowed...
Erik Osterman (Cloud Posse)over 5 years ago(edited)
@Eric Berg heads up: our opsgenie module is now updated with support for services and teams
Erik Osterman (Cloud Posse)over 5 years ago
Alex Jurkiewiczover 5 years ago
quick release cycle compared to 0.13
Chris Fowlesover 5 years ago
0.13 was a beast of an overhaul of internals
Chris Fowlesover 5 years ago
a lot of the work done in 0.13 was done to make future work easier - it was a bit of a big techdebt clean up from what i understand
lorenover 5 years ago
i recall a few people asking about creating acm dns-validated certs with tf, but can't recall who... we worked on this a while back and encountered some limitations requiring janky/hacky workarounds in tf 0.12 and v2 of the aws provider. just updated today for tf 0.13 and v3 of the aws provider, and now it seems pretty solid. we can now handle multiple SANs, proper resource cycles, no occasional random diff on future plans, etc... here's the updated module we're using, very straightforward now... https://github.com/plus3it/terraform-aws-tardigrade-acm/blob/master/main.tf
Pierre-Yvesover 5 years ago
Hello,
i have added in a terraform tag the deployment timestamp.
is there a way to tell
i have added in a terraform tag the deployment timestamp.
current_date = formatdate("YYYYMMD hh:mm:ss", timestamp())is there a way to tell
terraform plan to not display this change at each plan ?
Luis Munizover 5 years ago
Hi I have just found your terraform-aws-tfstate-backend module and I have a newbie question.
Luis Munizover 5 years ago
I have followed the documentation to create a remotely managed state with s3. Works well on the environment that initially ran the terraform script.
Luis Munizover 5 years ago
But I am trying to figure out how to bootstrap a fresh environment, on a different computer.
Luis Munizover 5 years ago
When I try, and run terraform plan, terraform keeps on trying to recreate the existing bucket/dynamodb table, etc.
Luis Munizover 5 years ago
is there another way than downloading the tfstate file and dropping it into the current directory?
rssover 5 years ago(edited)
Latency and availability issues
Oct 16, 18:14 UTC
Monitoring - We've rolled out some changes to the URL service that we expect to stabilize it, but it is running in a partially degraded state so there may still be latency or other minor delays.Oct 16, 18:06 UTC
Update - Following user reports on GitHub, we've identified an issue with the Waypoint URL service that occasionally results in high latency for connections to waypoint.run hosts, as well as scenarios where a new deployment will return the "Couldn't find a Waypoint...
Oct 16, 18:14 UTC
Monitoring - We've rolled out some changes to the URL service that we expect to stabilize it, but it is running in a partially degraded state so there may still be latency or other minor delays.Oct 16, 18:06 UTC
Update - Following user reports on GitHub, we've identified an issue with the Waypoint URL service that occasionally results in high latency for connections to waypoint.run hosts, as well as scenarios where a new deployment will return the "Couldn't find a Waypoint...
rssover 5 years ago(edited)
Waypoint URL Service latency and availability issues
Oct 16, 18:14 UTC
Monitoring - We've rolled out some changes to the URL service that we expect to stabilize it, but it is running in a partially degraded state so there may still be latency or other minor delays.Oct 16, 18:06 UTC
Update - Following user reports on GitHub, we've identified an issue with the Waypoint URL service that occasionally results in high latency for connections to waypoint.run hosts, as well as scenarios where a new deployment will return the "Couldn't find a Waypoint...
Oct 16, 18:14 UTC
Monitoring - We've rolled out some changes to the URL service that we expect to stabilize it, but it is running in a partially degraded state so there may still be latency or other minor delays.Oct 16, 18:06 UTC
Update - Following user reports on GitHub, we've identified an issue with the Waypoint URL service that occasionally results in high latency for connections to waypoint.run hosts, as well as scenarios where a new deployment will return the "Couldn't find a Waypoint...
Nover 5 years ago
Hi all , our customer onboarding process in the future will require launching the Infrastructure in a segregated vpc just for that customer , for automating the process of deploying the Infra , we'll be using terraform , now we don't have a devops person just yet so need help Architecting the best possible solution for maintaining state files for a customer from an operations perspective , The terraform code won't change often for the infrastructure , so from a operations perspective , will you use a master directory having the tf code to run terraform and use a workspace per customer for segregating the customer state files or more like having a repo per customer in a git server and then triggering deployments from those repos ? I'm just thinking out loud about the solution since don't know what's the standard practice for this use case
Erik Osterman (Cloud Posse)over 5 years ago
E
erikover 5 years ago
rssover 5 years ago(edited)
Waypoint URL Service latency and availability issues
Oct 16, 22:26 UTC
Resolved - This incident has been resolved. The Waypoint URL service should be functioning without issue.Oct 16, 18:14 UTC
Monitoring - We've rolled out some changes to the URL service that we expect to stabilize it, but it is running in a partially degraded state so there may still be latency or other minor delays.Oct 16, 18:06 UTC
Update - Following user reports on GitHub, we've identified an issue with the Waypoint URL service that occasionally results in high latency for...
Oct 16, 22:26 UTC
Resolved - This incident has been resolved. The Waypoint URL service should be functioning without issue.Oct 16, 18:14 UTC
Monitoring - We've rolled out some changes to the URL service that we expect to stabilize it, but it is running in a partially degraded state so there may still be latency or other minor delays.Oct 16, 18:06 UTC
Update - Following user reports on GitHub, we've identified an issue with the Waypoint URL service that occasionally results in high latency for...
Mohammed Yahyaover 5 years ago(edited)
New #hashicorp #terraform releases this week:
- terraform v0.14.0-beta1
- terraform-aws-provider v3.11.0
Links:
- https://lnkd.in/ev8r4Ka
- https://lnkd.in/eAeP8fn
- terraform v0.14.0-beta1
- terraform-aws-provider v3.11.0
Links:
- https://lnkd.in/ev8r4Ka
- https://lnkd.in/eAeP8fn
praveenover 5 years ago
#azure #kubernetes #terraform was anyone able to enabled admin group object id's using terraform azure AKS cluster ? dynamic "role_based_access_control" {
for_each = list(coalesce(each.value.rbac_enabled, false))
content {
enabled = role_based_access_control.value
dynamic "azure_active_directory" {
for_each = var.ad_enabled != false ? list(var.ad_enabled) : []
content {
managed = true
admin_group_object_ids = var.admin_group_object_ids
}
}
}
}
for_each = list(coalesce(each.value.rbac_enabled, false))
content {
enabled = role_based_access_control.value
dynamic "azure_active_directory" {
for_each = var.ad_enabled != false ? list(var.ad_enabled) : []
content {
managed = true
admin_group_object_ids = var.admin_group_object_ids
}
}
}
}
praveenover 5 years ago
it throws the following error
praveenover 5 years ago
Error: Missing required argument
on ..\..\modules\Kubernetes\main.tf line 140, in resource "azurerm_kubernetes_cluster" "this":
140: content {
The argument "server_app_secret" is required, but no definition was found.
Error: Missing required argument
on ..\..\modules\Kubernetes\main.tf line 140, in resource "azurerm_kubernetes_cluster" "this":
140: content {
The argument "client_app_id" is required, but no definition was found.
Error: Missing required argument
on ..\..\modules\Kubernetes\main.tf line 140, in resource "azurerm_kubernetes_cluster" "this":
140: content {
The argument "server_app_id" is required, but no definition was found.
Error: Unsupported argument
on ..\..\modules\Kubernetes\main.tf line 141, in resource "azurerm_kubernetes_cluster" "this":
141: managed = true
An argument named "managed" is not expected here.
Error: Unsupported argument
on ..\..\modules\Kubernetes\main.tf line 142, in resource "azurerm_kubernetes_cluster" "this":
142: admin_group_object_ids = var.admin_group_object_ids
An argument named "admin_group_object_ids" is not expected here.
on ..\..\modules\Kubernetes\main.tf line 140, in resource "azurerm_kubernetes_cluster" "this":
140: content {
The argument "server_app_secret" is required, but no definition was found.
Error: Missing required argument
on ..\..\modules\Kubernetes\main.tf line 140, in resource "azurerm_kubernetes_cluster" "this":
140: content {
The argument "client_app_id" is required, but no definition was found.
Error: Missing required argument
on ..\..\modules\Kubernetes\main.tf line 140, in resource "azurerm_kubernetes_cluster" "this":
140: content {
The argument "server_app_id" is required, but no definition was found.
Error: Unsupported argument
on ..\..\modules\Kubernetes\main.tf line 141, in resource "azurerm_kubernetes_cluster" "this":
141: managed = true
An argument named "managed" is not expected here.
Error: Unsupported argument
on ..\..\modules\Kubernetes\main.tf line 142, in resource "azurerm_kubernetes_cluster" "this":
142: admin_group_object_ids = var.admin_group_object_ids
An argument named "admin_group_object_ids" is not expected here.
praveenover 5 years ago
got it fixed with the azurerm provider version 2.21.0
Leonard Tanover 5 years ago
Hi I have been trying to use the terraform AWS Elastic Beanstalk environment module but I have an issue regarding S3 bucket creations. I have tried different names but it still does not work. Below is the error code when running terraform apply. Please help 😞
Error: Error creating S3 bucket: BucketAlreadyExists: The requested bucket name is not available. The bucket namespace is shared by all users of the system. Please select a different name and try again.
status code: 409, request id: A97AF26F4D7B367B, host id: 5VvycnT8xomwlLocjMwYlFK7cFAQ8JWFXgTVQ9Y/uz4e17aOnLY4In0dxiLg9enmSDiNQ1u9fek=
on .terraform/modules/elastic_beanstalk_environment/main.tf line 935, in resource "aws_s3_bucket" "elb_logs":
935: resource "aws_s3_bucket" "elb_logs" {sheldonhover 5 years ago
Any recommended reading on VPC best design practices? I have one account where 90 of the various apps all use the same vpc. Noticing that a lot of ECS, EKS stuff expects its own vpc.
x80486over 5 years ago(edited)
Hello everyone! I've been using the
terraform-aws-acm-request-certificate module these days along with terraform-aws-cloudfront-s3-cdn. Everything was fine, but with the latest update for terraform-aws-acm-request-certificate/0.8.0 I started to getting any number of error messages like this one:Error: Invalid index
on .terraform/modules/acm_request_certificate/main.tf line 30, in resource "aws_route53_record" "default":
30: name = lookup(local.domain_validation_options_list[count.index], "resource_record_name")
|----------------
| count.index is 1
| local.domain_validation_options_list is set of object with 2 elements
This value does not have any indices.
Amit Karpeover 5 years ago
Which terraform plugin is best for vscode?
Any any suggestions for vim?
Any any suggestions for vim?
Steve Wade (swade1987)over 5 years ago
is this the right place to ask about Terratest best practices?
MrAtheistover 5 years ago(edited)
Are there any recommended module for running a ecs cluster w/ blue/green codedeploy (instrumented via code pipeline + code build)?
caretak3rover 5 years ago
Anyone have any experience using terraform with spinnaker/managing pipelines/etc? Any useful docs or projects would be much appreciated!
Alex Jurkiewiczover 5 years ago
today's great Terraform error:
The true and false result expressions must have consistent types. The given
expressions are tuple and tuple, respectively.Alex Jurkiewiczover 5 years ago
Is it possible to configure a Terraform stack so that if a variable's value changes, a certain resource is forced to be destroyed & rebuilt?
I am deploying an AWS Elastic Beanstalk environment with settings configured by input
I am deploying an AWS Elastic Beanstalk environment with settings configured by input
variables. Some of these settings cannot be changed after environment creation, and the AWS API will return an error if you try. The Terraform AWS provider doesn't handle this case, so I could change a variable which plans fine but fails on apply. It would be great if I can configure terraform so that it shows "re-creation required" in the plan output.Steve Wade (swade1987)over 5 years ago
I am trying to run Terratest in gitlab CI
I have added the necessary AWS environment variables but get the following error ..
Is there something specific I need to do to get this to use the environment variables?
I have added the necessary AWS environment variables but get the following error ..
Error: error configuring Terraform AWS Provider: no valid credential sources for Terraform AWS Provider found.Is there something specific I need to do to get this to use the environment variables?
PePe Amengualover 5 years ago
@Jørgen Vik can you put that on a thread? is a bit long
Jørgen Vikover 5 years ago
@PePe Amengual Yeah, sorry. I think I just solved it actually 🙂
PePe Amengualover 5 years ago
np, what was it?
Jørgen Vikover 5 years ago
Jørgen Vikover 5 years ago
I solved it by stop using a for_each, since I only had one record per cert anyway
Jørgen Vikover 5 years ago
However I do have another problem which is the reasony why I joined this slack. I'm trying to use the cloudposse codepipeline to ecs module. The codecommit from github and build step works fine, but the deploy step is hanging forever. It seems like a new task definition is successfully created, but the deploy is just hanging.
module "ecs_push_pipeline" {
source = "git::<https://github.com/cloudposse/terraform-aws-ecs-codepipeline.git?ref=0.17.0>"
name = var.api_ecs_service_name
namespace = "eg"
stage = "test"
github_oauth_token = var.pipeline_git_pat
github_webhooks_token = var.pipeline_git_pat
repo_owner = var.pipeline_git_repo_owner
repo_name = var.api_pipeline_git_repo_name
branch = var.api_pipeline_git_pipeline_branch
service_name = var.api_ecs_service_name
ecs_cluster_name = var.ecs_cluster_name
privileged_mode = "true"
region = var.aws_region
image_repo_name = var.api_docker_repo
build_image = var.pipeline_build_image
environment_variables = var.api_pipeline_env_variables
s3_bucket_force_destroy = true
}Tomekover 5 years ago(edited)
am i crazy or was it possible in teraform 0.12 to run
terraform init on terraform without an explicit backend definition located in a .tf file as long as you passed in the required backend configs via command line args? It appears with terraform 0.13, you need at least the following to be in some kind of .tf file nowterraform { backend "s3" { } }Alex Jurkiewiczover 5 years ago
Is it possible to load the rules of an AWS ALB Listener as a data source in Terraform? There's no data source equivalent of the
aws_lb_listener_rule resource, and the aws_lb_listener data source doesn't seem to include rules
Gysieover 5 years ago(edited)
Hey everyone I'm new to this community and also relatively new to Terraform and all the goodness is brings. I'm in need of some guidance and was hoping someone could help with my problem.
I am trying to turn a map of subnets:
with:
into a list of subnet ids for the
What magic piece of Terraform code will produce that list for me and insert it into that list.
Link to the provider: https://www.terraform.io/docs/providers/azurerm/r/storage_account.html#network_rules
I am trying to turn a map of subnets:
variable "storage_account_network_rule_set_subnets" {
type = map(object({
name = string
vnet_name = string
resource_group_name = string
}))
default = {}
description = "The Subnet ID(s) which should be able to access this Storage Account."
}with:
data "azurerm_subnet" "module" {
for_each = { for s in var.storage_account_network_rule_set_subnets : s.name => s }
name = each.value.name
virtual_network_name = each.value.vnet_name
resource_group_name = each.value.resource_group_name
}into a list of subnet ids for the
azurerm_storage_account provider:resource "azurerm_storage_account" "example" {
name = "storageaccountname"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
account_tier = "Standard"
account_replication_type = "LRS"
network_rules {
default_action = "Deny"
ip_rules = ["100.0.0.1"]
<< vv INSERT THAT LIST HERE vv >>
virtual_network_subnet_ids = [azurerm_subnet.example.id]
<< ^^ INSERT THAT LIST HERE ^^ >>
}
tags = {
environment = "staging"
}
}What magic piece of Terraform code will produce that list for me and insert it into that list.
Link to the provider: https://www.terraform.io/docs/providers/azurerm/r/storage_account.html#network_rules
Peter Huynhover 5 years ago
Hi, I am looking to setup a brand new collection of AWS accounts. I was looking for some guidance around this and stumbled across https://github.com/cloudposse/reference-architectures. I am curious if this is still the recommended approach? The docs seems to have marked this topic as
Thanks heap.
archived (https://docs.cloudposse.com/reference-architectures/introduction/), which leads to the above question.Thanks heap.
Pierre-Yvesover 5 years ago
Hello,
for kubernetes, do you use terraform kubernetes_provider or helm ?
which one would you recommand ?
for kubernetes, do you use terraform kubernetes_provider or helm ?
which one would you recommand ?
Steve Wade (swade1987)over 5 years ago(edited)
does anyone know if https://github.com/terraform-providers/terraform-provider-aws/issues/5218 is still an issue?
Steve Wade (swade1987)over 5 years ago
@Pierre-Yves i use a mixture of both to bootstrap EKS with Flux
Aumkar Prajapatiover 5 years ago
Hey guys, I’m experimenting with the cloudposse eks / fargate module but am getting these errors on terraform 0.13.4, any ideas on why this isn’t up to date or does it require a version closer or equal to 12?
on .terraform/modules/eks_cluster.label/versions.tf line 2, in terraform:
2: required_version = "~> 0.12.0"
Module module.eks_cluster.module.label (from
git::<https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.16.0>)
does not support Terraform version 0.13.4. To proceed, either choose another
supported Terraform version or update this version constraint. Version
constraints are normally set for good reason, so updating the constraint may
lead to other errors or unexpected behavior.Aumkar Prajapatiover 5 years ago
It seems to fix within the documented requirements but the error says otherwise
rssover 5 years ago(edited)
v0.13.5
0.13.5 (October 21, 2020)
BUG FIXES:
terraform: fix issue where the provider configuration was not properly attached to the configured provider source address by localname (#26567)
core: fix a performance issue when a resource contains a very large and deeply nested schema (<a...
0.13.5 (October 21, 2020)
BUG FIXES:
terraform: fix issue where the provider configuration was not properly attached to the configured provider source address by localname (#26567)
core: fix a performance issue when a resource contains a very large and deeply nested schema (<a...
Pierre-Yvesover 5 years ago
Hello,
which tool do you use to read a previously generated terraform plan with -out option ?
I have found some tool, but would like your opinion .
• https://github.com/lifeomic/terraform-plan-parser
• https://github.com/palantir/tfjson
which tool do you use to read a previously generated terraform plan with -out option ?
I have found some tool, but would like your opinion .
• https://github.com/lifeomic/terraform-plan-parser
• https://github.com/palantir/tfjson
Andy Hibbertover 5 years ago
Can someone look at https://github.com/cloudposse/terraform-aws-rds-cluster/pull/88
rssover 5 years ago(edited)
Terraform Cloud runs delayed
Oct 23, 10:53 UTC
Resolved - We had a brief delay on processing Terraform Cloud runs due to a network change that has been identified and resolved.
Oct 23, 10:53 UTC
Resolved - We had a brief delay on processing Terraform Cloud runs due to a network change that has been identified and resolved.
Steve Wade (swade1987)over 5 years ago
can anyone help me with the below please
# Ref: <https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/elasticsearch_domain#warm_type>
variable "ultra_warm_instance_type" {
type = string
description = "The instance type for the ultra warm nodes."
default = "ultrawarm1.medium.elasticsearch"
validation {
condition = can(var.ultra_warm_instance_type == "ultrawarm1.medium.elasticsearch") || can(var.ultra_warm_instance_type == "ultrawarm1.large.elasticsearch") || can(var.ultra_warm_instance_type == "ultrawarm1.xlarge.elasticsearch")
error_message = "Valid values are ultrawarm1.medium.elasticsearch, ultrawarm1.large.elasticsearch and ultrawarm1.xlarge.elasticsearch"
}
} ultra_warm_enabled = var.elasticsearch_configuration["ultra_warm_enabled"]
ultra_warm_instance_count = var.elasticsearch_configuration["ultra_warm_instance_count"]
ultra_warm_instance_type = var.elasticsearch_configuration["ultra_warm_instance_type"]elasticsearch_configuration = {
ultra_warm_enabled = true
ultra_warm_instance_count = 2
ultra_warm_instance_type = "ultrawarm1.medium.elasticsearch"
}
Error: Invalid validation error message
on .terraform/modules/data_platform.es_application_logging/modules/elasticsearch/variables.tf line 79, in variable "ultra_warm_instance_type":
79: error_message = "Valid values are ultrawarm1.medium.elasticsearch, ultrawarm1.large.elasticsearch and ultrawarm1.xlarge.elasticsearch"
Validation error message must be at least one full English sentence starting
with an uppercase letter and ending with a period or question mark.Steve Wade (swade1987)over 5 years ago
i am trying to turn the below into a valid variable
type can anyone help please?Steve Wade (swade1987)over 5 years ago
elasticsearch_configuration = {
instance_node_count = 3
instance_node_type = "i3.xlarge.elasticsearch"
master_node_count = 3
master_node_type = "c5.large.elasticsearch"
ultra_warm_enabled = true
ultra_warm_instance_count = 2
ultra_warm_instance_type = "ultrawarm1.medium.elasticsearch"
}
Lyubomirover 5 years ago
Hi all,
I’ve been working with the EKS terraform modules, and I ran into an issue with scaling nodegroups from this repo - https://github.com/cloudposse/terraform-aws-eks-node-group
So the problem is that I try to increase desired_size by specifying higher value, however the changes for
Can anyone explain why desired_size has to be ignored in this situation ?
I’ve been working with the EKS terraform modules, and I ran into an issue with scaling nodegroups from this repo - https://github.com/cloudposse/terraform-aws-eks-node-group
So the problem is that I try to increase desired_size by specifying higher value, however the changes for
desired_size are being ignored because of the following code in the main.tf lifecycle {
create_before_destroy = false
ignore_changes = [scaling_config[0].desired_size]
}Can anyone explain why desired_size has to be ignored in this situation ?
sheldonhover 5 years ago
I’m trying to setup a github_team_repository but have this be optional based on the input. Looks like I need team_id instead of team name so I’m thinking of using
for_each = repos | WHERE type of approach and just filter down the for_each using an expression. Any examples of a simple “where” clause to filter the for_each inline so I can run on none/matched results in the collection?
Doogieover 5 years ago
Is there an easy way to upgrade a GKE cluster and the nodes to a new kubernetes version w/ terraform? I can’t find any documentation / tuts.
Sean Turnerover 5 years ago(edited)
Has anyone had any luck deploying an ssm document with by using
yamlencode()? I'm able to cut and paste the terraform plan content output and manually make a document that way, however terraform throws an error Error: Error updating SSM document: InvalidDocumentresource "aws_ssm_document" "this" {
...
document_format = "YAML"
content = yamlencode(templatefile(
"${path.module}/assets/documents/blah.yaml",
{
organisation_name = lower(var.organisation_name)
parameter_name = foo
}
))
}
Shankar Kumar Chaudharyover 5 years ago
on terragrunt plan am getting following errors
I have updated modules to latest tags as i wish to update my eks version any help would be muchh appreciated
Error: Provider configuration not present
To work with module.eks.data.aws_region.current its original provider
configuration at provider["registry.terraform.io/-/aws"] is required, but it
has been removed. This occurs when a provider configuration is removed while
objects created by that provider still exist in the state. Re-add the provider
configuration to destroy module.eks.data.aws_region.current, after which you
can remove the provider configuration again.
Releasing state lock. This may take a few moments...
I have updated modules to latest tags as i wish to update my eks version any help would be muchh appreciated
Error: Provider configuration not present
To work with module.eks.data.aws_region.current its original provider
configuration at provider["registry.terraform.io/-/aws"] is required, but it
has been removed. This occurs when a provider configuration is removed while
objects created by that provider still exist in the state. Re-add the provider
configuration to destroy module.eks.data.aws_region.current, after which you
can remove the provider configuration again.
Releasing state lock. This may take a few moments...
Eric Bergover 5 years ago
My
plugin_cache_dir is now at 7.7G. There doesn't seem to be any clean command. Anybody have any guidance on best practices for cleaning out this cache. One thing I noticed in the docs, is that the dirs (i.e., "${plugin_cache_dir}/darwin_amd64" must exist, before TF will cache files there.Yoni Leitersdorf (Indeni Cloudrail)over 5 years ago(edited)
Any ideas for how to use the hashicorp-provided providers to make an API POST call with specific parameters? Looked at the http provider, but it’s only GET. (I don’t want to rely on curl or wget locally)
tairover 5 years ago(edited)
Hey folks 👋 I was testing out https://github.com/cloudposse/terraform-aws-elastic-beanstalk-environment and bumped into this problem.
When I run it, I am getting this error:
Has anybody else had a similar issue or know what might cause this? Additionally, after each run, I am getting a bunch of
# main.tf
module "vpc" {...}
module "subnets" {...}
module "rds_instance" {...}
module "redis" {...}
module "elastic_beanstalk_application" {...}
module "elastic_beanstalk_environment" {...}
data "aws_iam_policy_document" "minimal_s3_permissions" {...}When I run it, I am getting this error:
Error: Error creating Security Group: InvalidGroup.Duplicate: The security group 'NAME' already exists for VPC 'vpc-ID'` failing on elastic_beanstalk_environment.Has anybody else had a similar issue or know what might cause this? Additionally, after each run, I am getting a bunch of
Error: Duplicate variable declaration and removing .terraform and re-init helps.
Mr.Devopsover 5 years ago
Anyone know of a terraform extension in vs code I can use for fmt? The ones I’ve found are not supported
Igorover 5 years ago
@Mr.Devops HashiCorp Terraform
Mr.Devopsover 5 years ago
I have that extension installed as well but it doesn’t seem to auto perform the fmt function
Mr.Devopsover 5 years ago
Ah nvm next time I should rtfm lol
Mr.Devopsover 5 years ago
Thx @Igor
Igorover 5 years ago
You can enable format on save in TF
Igorover 5 years ago
It also won't format if there are syntax errors
Mr.Devopsover 5 years ago
Got it thx
Alex Jurkiewiczover 5 years ago
Sometimes I need to convert a resource from a single instance to
How can I avoid this re-creation?
I can perform manual state manipulation
count = local.create_instance? 1 : 0, and Terraform wants to re-create the resource in this case.How can I avoid this re-creation?
I can perform manual state manipulation
terraform state rm myresource ; terraform import ... , but it would be nice if there was a solution that didn't require out of band state fiddling.Chris Fowlesover 5 years ago
terraform state mv
Alex Jurkiewiczover 5 years ago(edited)
While researching the above question, I found this 1 month old message from a Terraform developer saying "no major new features until 1.0 comes out next year": https://github.com/hashicorp/terraform/issues/24476#issuecomment-700368878
Sad, there are some warts with TF
Sad, there are some warts with TF
Matt Gowieover 5 years ago(edited)
Hey folks — Could use more 👍️’s on the below issue and corresponding PR. They’ve totally stalled out (open for 8+ months) and I have a couple projects that I would like to upgrade off of a custom terraform fork (made a mistake thinking those would be merged by now 😞 ). Any help appreciated!
1. https://github.com/terraform-providers/terraform-provider-aws/issues/6917
2. https://github.com/terraform-providers/terraform-provider-aws/pull/11928
1. https://github.com/terraform-providers/terraform-provider-aws/issues/6917
2. https://github.com/terraform-providers/terraform-provider-aws/pull/11928
aaratnover 5 years ago
Done
aaratnover 5 years ago
I created one issue aswell recently !! Hope it gets some traction
https://github.com/terraform-providers/terraform-provider-aws/issues/15855
https://github.com/terraform-providers/terraform-provider-aws/issues/15855
Nicolás de la Torreover 5 years ago(edited)
Hello, when using helmfile provider and helmfile_release resource, is there a way to manage helm repositories?
Benover 5 years ago
In terms of debugging I am using the classic 'export TF_LOG=DEBUG' but I would like to have a way to see the values of variables
Benover 5 years ago
Like a good old print() in Python
Benover 5 years ago
Is there a way to do that in Terraform?
aaratnover 5 years ago
rssover 5 years ago(edited)
Upgrade Maintainence
Oct 28, 19:44 UTC
Investigating - The URL Service is going to be undergoing upgrade maintenance. Users may experience some errors using the service.
Oct 28, 19:44 UTC
Investigating - The URL Service is going to be undergoing upgrade maintenance. Users may experience some errors using the service.
rssover 5 years ago
v0.14.0-beta2
0.14.0-beta2
(This describes the changes since v0.13.4, rather than since v0.14.0-beta1.)
NEW FEATURES:
Terraform now supports marking input variables as sensitive, and will propagate that sensitivity through expressions that derive from sensitive input variables.
terraform init: Terraform will now generate a lock file in the configuration directory which you can check in to your version control so that Terraform can make the same version selections in future. (<a...
0.14.0-beta2
(This describes the changes since v0.13.4, rather than since v0.14.0-beta1.)
NEW FEATURES:
Terraform now supports marking input variables as sensitive, and will propagate that sensitivity through expressions that derive from sensitive input variables.
terraform init: Terraform will now generate a lock file in the configuration directory which you can check in to your version control so that Terraform can make the same version selections in future. (<a...
rssover 5 years ago
Upgrade Maintainence
Oct 28, 22:03 UTC
Resolved - This incident has been resolved.Oct 28, 22:02 UTC
Update - Maintenance has finished. The system appears to be stable. Regular system monitoring will continue.Oct 28, 19:44 UTC
Investigating - The URL Service is going to be undergoing upgrade maintenance. Users may experience some errors using the service.
Oct 28, 22:03 UTC
Resolved - This incident has been resolved.Oct 28, 22:02 UTC
Update - Maintenance has finished. The system appears to be stable. Regular system monitoring will continue.Oct 28, 19:44 UTC
Investigating - The URL Service is going to be undergoing upgrade maintenance. Users may experience some errors using the service.
Fernando Torresanover 5 years ago(edited)
Hi guys,
What do you think when you need to create an SNS-SQS subscription cross account in AWS with terraform? it's painful, isn't it?!
You must have to set up multiple providers for terraform apply command, work successfully, to have access to both accounts;
A friend of mine, looked inside terraform-provider-aws to know why this is necessary, because doing the same procedure using AWS console, you don’t need access to both accounts.
That said, he opened a pull request that solves this problem and allows the current behavior to continue to work. So, if you are interested in this solution, leave a 👍️ to help this improvement get into the next version as soon as possible.
Thanks! 🙂
• https://github.com/terraform-providers/terraform-provider-aws/pull/15633e
What do you think when you need to create an SNS-SQS subscription cross account in AWS with terraform? it's painful, isn't it?!
You must have to set up multiple providers for terraform apply command, work successfully, to have access to both accounts;
A friend of mine, looked inside terraform-provider-aws to know why this is necessary, because doing the same procedure using AWS console, you don’t need access to both accounts.
That said, he opened a pull request that solves this problem and allows the current behavior to continue to work. So, if you are interested in this solution, leave a 👍️ to help this improvement get into the next version as soon as possible.
Thanks! 🙂
• https://github.com/terraform-providers/terraform-provider-aws/pull/15633e
Erik Osterman (Cloud Posse)over 5 years ago(edited)
Anybody using rennovatebot? I am really upset with the onboarding experience. I enabled it for all repos, like mergify, only rennovatebot is now opening 350 PRs and adding a public deploy key to all of our repos. Had no idea this was going to happen. 🤦♂️
Ikanaover 5 years ago
Hello, I was about to submit a bug for this module: https://github.com/cloudposse/terraform-aws-msk-apache-kafka-cluster but the bug template suggested to ask here first
Ikanaover 5 years ago
out of the box I see this error when trying to plan it
Ikanaover 5 years ago
The Terraform configuration must be valid before initialization so that
Terraform can determine which modules and providers need to be installed.
Error: Reserved argument name in module block
on main.tf line 129, in module "hostname":
129: count = var.number_of_broker_nodes > 0 ? var.number_of_broker_nodes : 0
The name "count" is reserved for use in a future version of Terraform.
[terragrunt] 2020/10/29 14:47:58 Hit multiple errors:
exit status 1Ikanaover 5 years ago
Is this bug or expected when using
tf 0.12.26?Alex Jurkiewiczover 5 years ago(edited)
I'm writing a CD pipeline which will run a plan stage, then run an apply stage only if the plan has changes. How can I detect if a plan file contains changes?
Running
Running
terraform show terraform.plan I can parse the output for Plan: 0 to add, 0 to change, 0 to destroy. but this feels very fragile (for example, I need a more complex check to detect if there are output-only changes).
Igor Bronovskyiover 5 years ago
Help me how to organize blue/green deployment on the terraform.
I need to create a new service, do migration and then switch traffic to the new service.
I need to create a new service, do migration and then switch traffic to the new service.
U
U010W9VSBTLover 5 years ago(edited)
If a TF-security tool asks you to send your TF plan and state to the cloud for analysis, what's your reaction?
Yoni Leitersdorf (Indeni Cloudrail)over 5 years ago
Appreciate your guys’ help with the above poll.