145 messages
Shankar Kumar Chaudharyover 5 years ago
i tried using 0.12.24 terragrunt plan is working fine but on terragrunt apply its going to replace cluster and i am getting following error
Error: error creating EKS Cluster (dev_cluster): ResourceInUseException: Cluster already exists with name: dev_cluster
{
RespMetadata: {
StatusCode: 409,
RequestID: "6a650024-bdab-4965-9940-d15506218621"
},
ClusterName: "dev_cluster",
Message_: "Cluster already exists with name: dev_cluster"
}
on .terraform/modules/eks/cluster.tf line 9, in resource "aws_eks_cluster" "this":
9: resource "aws_eks_cluster" "this" {
rssover 5 years ago(edited)
Waypoint URL Service
Nov 2, 15:44 UTC
Investigating - Investigating observed issues with Waypoint URL Service
Nov 2, 15:44 UTC
Investigating - Investigating observed issues with Waypoint URL Service
rssover 5 years ago
Waypoint URL Service
Nov 2, 17:04 UTC
Update - Service is experiencing partial outage and returning "Deployment not found" for some deployments. We are continuing to investigate.Nov 2, 15:44 UTC
Investigating - Investigating observed issues with Waypoint URL Service
Nov 2, 17:04 UTC
Update - Service is experiencing partial outage and returning "Deployment not found" for some deployments. We are continuing to investigate.Nov 2, 15:44 UTC
Investigating - Investigating observed issues with Waypoint URL Service
rssover 5 years ago(edited)
Waypoint URL Service
Nov 2, 21:58 UTC
Update - Service is experiencing degraded performance and may timeout for some deployments. We are continuing to investigate.Nov 2, 17:04 UTC
Update - Service is experiencing partial outage and returning "Deployment not found" for some deployments. We are continuing to investigate.Nov 2, 15:44 UTC
Investigating - Investigating observed issues with Waypoint URL Service
Nov 2, 21:58 UTC
Update - Service is experiencing degraded performance and may timeout for some deployments. We are continuing to investigate.Nov 2, 17:04 UTC
Update - Service is experiencing partial outage and returning "Deployment not found" for some deployments. We are continuing to investigate.Nov 2, 15:44 UTC
Investigating - Investigating observed issues with Waypoint URL Service
Sean Turnerover 5 years ago
Has anyone ever user
Our aws-vault setup is as follows:
from there, I would think that any aws cli or other sdk calls would fall under the assumed role, but this doesn't appear to be the case. I think it's using the role associated with
I'm trying to run the following:
unfortunately, main.go is returning an empty response (which errors by design) when terraform runs the script due to it not being able to pull metrics with the provided instance id. Thoughts? 🙂
local-exec or data.external.this with aws-vault? I've tried a couple of times over the past 6 months and never had any luck 😞Our aws-vault setup is as follows:
aws-vault exec terraform-profile -- terraform apply => assume role in account listed in tf code to deploy tofrom there, I would think that any aws cli or other sdk calls would fall under the assumed role, but this doesn't appear to be the case. I think it's using the role associated with
terraform-profile, rather than the assumed roleI'm trying to run the following:
data "external" "this" {
program = ["go", "run", "${path.module}/../main.go", "-i", "i-12345678"]
}main.go hits cloudwatch ListMetrics() for metrics on the provided instance id, and creates a json response which is then in theory used to set up disk monitoring with for_each without needing to input the fstype and device name when using aws_cloudwatch_metric_alarm in terraform. The response would look like the following:{
"/": { "Device": "rootfs", "FSType": "rootfs" },
"/boot": { "Device": "nvme0n1p1", "FSType": "ext4" }
}unfortunately, main.go is returning an empty response (which errors by design) when terraform runs the script due to it not being able to pull metrics with the provided instance id. Thoughts? 🙂
rssover 5 years ago(edited)
Waypoint URL Service
Nov 3, 03:59 UTC
Resolved - Services have normalized.Nov 2, 21:58 UTC
Update - Service is experiencing degraded performance and may timeout for some deployments. We are continuing to investigate.Nov 2, 17:04 UTC
Update - Service is experiencing partial outage and returning "Deployment not found" for some deployments. We are continuing to investigate.Nov 2, 15:44 UTC
Investigating - Investigating observed issues with Waypoint URL Service
Nov 3, 03:59 UTC
Resolved - Services have normalized.Nov 2, 21:58 UTC
Update - Service is experiencing degraded performance and may timeout for some deployments. We are continuing to investigate.Nov 2, 17:04 UTC
Update - Service is experiencing partial outage and returning "Deployment not found" for some deployments. We are continuing to investigate.Nov 2, 15:44 UTC
Investigating - Investigating observed issues with Waypoint URL Service
Shankar Kumar Chaudharyover 5 years ago
anyone have successfully updated eks from 1.14 using terraform terragrunt? using terraform-root-modules
Syn Romanaover 5 years ago
hi,
I'm interested in terraform-terraform-label module to re-label random ELB name in CloudWatch alarms, however it looks like it needs separate label module for each resource. Is that true or I misunderstood something?
For instance I have a ELB CloudWatch alert resource where I'd like to use a list of ELBs using
I'm interested in terraform-terraform-label module to re-label random ELB name in CloudWatch alarms, however it looks like it needs separate label module for each resource. Is that true or I misunderstood something?
For instance I have a ELB CloudWatch alert resource where I'd like to use a list of ELBs using
[count.index]:module "elb-5xx-label" {
source = "git::<https://github.com/cloudposse/terraform-terraform-label.git>"
name = var.name
namespace = var.namespace
stage = var.stage
attributes = compact(concat(var.attributes, list("elb", "5xx")))
}
resource "aws_cloudwatch_metric_alarm" "elb-5xx-anomaly" {
count = length(var.monitored-elb-ids)
alarm_name = join("", ["ELB 5xx errors high - ", var.monitored-elb-ids[count.index]])
# alarm_name = join("", ["ELB 5xx errors high - ", module.elb-5xx-label.id])
comparison_operator = "LessThanLowerOrGreaterThanUpperThreshold"
evaluation_periods = "1"
threshold_metric_id = "e1"
alarm_description = "The number of HTTP 5XX errors originating from the ELB are out of band. This is not an error generated by the targets (backend)"
treat_missing_data = "notBreaching"
alarm_actions = [element(var.sns-topics.*.topic-id, 1)]
ok_actions = [element(var.sns-topics.*.topic-id, 1)]
metric_query {
id = "e1"
expression = "ANOMALY_DETECTION_BAND(m1, 1)"
label = "HTTPCode_ELB_5XX (expected)"
return_data = "true"
}
metric_query {
id = "m1"
return_data = "true"
metric {
metric_name = "HTTPCode_ELB_5XX"
namespace = "AWS/ELB"
period = "60"
stat = "Sum"
unit = "Count"
dimensions = {
LoadBalancerName = var.monitored-elb-ids[count.index]
}
}
}
}
Sebastian Borrajoover 5 years ago
Hello! good morning, i'm new to this slack! I wanted to ask you a question, I was trying to build a cluster with the cloudposse modules and they work perfect, my problem is that I don't understand how to continue after that, I don't understand how to make the services work, I raise the cluster, but automate the listeners part and target group complicates me, I always get to a point (both with workers and node groups) that I get stuck
Do you have any guidance from scratch on how to make all this work? mount the cluster and run the services
Aumkar Prajapatiover 5 years ago(edited)
Hey quick question about the terraform-s3-website module, basically I’m trying to put up a route53 reference along with the website, the docs say to use
Here’s the module code
local.namespace_domain represents the specific route53 zone.
parent_zone_name or id along with hostname but I noticed the alias / value it’s creating is just s3-website, any ideas what’s going on here? + alias {
+ evaluate_target_health = false
+ name = "<http://s3-website.ca-central-1.amazonaws.com|s3-website.ca-central-1.amazonaws.com>"
+ zone_id = "xxx"
}
}Here’s the module code
module "website" {
source = "git::<https://github.com/cloudposse/terraform-aws-s3-website.git?ref=0.12.0>"
delimiter = "."
region = var.region
namespace = var.name
stage = local.stage_namespace
name = local.cluster_domain
hostname = local.domain
versioning_enabled = "true"
cors_allowed_methods = ["GET", "HEAD"]
index_document = "index.html"
error_document = "index.html"
parent_zone_name = local.namespace_domain
tags = merge(
map("Country", substr(var.region, 0, 2)),
map("DataCenter", substr(var.region, 3, length(var.region) - 5))
)
}local.namespace_domain represents the specific route53 zone.
Alex Jurkiewiczover 5 years ago(edited)
does anyone use or recommend a tool to view Terraform (0.13) plans in a prettier format? I've been looking at https://prettyplan.chrislewisdev.com/ which is 0.12 only, wondering if there are alternatives
PePe Amengualover 5 years ago
I was using version 0.24 of https://github.com/cloudposse/terraform-aws-rds-cluster and I’m now upgrading to version 0.35 and Tf 0.13 and I’m getting
I think is because of the removal of the label module local provider?
module.datamart_writer_cluster_us_east_1.aws_rds_cluster.default[0] its
original provider configuration at
provider["<http://registry.terraform.io/-/aws|registry.terraform.io/-/aws>"].us_east_1 is required, but it has been
removed. This occurs when a provider configuration is removed while objects
created by that provider still exist in the state. Re-add the provider
configuration to destroy
module.datamart_writer_cluster_us_east_1.aws_rds_cluster.default[0], after
which you can remove the provider configuration again.I think is because of the removal of the label module local provider?
Mario Dagradaover 5 years ago
Hi,
I am using https://github.com/cloudposse/terraform-aws-elasticsearch v0.24.1 to spin up a managed ElasticSearch domain. I want to add it to a previously created Route53 hosted zone. The ES cluster spins up fine, but when it starts creating the DNS record, I get the following error:
How can overcome this error? Should I create the DNS records manually with the Cloud Map CLI or is there a better solution?
Thank you very much!
I am using https://github.com/cloudposse/terraform-aws-elasticsearch v0.24.1 to spin up a managed ElasticSearch domain. I want to add it to a previously created Route53 hosted zone. The ES cluster spins up fine, but when it starts creating the DNS record, I get the following error:
[ERR]: Error building changeset: AccessDenied: The resource hostedzone/XXXX can only be managed through AWS Cloud Map (arn:aws:servicediscovery:us-west-1:123456789:namespace/ns-xxxxxxx)
status code: 403, request id: 4d9a9437-3af1-4982-ad58-c766dc1d18d6How can overcome this error? Should I create the DNS records manually with the Cloud Map CLI or is there a better solution?
Thank you very much!
Mikhail Naletovover 5 years ago(edited)
Hello everyone
Could someone tell me do we REALLY have to have "~> 2.0" for AWS provider here?
https://github.com/cloudposse/terraform-aws-ssm-parameter-store/blob/master/versions.tf#L5
Could someone tell me do we REALLY have to have "~> 2.0" for AWS provider here?
https://github.com/cloudposse/terraform-aws-ssm-parameter-store/blob/master/versions.tf#L5
tristanover 5 years ago
hey there. was about to open an issue but the template seems to say i should bring it here first.
https://github.com/cloudposse/terraform-aws-ecr
using it as such:
drops the underscore and yields
https://github.com/cloudposse/terraform-aws-ecr
using it as such:
module "xxx_yyy" {
source = "git::<https://github.com/cloudposse/terraform-aws-ecr.git?ref=tags/0.29.0>"
name = "xxx_yyy"
}drops the underscore and yields
xxxyy for the repo name which isn't desired. need to have the underscore in my use case to maintain a convention. confirmed amazon supports it. am i missing something from a tf escaping perspective or is this a legitimate bug?
Mr.Devopsover 5 years ago
hi all - hoping someone can help me here. I'm using the aws_instance resource, within my userdata argument i'm using
user_data = filebase64("${path.cwd}/scripts/${var.linux_user_data}.sh") - as this doesn't work. What i like to be able to do here is reference my script via variable as I have many scripts i like to reference for this types of instances i spin up.rssover 5 years ago(edited)
[Waypoint] Service Maintenance
Nov 5, 01:30 UTC
Investigating - The services are being upgraded to avoid conditions detected during the previous outages.
Nov 5, 01:30 UTC
Investigating - The services are being upgraded to avoid conditions detected during the previous outages.
rssover 5 years ago
[Waypoint] Service Maintenance
Nov 5, 02:13 UTC
Resolved - Services have been upgraded and are working properly.Nov 5, 01:30 UTC
Investigating - The services are being upgraded to avoid conditions detected during the previous outages.
Nov 5, 02:13 UTC
Resolved - Services have been upgraded and are working properly.Nov 5, 01:30 UTC
Investigating - The services are being upgraded to avoid conditions detected during the previous outages.
Charles Kimover 5 years ago(edited)
Working with @Yoni Leitersdorf (Indeni Cloudrail) on this project. We started receiving feedback. In particular - the use of TF plan to run as part of our TF security scanning. would love to get this group’s input on passing TF plan externally to such tools like Cloudrail -> You can maintain anonymity with this google survey, but would love to chat!
https://forms.gle/dg4K89qcJfAxp8Hv9
https://forms.gle/dg4K89qcJfAxp8Hv9
Mikhail Naletovover 5 years ago
heey
is it possible to update this https://github.com/cloudposse/terraform-aws-tfstate-backend
to use the latest null-label module with context?
Delimiter setting doesn't work for the module now
is it possible to update this https://github.com/cloudposse/terraform-aws-tfstate-backend
to use the latest null-label module with context?
Delimiter setting doesn't work for the module now
Mikhail Naletovover 5 years ago
rssover 5 years ago
[Waypoint] Services not connecting
Nov 5, 18:45 UTC
Monitoring - We've rolled out a fix (appears to be a bug in reading random numbers? pretty weird, we agree). We'll keep an eye on it for the rest of the day.Nov 5, 17:53 UTC
Identified - An old bug has reappeared! We're working on a fix.
Nov 5, 18:45 UTC
Monitoring - We've rolled out a fix (appears to be a bug in reading random numbers? pretty weird, we agree). We'll keep an eye on it for the rest of the day.Nov 5, 17:53 UTC
Identified - An old bug has reappeared! We're working on a fix.
Alex Jurkiewiczover 5 years ago
^ could these move to another channel?
Erik Osterman (Cloud Posse)over 5 years ago
Ya, I'll disable the RSS for hashicorp availability
Erik Osterman (Cloud Posse)over 5 years ago
I'm going to keep the terraform releases though, since those are pretty seldom
Alex Jurkiewiczover 5 years ago
Good conversation starters too
Jaesonover 5 years ago
terraform import is broken. I can't get it to import more than one element of a map. Anyone else run into this? Bugs have been opened and closed with Hashicorp without them ever admitting fault. I'm so frustrated. Here's what the output looks like:
I'm well aware that the given key doesn't identify an element ... that's why I'm trying to import it!! Before I made the mistake of upgrading to 13 thinking that maybe it was fixed there, importing the first element added a minimal amount of config that I could maybe use to hack the file by copying for the other buckets, but at the latest 13, it appears to load a lot more into the config. Has anyone had to hack this file in order to get their TF working with objects created elsewhere like this? If so, what is the minimal amount of config that I need to hand-add for each bucket?
# terraform state list
data.aws_acm_certificate.amazon_issued_compeat_wc
aws_s3_bucket.beta_data_buckets["svc_feedback"]
aws_s3_bucket.frontend_beta_web_buckets["accounting"]
aws_s3_bucket.frontend_beta_web_buckets["integrations"]
aws_s3_bucket.frontend_beta_web_buckets["inventory"]
aws_s3_bucket.frontend_beta_web_buckets["portal"]
root@f30c14ba15f6:/tfroot/beta# terraform import aws_s3_bucket.beta_data_buckets[\"svc_imports\"] co-beta-service-imports
aws_s3_bucket.beta_data_buckets["svc_imports"]: Importing from ID "co-beta-service-imports"...
aws_s3_bucket.beta_data_buckets["svc_imports"]: Import prepared!
Prepared aws_s3_bucket for import
aws_s3_bucket.beta_data_buckets["svc_imports"]: Refreshing state... [id=co-beta-service-imports]
Error: Invalid index
on /tfroot/beta/resources.tf line 72, in locals:
72: aws_s3_bucket.beta_data_buckets[bucket].arn
|----------------
| aws_s3_bucket.beta_data_buckets is object with 1 attribute "svc_feedback"
The given key does not identify an element in this collection value.I'm well aware that the given key doesn't identify an element ... that's why I'm trying to import it!! Before I made the mistake of upgrading to 13 thinking that maybe it was fixed there, importing the first element added a minimal amount of config that I could maybe use to hack the file by copying for the other buckets, but at the latest 13, it appears to load a lot more into the config. Has anyone had to hack this file in order to get their TF working with objects created elsewhere like this? If so, what is the minimal amount of config that I need to hand-add for each bucket?
lorenover 5 years ago
Interested to see where this goes, seems hashicorp is trying to improve visibility of their internal priorities and how they merge community contributions... https://www.github.com/hashicorp/terraform-provider-aws/tree/master/ROADMAP.md
msharma24over 5 years ago
Hello anyone getting error -
I just started getting this error in our pipeline when I tried to upgrade to the latest aws provider version
Error: InvalidParameter: 1 validation error(s) found. - minimum field size of 1, ListTargetsByRuleInput.EventBusName.I just started getting this error in our pipeline when I tried to upgrade to the latest aws provider version
* hashicorp/aws: version = "~> 3.14.0"Alex Jurkiewiczover 5 years ago
Has anyone integrated custom providers into CD? Specifically, I'm looking to build a custom version of the AWS provider with some pull requests merged. I am wondering about the best way to add a custom provider binary to our CD process
Luke Maslanyover 5 years ago
Quick question: does anyone know how I can set the Execution Timeout of a maintenance window task using terraform? I can set the 'Delivery Timeout' value in the run_command_parameters block, using the parameter name: timeout_seconds, but I don't know the name of the 'Execution Timeout' parameter.
Any insights/suggestions would be much appreciated. 🙂
resource "aws_ssm_maintenance_window_task" "task" {
....
task_invocation_parameters {
run_command_parameters {
...
timeout_seconds = 600
}
}
}Any insights/suggestions would be much appreciated. 🙂
V Mover 5 years ago
Where are the best modules templates
Ryan Smithover 5 years ago
General question: I found it normal to use like..
Pretty sure 0.12 binary for code with 0.11 just fails
(This came up after some conversations with friends on the topic. Just curious.)
chtf to switch between terraform versions as needed. But is there a way to allow for backwards compatibility from terraform 0.13 binary but for code meant for 0.12?Pretty sure 0.12 binary for code with 0.11 just fails
(This came up after some conversations with friends on the topic. Just curious.)
ryangolfsover 5 years ago
Best practice question:
I have a handful of domains (zone / record data) that I'd like terraform to manage.
Would you keep all this data in tf file itself (in the resource), or keep that data in a flat/json file and include it in the tf (resource)?
I have a handful of domains (zone / record data) that I'd like terraform to manage.
Would you keep all this data in tf file itself (in the resource), or keep that data in a flat/json file and include it in the tf (resource)?
charlespogiover 5 years ago
hi all, can anyone please show me how to get the ami id of the image made in packer, i wanted to use it for my ASG in terraform
charlespogiover 5 years ago
no idea where to begin
V Mover 5 years ago
@Mikhail Naletov Cheers!
V Mover 5 years ago
@Chris Fowles (build-and-launch.sh) #!/bin/bash ... AMI_ID= 'packer build -machine-readable packer.json | awk -f, '$0 ~/artifact,0,id/ {print $6}' | echo 'variable "AMI_id" { deafualt = "'${AMI_ID}" ' > amivar.tf.... use the shell script ' build-and-launch' .. wich will first build the AMI and then extract the AMI_ID .. Put the 'extracted' AMI_ID as a 'variable' into "amivar.tf" then run terraform apply
V Mover 5 years ago(edited)
@Chris Fowles when you execute the "sh build-and-launch.sh", you will see the last bit. then you 'should see' the AMI
V Mover 5 years ago
@charlespogi please see my post(s) to @Chris Fowles hope it helps
David Napierover 5 years ago
Just curious as I can't find one, but does cloudposse have a repo for wordpress?
David Napierover 5 years ago
Just dropping a complaint, but I'm sure everyone feels it. The change in how for loops are handled between v 12 & 13 is really frustrating and seems to a have broken A LOT of functionality
chrisover 5 years ago
I am working through trying to set up a new infrastructure and have bumped into an issue. I am trying to setup
I used
chamber so I can use it for the secret store, but am having troubles finding how to do it with terraform >= 0.12.0 .I used
reference-archtecture to get it “working” but the other modules I am using have been upgraded to 0.12 so I would like to make this work as well
reiover 5 years ago
Hi,
I am interested in knowing how do you organize your IaaC.
looking for ideas.
Currently we are building our new k8s based infrastructure, thus requiring Terraform, helm, helmfiles and gitlab ci. which is a good pattern to combine all this elements? monorepo? repo with submodules? script/makefile magic?
what if the helmfiles and charts repos also contain stuff for the infra and main application?
I am interested in knowing how do you organize your IaaC.
looking for ideas.
Currently we are building our new k8s based infrastructure, thus requiring Terraform, helm, helmfiles and gitlab ci. which is a good pattern to combine all this elements? monorepo? repo with submodules? script/makefile magic?
what if the helmfiles and charts repos also contain stuff for the infra and main application?
melissa Jennerover 5 years ago(edited)
Anyone uses terraform-aws-elasticache-redis? I got error when I use this module.
Error: Error creating Cache Parameter Group: InvalidParameterValue: The parameter CacheParameterGroupName must be provided and must not be blank.
Below are the code:
Error: Error creating Cache Parameter Group: InvalidParameterValue: The parameter CacheParameterGroupName must be provided and must not be blank.
Below are the code:
main_elasticache_redis.tf:
module "redis" {
source = "git::<https://github.com/cloudposse/terraform-aws-elasticache-redis.git?ref=tags/0.25.0>"
availability_zones = data.aws_availability_zones.available.names
vpc_id = module.vpc.vpc_id
allowed_security_groups = [module.vpc.default_security_group_id]
subnets = module.vpc.private_subnets
cluster_size = var.redis_cluster_size #number_cache_clusters
instance_type = var.redis_instance_type
apply_immediately = true
automatic_failover_enabled = true
engine_version = var.redis_engine_version
family = var.redis_family
#enabled = var.enabled
cluster_mode_enabled = true
enabled = true
replication_group_id = var.replication_group_id
elasticache_subnet_group_name = var.elasticache_subnet_group_name
at_rest_encryption_enabled = var.at_rest_encryption_enabled
transit_encryption_enabled = var.transit_encryption_enabled
cloudwatch_metric_alarms_enabled = var.cloudwatch_metric_alarms_enabled
parameter = [
{
name = "notify-keyspace-events"
value = "lK"
}
]
context = module.this.context
}
data.tf:
provider "aws" {
version = ">= 2.55.0"
region = var.region
}
context.tf:
module "this" {
source = "git::<https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.19.2>"
enabled = var.enabled
namespace = var.namespace
environment = var.environment
stage = var.stage
name = var.name
delimiter = var.delimiter
attributes = var.attributes
tags = var.tags
additional_tag_map = var.additional_tag_map
label_order = var.label_order
regex_replace_chars = var.regex_replace_chars
id_length_limit = var.id_length_limit
context = var.context
}
variable "context" {
type = object({
enabled = bool
namespace = string
environment = string
stage = string
name = string
delimiter = string
attributes = list(string)
tags = map(string)
additional_tag_map = map(string)
regex_replace_chars = string
label_order = list(string)
id_length_limit = number
})
default = {
enabled = true
namespace = null
environment = null
stage = null
name = null
delimiter = null
attributes = []
tags = {}
additional_tag_map = {}
regex_replace_chars = null
label_order = []
id_length_limit = null
}
description = <<-EOT
Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as `null` to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional_tag_map, which are merged.
EOT
}
variable "enabled" {
type = bool
default = true
description = "Set to false to prevent the module from creating any resources"
}
variable "namespace" {
type = string
default = null
description = "Namespace, which could be your organization name or abbreviation, e.g. 'eg' or 'cp'"
}
variable "environment" {
type = string
default = null
description = "Environment, e.g. 'uw2', 'us-west-2', OR 'prod', 'staging', 'dev', 'UAT'"
}
variable "stage" {
type = string
default = null
description = "Stage, e.g. 'prod', 'staging', 'dev', OR 'source', 'build', 'test', 'deploy', 'release'"
}
variable "name" {
type = string
default = null
description = "Solution name, e.g. 'app' or 'jenkins'"
}
variable "delimiter" {
type = string
default = null
description = <<-EOT
Delimiter to be used between `namespace`, `environment`, `stage`, `name` and `attributes`.
Defaults to `-` (hyphen). Set to `""` to use no delimiter at all.
EOT
}
variable "attributes" {
type = list(string)
default = []
description = "Additional attributes (e.g. `1`)"
}
variable "tags" {
type = map(string)
default = {}
description = "Additional tags (e.g. `map('BusinessUnit','XYZ')`"
}
variable "additional_tag_map" {
type = map(string)
default = {}
description = "Additional tags for appending to tags_as_list_of_maps. Not added to `tags`."
}
variable "label_order" {
type = list(string)
default = null
description = <<-EOT
The naming order of the id output and Name tag.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 5 elements, but at least one must be present.
EOT
}
variable "regex_replace_chars" {
type = string
default = null
description = <<-EOT
Regex to replace chars with empty string in `namespace`, `environment`, `stage` and `name`.
If not set, `"/[^a-zA-Z0-9-]/"` is used to remove all characters other than hyphens, letters and digits.
EOT
}
variable "id_length_limit" {
type = number
default = null
description = <<-EOT
Limit `id` to this many characters.
Set to `0` for unlimited length.
Set to `null` for default, which is `0`.
Does not affect `id_full`.
EOT
}
Danover 5 years ago
hey guys
Danover 5 years ago(edited)
is there a way to customize the metadata information using this module https://github.com/cloudposse/terraform-aws-ec2-autoscale-group ?
Flávio Moringaover 5 years ago
Hi guys, I'm using the terraform-aws-cloudfront-s3-cdn terraform module for creating a cloudfront distribution... And I've managed to use for a standard distribution...
Flávio Moringaover 5 years ago
But I also need to create a second distribution for a redirect, so I used the variable
redirect_all_requests_to with the url where to redirect....Flávio Moringaover 5 years ago(edited)
all goes well, except the s3 bucket created is not configured as a redirect website.... just a standard bucket as in the creating of a standard cloudfront distribution... Am I missing something? Do I need to configure the s3 bucket myself as a redirect website after the module finishes creating the cloudfront distribution?
Flávio Moringaover 5 years ago
I'm using the current master from https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn
Flávio Moringaover 5 years ago
And I'm using the following variables:
F
Flávio Moringaover 5 years ago
Flávio Moringaover 5 years ago
Any help would be helpful... thanks
PePe Amengualover 5 years ago
Am I reading this right but is is true Terraform does not support cloning an RDS cluster? for real??????
AKover 5 years ago
hey guys i am using the https://github.com/cloudposse/terraform-aws-ec2-autoscale-group. I am following the example. I am able to plan it but getting the following error.
AKover 5 years ago
module.autoscale_group.aws_autoscaling_group.default[0]: Creating... Error: One of `id` or `name` must be set for `launch_templateAKover 5 years ago
TF version i am running is 0.12.0 and i am also using the
0.5.0 of the module.AKover 5 years ago
Has anybody else had a similar issue or know what might cause this?
Flávio Moringaover 5 years ago
Hi, regarding my issue with the
terraform-aws-cloudfront-s3-cdn module I found the issue:Flávio Moringaover 5 years ago
For the
redirect_all_requests_to option to work, I also need to set the website_enabled = true variable... But the documentation does not say that.Flávio Moringaover 5 years ago
Please update the documentation. I've created a bug report with it at: https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn/issues/111
Flávio Moringaover 5 years ago
Thanks and keep up the good work
rssover 5 years ago(edited)
v0.14.0-rc1
0.14.0 (Unreleased)
NEW FEATURES:
Terraform now supports marking input variables as sensitive, and will propagate that sensitivity through expressions that derive from sensitive input variables.
terraform init will now generate a lock file in the configuration directory which you can check in to your version control so that Terraform can make the same version selections in future. (<a href="https://github.com/hashicorp/terraform/issues/26524" data-hovercard-type="pull_request"...
0.14.0 (Unreleased)
NEW FEATURES:
Terraform now supports marking input variables as sensitive, and will propagate that sensitivity through expressions that derive from sensitive input variables.
terraform init will now generate a lock file in the configuration directory which you can check in to your version control so that Terraform can make the same version selections in future. (<a href="https://github.com/hashicorp/terraform/issues/26524" data-hovercard-type="pull_request"...
V Mover 5 years ago
can drive letters be assigned in Terraform
Haroon Rasheedover 5 years ago
Hi I was trying to create Kubernetes Ingress resource using Terraform..I dont see an option to specify PathType like Prefix, Exact etc inside kubernete_ingress block..any idea on how to do that?
Mikhail Naletovover 5 years ago
@Erik Osterman (Cloud Posse) hi! I always wanted to ask you one thing. Why don't you use terraform registry source in cloudposse modules instead of specifying git https url?
btaiover 5 years ago
Question for those of you that use Terraform Cloud: is there a way to run the remote applies against AWS using AWS profile instead of using aws creds environment variables yet?
Slackbotover 5 years ago
This message was deleted.
mfridhover 5 years ago(edited)
Anyone here using vscode for Terraform? Any of you have an actual working extension for popping up contextual docs that work? I remember the good old day when I had it... ever since language server came in I never had it anymore.
mfridhover 5 years ago
Hey, do you even test your modules? 😈 😛
Error: error creating RDS cluster: InvalidParameterCombination: Aurora Serverless DB clusters are always encrypted at rest. Encryption can't be disabled.
status code: 400, request id: 6f8ac312-53d1-4d12-9602-e5fb64cc102fmfridhover 5 years ago
There's no build-harness helper for the
context.tf stuff?mfridhover 5 years ago
nevermind... hacking some mods for it 😃
Padarnover 5 years ago
Has anyone used terraform with the eks efs driver? I’m having a bit of trouble making the volume claim example here: https://docs.aws.amazon.com/eks/latest/userguide/efs-csi.html work with the
kubernetes_volume_claim resource (thread)Slackbotover 5 years ago
This message was deleted.
Garethover 5 years ago(edited)
Please can I get help to find the best way to link two resources (aws Log_group & KMS_Key) with a for_each loop within each of them - More details inside Thread
mfridhover 5 years ago
No way to use a data source value in the mysql provider, right? ... if I try it seems the value is just null.
Erik Osterman (Cloud Posse)over 5 years ago
Fresh off the press: https://github.com/cloudposse/terraform-yaml-config
We're using YAML more and more to define configuration in a portable format that we use with terraform. This allows us to define that configuration from both local and remote sources (via https). For example, we use it for opsgenie escalations, datadog monitors, SCP policies, etc.
We're using YAML more and more to define configuration in a portable format that we use with terraform. This allows us to define that configuration from both local and remote sources (via https). For example, we use it for opsgenie escalations, datadog monitors, SCP policies, etc.
Chris Fowlesover 5 years ago
terraform >= 0.12 has actually just become a really good structured config conversion tool
Chris Fowlesover 5 years ago
yaml => json => hcl etc
charlespogiover 5 years ago
2020/11/15 15:03:18 [ERROR] eval: terraform.evalReadDataRefresh, err: UnauthorizedOperation: You are not authorized to perform this operation.
status code: 403, request id: d2c30533-f6da-40e2-925c-58b5404cb356
2020/11/15 15:03:18 [ERROR] eval: terraform.EvalSequence, err: UnauthorizedOperation: You are not authorized to perform this operation.
status code: 403, request id: d2c30533-f6da-40e2-925c-58b5404cb356
Error: UnauthorizedOperation: You are not authorized to perform this operation.
status code: 403, request id: 2a7b0234-0255-496d-8deb-91877b5aad94
Error: UnauthorizedOperation: You are not authorized to perform this operation.
status code: 403, request id: d2c30533-f6da-40e2-925c-58b5404cb356
2020/11/15 15:03:18 [ERROR] eval: terraform.evalReadDataRefresh, err: UnauthorizedOperation: You are not authorized to perform this operation.
status code: 403, request id: 2a7b0234-0255-496d-8deb-91877b5aad94
2020/11/15 15:03:18 [ERROR] eval: terraform.EvalSequence, err: UnauthorizedOperation: You are not authorized to perform this operation.
status code: 403, request id: 2a7b0234-0255-496d-8deb-91877b5aad94
2020-11-15T15:03:18.578Z [WARN] plugin.stdio: received EOF, stopping recv loop: err="rpc error: code = Unavailable desc = transport is closing"
Cleaning up file based variables
00:00
ERROR: Job failed: exit status 1 my aim is to use the ami produced by packer to terraform,
charlespogiover 5 years ago
{
"builders": [
{
"type": "amazon-ebs",
"access_key": "###",
"secret_key": "###",
"ami_name":"EBS-{{isotime | clean_resource_name}}",
"temporary_iam_instance_profile_policy_document": {
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ec2:RunInstances",
"ec2:AssociateIamInstanceProfile",
"ec2:ReplaceIamInstanceProfileAssociation"
],
"Resource": "*"
},
{
"Effect" : "Allow",
"Action": "iam:PassRole",
"Resource": "*"
}]
},
"region": "us-east-1",
"ami_regions": ["us-east-1"],
"instance_type": "t2.micro",
"ssh_keypair_name": "SysOps2020",
"ssh_private_key_file": "/home/ubuntu/keys/SysOps2020.pem",
"source_ami_filter": {
"filters": {
"virtualization-type": "hvm",
"name": "amzn2-ami-hvm-2.0.*-x86_64*",
"root-device-type": "ebs"
},
"owners": ["amazon"],
"most_recent": true
},
"ssh_username": "ec2-user"
}
],
"provisioners": [
{
"type": "file",
"source": "scripts",
"destination": "/home/ec2-user/"
},
{
"type": "file",
"source": "code",
"destination": "/home/ec2-user/"
},
{
"type": "shell",
"script": "scripts/install.sh"
},
{
"type": "shell",
"script": "scripts/cleanup.sh"
}
]any tips on what i missed?
Steve Wade (swade1987)over 5 years ago
is there a way of having an
if block inside a resource?Steve Wade (swade1987)over 5 years ago
i basically want to switch the value of
depending upon the value of a variable
logging {
target_bucket = "${var.org_namespace}-${var.environment}-access-logs"
}depending upon the value of a variable
ayr-tonover 5 years ago
Is someone using this with terragrunt? https://www.infracost.io/
I'm trying to use the
I'm trying to use the
tf-state version but terragrunt stores states in different directories for each module (and I like it), so I'm trying to figure out a way of consolidating all states in a single one just for infracost (this should be the main question, actually).
Davidover 5 years ago
Hi all. Quick sanity check on cloudposse/terraform-aws-s3-bucket - is there really no way to enable the lifecycle rule for aborting incomplete multipart uploads without also enabling full object deletion? I have buckets that are actively used where I want to keep objects around permanently, but want to ensure orphaned multiparts are cleaned up. Under v0.25.0, the object expiration rule is mandatory, while everything else can be disabled. Surely I’m miss-reading this somehow. 🙂
Jaesonover 5 years ago(edited)
I'd like to create multiple identical instances in TF 12 using a for loop and reference those instances in another loop to attach them to a LB. I'm having a lot of trouble figuring out how to get this pattern working. I've tried creating with count and references with for loops with local variables, direct
for_each = aws_<http://instance.my|instance.my>_instances under the resource, and really, many more different things that I can't think of now because I've been staring at this problem too long. I haven't been able to find anything using google except for much more complex patterns, where the instances are defined by static maps, and sometimes even not homogenous. I feel like this should be a much simpler pattern ...
Tomekover 5 years ago(edited)
👋 Is there a way to define the session expiration time for the role an ECS task assumes in terraform? The AWS docs state that the default is 6 hours.
max_session_duration for aws_iam_role only sets the allowed max session but it looks like when changing that to 12 hours, the ECS task’s role still uses the default 6 hour session duration
Vover 5 years ago(edited)
Experiences setting up innovative Terraform Workspaces using docker..
nbrysover 5 years ago
Hi all, i've got a question about https://registry.terraform.io/modules/cloudposse/cloudtrail/aws/latest
nbrysover 5 years ago
When we store the cloudtrail logs in a different account. Does the kms key for encrypting the objects be a key from the source account, or the account that stores the logs
Brij Sover 5 years ago
Does anyone know how I could point a provider to a github repo/locally? I looked online and didn’t find any info on this. I’ve made some mods to a provider that I would like to try out
Laurynasover 5 years ago
Is it possible to attach elastic IP to the aws_spot_instance_request with terraform?
U
U010W9VSBTLover 5 years ago(edited)
How do you section up your Terraform root modules?
EvanGover 5 years ago(edited)
Does anyone know where I can find some simple code for automating aws config? I've been getting this error for about a day
Creating Delivery Channel failed: InsufficientDeliveryPolicyException: Insufficient delivery policy to s3 bucket: terraform-20201119163429797100000001, unable to write to bucket, provided s3 key prefix is 'config'.EvanGover 5 years ago
Actually looks like it's an open issue https://github.com/hashicorp/terraform-provider-aws/issues/8655
V Mover 5 years ago
I have new windows image I want to use for terraform installs.
Currently it is in an image gallery. Does the terraform call change when its image gallery or storage account?
I am trying to understand how those work together in terraform?
Currently it is in an image gallery. Does the terraform call change when its image gallery or storage account?
I am trying to understand how those work together in terraform?
lorenover 5 years ago
Launch-day support is pretty darn cool, https://www.hashicorp.com/blog/announcing-support-for-aws-network-firewall-in-the-terraform-aws-provider
Amit Karpeover 5 years ago
Hi,
I am using RDS module , I was thinking how I can reuse my existing VPC or subnet names. As of now I have manually search for vpc_id, subnet_ids, security_group_ids from the console. And then use then into terraform.tfvars.
I know using data we can fetch that, but I don’t find any example which will use name of vpc or subnet.
i.e. I need to provision RDS db into existing VPC, which will be having same name/tags. How can I refer then instead of copying and pasting IDs from AWS console. Which is extra work.
I am using RDS module , I was thinking how I can reuse my existing VPC or subnet names. As of now I have manually search for vpc_id, subnet_ids, security_group_ids from the console. And then use then into terraform.tfvars.
I know using data we can fetch that, but I don’t find any example which will use name of vpc or subnet.
i.e. I need to provision RDS db into existing VPC, which will be having same name/tags. How can I refer then instead of copying and pasting IDs from AWS console. Which is extra work.
ByronHomeabout 5 years ago
Hi,
I am using Apigateway Module, I want add a sub paths into a path_part, like
Cheers.
I am using Apigateway Module, I want add a sub paths into a path_part, like
path/subpathA/subpathB . Im trying do it, but module cant do that. Someone know how i can do this?. Also, when a make this manually on apiGateway, when i refresh state, always it say that i have changes to apply.Cheers.
David Napierabout 5 years ago
I'm getting an error about the Terraform Core version, but I'm using a version which is in the constraints listed..
Garethabout 5 years ago
HI, I'm looking for help with terraforms built in templating function. More details in thread if you can spare the time
David Napierabout 5 years ago
I used terraform 0.13.X to update my state, but the modules I'm using require TF ~> 0.12.X, is there a way to revert state to work with an older TF version?
Garethabout 5 years ago
Please can I get some help to get me over the line with the right syntax for my final for loop?
More in in thread...
More in in thread...
lorenabout 5 years ago(edited)
here's a neat trick... we like to maintain iam policy templates as separate json files, and validate the the json syntax using
so, came up with a simple tf config to render the template and ensure it serializes to json...
then have your CI system run a plan on that config:
the config intentionally uses a null data source to avoid needing any aws credentials
jq. but these are actually json templates, rendered with terraform's templatefile(), and so we can use any sort of terraform function inside these templates. in particular, using jsonencode() within the template to support hcl lists without hacky joins to render the list to json. the problem with using terraform functions like this is the templates become invalid as json, and so fail jq validation.so, came up with a simple tf config to render the template and ensure it serializes to json...
locals {
# specify all vars in the templates
template_vars = {
# foo = bar
}
}
data null_data_source this {
for_each = fileset(var.path, var.pattern)
inputs = {
# templatefile catches bad hcl syntax in interpolations
# encode/decode cycle catches bad json in the template
json = jsonencode(jsondecode(templatefile(each.value, local.template_vars)))
}
}
variable path {
type = string
default = "."
}
variable pattern {
type = string
default = "**/*.json.template"
}then have your CI system run a plan on that config:
terraform init -backend=false <path/to/test/config>
terraform plan <path/to/test/config>the config intentionally uses a null data source to avoid needing any aws credentials
Garethabout 5 years ago
sorry to be a pest but I was hopeful that somebody might have time to look at my last question/thread (posted Saturday)?
David Napierabout 5 years ago
Anyone know whether modules are able to be looped over? Did that make it into v0.13.X?
Alex Jurkiewiczabout 5 years ago
Anyone have terraform syntax highlighting for json.tpl files working in vscode?
Stephen Bennettabout 5 years ago
using: https://github.com/cloudposse/terraform-aws-efs is it possible to turn off the creation of a security group and pass one to it instead? it has
but not sure how to use it and nothing in the readme
resource "aws_security_group" "efs" {
count = module.this.enabled ? 1 : 0but not sure how to use it and nothing in the readme
lorenabout 5 years ago
always exciting when aws changes the values returned by their api... the resource
aws_securityhub_member is currently a bit broken as a result... https://github.com/hashicorp/terraform-provider-aws/issues/16403Garethabout 5 years ago
Taking the advice given about my previous question. I have tried to reframe the question into a simpler example.
I hope I’ve managed it. Please have a look within this new thread and once again thank you all for your patience.
Question: How do perform nested for loop on list(object) variable in Terraform. Without looping the resource?
I hope I’ve managed it. Please have a look within this new thread and once again thank you all for your patience.
Question: How do perform nested for loop on list(object) variable in Terraform. Without looping the resource?
Matt Gowieabout 5 years ago
In the past week, I’ve upgraded probably a dozen or so root modules across two clients to TF 0.13 + aws provider 3.0 and both were heavily using dozens of CP modules. It was a breeze and that’s an awesome accomplishment by this community. Thanks to all you folks who contributed in that regard! 
Ohad Maislish (env0)about 5 years ago(edited)
Hi everybody. In case you need help with tagging resources in AWS, Azure or GCP, please take a look on our new open-source http://github.com/env0/terratag that automatically and recursively tags all resources for you.
(Disclaimer - I am co-founder and CEO of env0, the one that created this open-source)
(Disclaimer - I am co-founder and CEO of env0, the one that created this open-source)
Igor Bronovskyiabout 5 years ago
How to create healthcheck for wss protocol on a fargate?
Cristian (cloudutil.io)about 5 years ago(edited)
hello, I'm having some issues with the
Am I missing anything? (the same happens when using
terraform-null-label, after upgrading to the latest version I'm always getting an empty ID, regardless what I tried.module "label" {
source = "git::<https://github.com/cloudposse/terraform-null-label.git?ref=0.21.0>"
context = module.this.context
enabled = true
id_length_limit = 10
}
output "ID" {
value = "'${module.label.id_full}'"
}
Apply complete! Resources: 0 added, 0 changed, 0 destroyed.
Outputs:
ID = ''Am I missing anything? (the same happens when using
module.label.id instead of module.label.id_fullCristian (cloudutil.io)about 5 years ago
on another topic, did anyone figure out a way to use modules with for_each/count and different AWS regional providers?
Alex Jurkiewiczabout 5 years ago
Is there a more compact way to write this sort of expression?
Get the first element of a list if it's not empty. If the list is empty I don't care what the value is
length(random_shuffle.shared_alb.result) > 0 ? random_shuffle.shared_alb.result[0] : nullGet the first element of a list if it's not empty. If the list is empty I don't care what the value is
Alex Jurkiewiczabout 5 years ago
We have some random provider resources in our Terraform configuration. For instance a
We want to change the keeper values but not change the output. Has anyone done this? I assume it's possible with some statefile hackery, which I'm OK with.
random_id resource: https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/idWe want to change the keeper values but not change the output. Has anyone done this? I assume it's possible with some statefile hackery, which I'm OK with.
Garethabout 5 years ago
Jsonencode looks to order name pairs into alphabetical order
auto_removal is listed at the bottom of the above for loop but the resulting json string list the items in the order
While I appreciate the order isn't normally an issue for the consuming application and I think that might be true in my case. I was wondering if there is a way to tell jsonencode to respect the order in which it consumed the named pairs?
log_collect_list = jsonencode(
[ for logs in var.log_object.files.collect_list : {
"file_path" = logs.file_path
"log_group_name" = logs.log_group_name
"log_stream_name" = logs.log_stream_name
"auto_removal" = logs.auto_removal
}
]
)auto_removal is listed at the bottom of the above for loop but the resulting json string list the items in the order
"auto_removal": true,
"file_path": "W3SVC1\\*",
"log_group_name": "/test/iis/cms",
"log_stream_name": "{instance_id}_{local_hostname}"While I appreciate the order isn't normally an issue for the consuming application and I think that might be true in my case. I was wondering if there is a way to tell jsonencode to respect the order in which it consumed the named pairs?
Alex Jurkiewiczabout 5 years ago(edited)
Is there a better way to write
?
contains(keys(mymap), "asg")?
Juha Patrikainenabout 5 years ago
Hi! I'm using https://github.com/cloudposse/terraform-aws-tfstate-backend. Is it possible to have same s3 bucket to work with multiple state with unique locks? State file name can be given with terraform_state_file but lock name seems to come directly from bucket name -> same lock would be used when working with all states so you could not work with multiple states at the same time.
JohnValabout 5 years ago
Hello all, I have just stumbled across https://github.com/cloudposse/terraform-aws-tfstate-backend/ - does this modules manage access permissions to S3 buckets being created ? I.e.: I would like to grant RW permission to person A and B so that nobody else can access the new S3 bucket.
Jørgen Vikabout 5 years ago
api_pipeline_env_variables = [
{
name = "AWS_DEFAULT_REGION"
value = "eu-central-1"
},
{
name = "CONTAINER_NAME"
value = var.api_container_name <-- Rookie her. This is illegal, but how can I inject a variable in list?
}
]mfridhabout 5 years ago
before I add docs and pull request... good idea? https://github.com/cloudposse/terraform-aws-iam-role/compare/master...sultans-of-devops:master
I use it for example like this, to attach also managed policies:
I use it for example like this, to attach also managed policies:
module "ssm_service_role" {
source = "<http://github.com/sultans-of-devops/terraform-aws-iam-role|github.com/sultans-of-devops/terraform-aws-iam-role>"
name = "SSMServiceRole"
namespace = var.namespace
stage = var.stage
policy_description = "SSM Service Role policy"
role_description = "IAM role with permissions SSM and CloudWatch Agent policies"
principals = {
Service = ["<http://ssm.amazonaws.com|ssm.amazonaws.com>"]
}
policy_attachments = [
"arn:aws:iam::aws:policy/AmazonSSMManagedInstanceCore",
"arn:aws:iam::aws:policy/CloudWatchAgentServerPolicy",
]
}David Napierabout 5 years ago
Does cloudposse have any repos directed at vmware as a provider?
mrwackyabout 5 years ago
do you recommend
terraform-null-label or terraform-terraform-label these days? It's not clear if one is preferredDavid Napierabout 5 years ago
Using a
for_each loop with the terraform-aws-route53-alias module, how would I specify a parent_zone_id from a resource. This (parent_zone_id = aws_route53_zone[each.key].zone_id) returns Invalid reference.Erik Osterman (Cloud Posse)about 5 years ago
---
Erik Osterman (Cloud Posse)about 5 years ago
Appreciate any thumbs up: https://github.com/hashicorp/terraform-config-inspect/issues/57
ememabout 5 years ago(edited)
hi. please can anyone recommend a database ui tool on the web for managing databases. currently using datagrip and heildiSQL. But was looking for something that could be available on my webbrowser
David Napierabout 5 years ago
Uhhh.. kinda afraid to ask this at this point, but do you guys put your provisioners (ansible, puppet, etc.) in folders within your terraform folders or do you keep them in an adjacent folder outside of the IaC?
Joan Portaabout 5 years ago(edited)
Design question: I have terraform with multiple AWS VPC’s and inside its SecGroups. Now I have created an “Opertions” VPC that needs to access to everywhere, do I change each SG (which are hundreds) adding a rule in each SG (solution not much scalable)? Do I create a SG module and I use it everywhere where I have a SG? Do I add a kind of “terraform linter” in the pipeline that detects if some SG doesn’t have the “Operations VPC rule”? WDYT?
aaratnabout 5 years ago(edited)
Given an expression like this, how do I repeat elements in
aws_subnet.db.**.id if num_nodes is greater than length(aws_subnet.db.**.id) ?subnet_ids = [for subnet in range(var.num_nodes) : aws_subnet.db[subnet].id]
michaelssinghabout 5 years ago
Does anyone have a hack they'd like to share to get around the limitation of recursive templatefile calls?
michaelssinghabout 5 years ago
for e.g consider
michaelssinghabout 5 years ago
./example.tmpl
example = ${foo}
${templatefile("common.tmpl", { bar = "bar" })}michaelssinghabout 5 years ago
will result in
> templatefile(“./example.tmpl”, { foo = “bar”})
>
Error: Error in function call
on <console-input> line 1:
(source code not available)
Call to function “templatefile” failed: ./example.tmpl:2,3-16: Error in
function call; Call to function “templatefile” failed: cannot recursively call
templatefile from inside templatefile call..
michaelssinghabout 5 years ago
qq for those of you that use terragrunt in CI. What does your pipeline look like essentially? going along the terragrunt path has lead me down the mono repository layout
michaelssinghabout 5 years ago
one thing that I see being problematic is having a static collection of known directories and executing plan-all within a pipeline would be problematic
Alex Jurkiewiczabout 5 years ago
Is there some way to convert a tfvars file to json at the command line?
Anthony Voutasabout 5 years ago
I’m trying to set up an elasticache redis cluster and grant access to a security group that is created independently by a vendor. I could get use the security group ID of of that vendor security group but that ID could change if they redeploy their infra at some point in the future. Is there any way to use the security group name instead?
Specifically with the cloudposse/elasticache-redis/aws resource, can the allowed_security_groups contain a name or must it be an ID?
Or independent of the elasticache stuff with this resource https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule is there any way to provide the security group name instead of source_security_group_id?
Specifically with the cloudposse/elasticache-redis/aws resource, can the allowed_security_groups contain a name or must it be an ID?
Or independent of the elasticache stuff with this resource https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/security_group_rule is there any way to provide the security group name instead of source_security_group_id?
Anthony Voutasabout 5 years ago
I’m trying to use this https://github.com/cloudposse/terraform-aws-elasticache-redis module and I’m getting an error:
I’m not providing a replication_group_id as I want the terraform script to create one. Any ideas on what I’m doing wrong here?
here’s the way I’m using it https://github.com/kiva/protocol-redis
Error: expected length of replication_group_id to be in the range (1 - 40)I’m not providing a replication_group_id as I want the terraform script to create one. Any ideas on what I’m doing wrong here?
here’s the way I’m using it https://github.com/kiva/protocol-redis
Anthony Voutasabout 5 years ago
Also I tried using the module with terrraform 0.13.5 and it told me that only 0.12.0 was supported (though the readme says it supports >= 0.12.0). When I use 0.12.0 I get a bunch of errors about Unsuitable value type, and when I use 0.12.29 I get this replication_group_id issue (which at least looks like a more promising error)