124 messages
Mohammed Yahyaabout 5 years ago
Question: Route53 in multiple AWS accounts environment [with Organization used]
I’m using Route53 to create Route53 zones in Master, dev and Prod account:
• Master account: root level domain = example.com
• dev account: sub root level domain = dev.example.com
• prod account: ? not sure here should be prod.example.com or aws.example.com or another domain or even not needed, and only use the master zone
I need this to create delegation in master zone for dev account and prod account (not decided yet)
I’m using Route53 to create Route53 zones in Master, dev and Prod account:
• Master account: root level domain = example.com
• dev account: sub root level domain = dev.example.com
• prod account: ? not sure here should be prod.example.com or aws.example.com or another domain or even not needed, and only use the master zone
I need this to create delegation in master zone for dev account and prod account (not decided yet)
Steve Wade (swade1987)about 5 years ago
anyone using terratest with the terratest upstream packages?
David Napierabout 5 years ago
Hmm.. Within the
terraform-aws-acm-request-certificate module, I keep getting: 27: for_each = {
28: for dvo in local.domain_validation_options_list : dvo.domain_name => {
29: name = dvo.resource_record_name
30: record = dvo.resource_record_value
31: type = dvo.resource_record_type
32: }
33: }
Garethabout 5 years ago(edited)
Hello all and Happy New Year from the UK.
Could somebody in the know please confirm if what I'm trying to do is possible.
I've written a little module to create ACM cert's in AWS. Its working great but I've tried to modify it to allow it to create the cert in AWS as normal but
create the DNS verification records that the cert needs via a different DNS supplier, Cloudfare in my particular case.
More details within thread...
Could somebody in the know please confirm if what I'm trying to do is possible.
I've written a little module to create ACM cert's in AWS. Its working great but I've tried to modify it to allow it to create the cert in AWS as normal but
create the DNS verification records that the cert needs via a different DNS supplier, Cloudfare in my particular case.
More details within thread...
Ikanaabout 5 years ago
Hello hello ✌️ is it possible to use some provider functionality only on brach on the terraform repo? I’m trying to utilize the functionality on this branch to test Amazon Managed Workflows for Apache Airflow
Pierre-Yvesabout 5 years ago(edited)
Hello,
I push scripts to azure container with the code below, but file change is not detected as the resource is already created . Is there a way to recreate the resource when the file has changed ?
I push scripts to azure container with the code below, but file change is not detected as the resource is already created . Is there a way to recreate the resource when the file has changed ?
resource "azurerm_storage_blob" "linux_postinstall_scripts" {
for_each = local.files
name = "{each.key}_${each.value["StartupScript"]}"
storage_account_name = var.storage_account_name
storage_container_name = var.storage_container_name
type = "Block"
source = "${path.root}/files/${each.value["StartupScript"]}"
}Garethabout 5 years ago
Has anybody got experience with Cloudflare terraform provider?
I'm creating certificates in AWS in two regions but I use Cloudflare DNS for the validation records.
AWS looks to support the overwriting of DNS records but Cloudflare appears to error if a record already exists.
The reason that the validation records already exist is because the creation of the cert in the first region creates the validation records ,when the second region tries to then create the validation records it errors are they are the same.
Has anybody got a solution other than moving all validation request to a separate module and trying to filter them all, which I think would be a nightmare.
I'm creating certificates in AWS in two regions but I use Cloudflare DNS for the validation records.
AWS looks to support the overwriting of DNS records but Cloudflare appears to error if a record already exists.
The reason that the validation records already exist is because the creation of the cert in the first region creates the validation records ,when the second region tries to then create the validation records it errors are they are the same.
Error: expected DNS record to not already be present but already existsHas anybody got a solution other than moving all validation request to a separate module and trying to filter them all, which I think would be a nightmare.
Garethabout 5 years ago
Equally, if there isn't an overwrite option and looking at the resource_cloudflare_record.go file on git hub there isn't. Is there any way to tell terraform to ignore an error and continue?
sheldonhabout 5 years ago
So I’m loving the API driven approach for adding comments into the PR for review.
However, on merge I want to run the plan, but still require terraform cloud approval. Running the API request on merge is synchronous at that point and causes timeout failure if you don’t approve immediately in terraform cloud.
So….
1. Is there a way to just use VCS driven workflow + still allow the API driven plan and preview to PR?
2. If I have to stick with API driven workflow, then upon merge to trunk, can I submit an asynchronous request so github actions proceeds without issue but the pending plan in Terraform Cloud remains “pending apply”?
However, on merge I want to run the plan, but still require terraform cloud approval. Running the API request on merge is synchronous at that point and causes timeout failure if you don’t approve immediately in terraform cloud.
So….
1. Is there a way to just use VCS driven workflow + still allow the API driven plan and preview to PR?
2. If I have to stick with API driven workflow, then upon merge to trunk, can I submit an asynchronous request so github actions proceeds without issue but the pending plan in Terraform Cloud remains “pending apply”?
sheldonhabout 5 years ago
Different Question: Has anyone got Terraform Cloud notifications working with Microsoft Teams or service account email?
• The email requires user email, can’t send to Microsoft teams
• The hooks don’t work with Teams.
Any integrations or work arounds?
• The email requires user email, can’t send to Microsoft teams
• The hooks don’t work with Teams.
Any integrations or work arounds?
Alex Jurkiewiczabout 5 years ago(edited)
There are a few different ways to write maps in Terraform. What do you think is the canonical way?
I think it's
You can use
I think it's
{ key1 = "foo", key2 = "bar" }You can use
= or :, but the former seems strongly preferred. You can also quote the key or not, the latter is required if the key has a space but the former is generally used in the docs. There are other things you can tweak too...Alex Jurkiewiczabout 5 years ago
Also, RFC. I've written a short proposal for adding pre-truncated
https://github.com/cloudposse/terraform-null-label/issues/117
id outputs to terraform-null-label (and eventually, removing id ?! 😱 ).https://github.com/cloudposse/terraform-null-label/issues/117
Troy Tailleferabout 5 years ago
Anyone have experience using packer and terraform together. Currently I use null_resource(s) to push docker images to ecr for terraform. I was wondering if I could do this with packer instead. My question is there a way to have the ecr url injected into terraform from packer can they communicate similar to how I do it currently ?
rssabout 5 years ago(edited)
v0.12.30
0.12.30 (January 06, 2021)
UPGRADE NOTES:
The builtin provider's terraform_remote_state data source no longer enforces Terraform version checks on the remote state file. This allows Terraform 0.12.30 to access remote state from future Terraform versions, up until a future incompatible state file version upgrade is required. (#26692)
0.12.30 (January 06, 2021)
UPGRADE NOTES:
The builtin provider's terraform_remote_state data source no longer enforces Terraform version checks on the remote state file. This allows Terraform 0.12.30 to access remote state from future Terraform versions, up until a future incompatible state file version upgrade is required. (#26692)
rssabout 5 years ago
v0.13.6
0.13.6 (January 06, 2021)
UPGRADE NOTES:
The builtin provider's terraform_remote_state data source no longer enforces Terraform version checks on the remote state file. This allows Terraform 0.13.6 to access remote state from future Terraform versions, up until a future incompatible state file version upgrade is required. (#26692)...
0.13.6 (January 06, 2021)
UPGRADE NOTES:
The builtin provider's terraform_remote_state data source no longer enforces Terraform version checks on the remote state file. This allows Terraform 0.13.6 to access remote state from future Terraform versions, up until a future incompatible state file version upgrade is required. (#26692)...
rssabout 5 years ago(edited)
v0.14.4
0.14.4 (January 06, 2021)
UPGRADE NOTES:
This release disables the remote Terraform version check feature for plan and apply operations. This fixes an issue with using custom Terraform version bundles in Terraform Enterprise. (#27319)
BUG FIXES:
backend/remote: Disable remote Terraform workspace version check when the remote...
0.14.4 (January 06, 2021)
UPGRADE NOTES:
This release disables the remote Terraform version check feature for plan and apply operations. This fixes an issue with using custom Terraform version bundles in Terraform Enterprise. (#27319)
BUG FIXES:
backend/remote: Disable remote Terraform workspace version check when the remote...
melissa Jennerabout 5 years ago
I use the module, https://github.com/cloudposse/terraform-aws-elasticsearch to provision ElasticSearch. I set kibana_hostname_enabled = false, and domain_hostname_enabled = false. Per document, dns_zone_id is not required. But, it asks for dns zone id when I run terraform plan.
terraform plan
var.dns_zone_id
Route53 DNS Zone ID to add hostname records for Elasticsearch domain and Kibana
Enter a value:melissa Jennerabout 5 years ago
I prefer not to use Route53. How to avoid dns_zone_id? Below is the code:
module "elasticsearch" {
source = "git::<https://github.com/cloudposse/terraform-aws-elasticsearch.git?ref=tags/0.24.1>"
security_groups = [data.terraform_remote_state.vpc.outputs.default_security_group_id]
vpc_id = data.terraform_remote_state.vpc.outputs.vpc_id
zone_awareness_enabled = var.zone_awareness_enabled
subnet_ids = slice(data.terraform_remote_state.vpc.outputs.private_subnets, 0, 2)
elasticsearch_version = var.elasticsearch_version
instance_type = var.instance_type
instance_count = var.instance_count
encrypt_at_rest_enabled = var.encrypt_at_rest_enabled
dedicated_master_enabled = var.dedicated_master_enabled
create_iam_service_linked_role = var.create_iam_service_linked_role
kibana_subdomain_name = var.kibana_subdomain_name
ebs_volume_size = var.ebs_volume_size
#dns_zone_id = var.dns_zone_id
kibana_hostname_enabled = false
domain_hostname_enabled = false
iam_role_arns = ["*"]
iam_actions = ["es:*"]
enabled = var.enabled
vpc_enabled = var.vpc_enabled
name = var.name
tags = var.tags
advanced_options = {
"rest.action.multi.allow_explicit_index" = "true"
}
}
Connor Gervinabout 5 years ago(edited)
Hi All - first post so excuse if silly :)
Wondering what's best practice for creating kafka topics post cluster creation using the CloudPosse MSK Module?
AWS doesn't appear to support anything directly on MSK and even references the apache shell scripts (here points to here)
If really cli only, is it possible to run a template file after the MSK Cluster is created to run the shell scripts? e.g.
Thanks for any help
Wondering what's best practice for creating kafka topics post cluster creation using the CloudPosse MSK Module?
AWS doesn't appear to support anything directly on MSK and even references the apache shell scripts (here points to here)
If really cli only, is it possible to run a template file after the MSK Cluster is created to run the shell scripts? e.g.
$ bin/kafka-topics.sh --bootstrap-server localhost:9092 --create --topic my-topic --partitions 1 \
--replication-factor 1 --config max.message.bytes=64000 --config flush.messages=1Thanks for any help
paulgearabout 5 years ago
Hi all, newbie terraform question here: I'm trying to use the https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/cosmosdb_account#connection_strings attribute in another module, and even though the documentation clearly says it produces a list of strings, I'm ending up with a string, and the error message "Invalid index; This value does not have any indices." How can I test the type of the attribute so I can know whether it needs wrapping to ensure my consuming modules get a consistent type?
Sam Buckinghamabout 5 years ago
Anyone had this when releaseing cert manager via terraform/helmfile?
Internal error occurred: failed calling webhook "<http://webhook.cert-manager.io|webhook.cert-manager.io>": Post <https://cert-manager-qa-webhook.cert-manager.svc:443/mutate?timeout=10s>: x509: certificate signed by unknown authoritySam Buckinghamabout 5 years ago
Guessing it’s cause the webhook pod isn’t ready yet?
Sam Buckinghamabout 5 years ago
Can I add a delay?
AdoSaabout 5 years ago
Hi all, new member of SweetOps community here.
I have a question regarding terraform-aws-ec2-ami-backup that I found to enable me to run regular backups od Windows EC2 instances. Since it is recommended that the Windows instance that is being backed up, is in shutdown state during the backup, is it possible for me to add a AWS SDK call to shut down an instance before backup and then start it back up after the Snapshot is completed?
I have a question regarding terraform-aws-ec2-ami-backup that I found to enable me to run regular backups od Windows EC2 instances. Since it is recommended that the Windows instance that is being backed up, is in shutdown state during the backup, is it possible for me to add a AWS SDK call to shut down an instance before backup and then start it back up after the Snapshot is completed?
Advait Patelabout 5 years ago
Hi all, We have a combination of ASG and launch config that spins up on-demand ec2 instances for us. However, due to recent changes in budget, we would like to use the combination of on-demand and spot instances. How and what changes I should make in my ASG and launch config to start spinning up Spot instances? Thanks!
Garethabout 5 years ago
Hi All, has anybody got a clever idea on how to only select one node out of an ASG to include in a AWS alb_target_group?
I normally supply a list of ARN's to the ASG and in turn all the machine in the ASG are added to the target groups.
However, I could really do with doing this in reverse and attach an instance from the ASG to the target group
I've start to look if I could run a data lookup on ec2 instances filtered on tags that matched the ASG and then take the first instance ID in the list and use the
resource to then add it to the target group but I'm guessing there probably a chicken and egg issue here.
I could also maybe write something to do similar to the data look or above via userdata.
But before I go off a invent something crazy, has anybody got that clever idea I'm hopeful for?
I normally supply a list of ARN's to the ASG and in turn all the machine in the ASG are added to the target groups.
resource type "aws_autoscaling_group"
*snipped to cut down on text*
target_group_arns = compact(
concat(
module.cms_public_target_group.arn,
module.maintenance_public_target_group.arn,
module.authoring_public_target_group.arn,
),
)However, I could really do with doing this in reverse and attach an instance from the ASG to the target group
I've start to look if I could run a data lookup on ec2 instances filtered on tags that matched the ASG and then take the first instance ID in the list and use the
aws_lb_target_group_attachmentresource to then add it to the target group but I'm guessing there probably a chicken and egg issue here.
I could also maybe write something to do similar to the data look or above via userdata.
But before I go off a invent something crazy, has anybody got that clever idea I'm hopeful for?
muhahaabout 5 years ago(edited)
Is anyone familiar with https://github.com/TelkomIndonesia/terraform-provider-linux provider ?
raviabout 5 years ago
I used terrafrom to create a mysql db instance and for the first time all went well i made few change to other modules not to the RDS module and when i run the terraform apply it says db instance already exist terrafrom is suppose to store the db instance that it was created earlier in it state why is it not happening any idea.
Output:
Warning: Quoted references are deprecated
on modules/elasticsearch/main.tf line 7, in resource "aws_elasticsearch_domain" "es":
7: ignore_changes = ["access_policies"]
In this context, references are expected literally rather than in quotes.
Terraform 0.11 and earlier required quotes, but quoted references are now
deprecated and will be removed in a future version of Terraform. Remove the
quotes surrounding this reference to silence this warning.
(and one more similar warning elsewhere)
Error: Error creating DB Instance: DBInstanceAlreadyExists: DB Instance already exists
status code: 400, request id: a753d1ca-b0af-447c-85e6-d1b7bd672f34rssabout 5 years ago(edited)
v0.15.0-alpha20210107
0.15.0 (Unreleased)
UPGRADE NOTES:
config: The list and map functions, both of which were deprecated since Terraform v0.12, are now removed. You can replace uses of these functions with tolist([...]) and tomap({...}) respectively. (#26818)
cli: Interrupting execution will now cause terraform to exit with a non-0 status. (<a...
0.15.0 (Unreleased)
UPGRADE NOTES:
config: The list and map functions, both of which were deprecated since Terraform v0.12, are now removed. You can replace uses of these functions with tolist([...]) and tomap({...}) respectively. (#26818)
cli: Interrupting execution will now cause terraform to exit with a non-0 status. (<a...
Mohammed Yahyaabout 5 years ago(edited)
Release v3.23.0 · hashicorp/terraform-provider-aws
breathingdust released this 4 hours ago
• New Data Source:
• New Data Source:
• New Resource:
• New Resource:
• New Resource:
• New Resource:
Finally SSO is implemented , no more CFN templates 💃
breathingdust released this 4 hours ago
• New Data Source:
aws_ssoadmin_instances (#15808)• New Data Source:
aws_ssoadmin_permission_set (#15808)• New Resource:
aws_sagemaker_image (#16082)• New Resource:
aws_ssoadmin_managed_policy_attachment (#15808)• New Resource:
aws_ssoadmin_permission_set (#15808)• New Resource:
aws_ssoadmin_permission_set_inline_policy (#15808)Finally SSO is implemented , no more CFN templates 💃
Hao Wangabout 5 years ago
Hi, it seems the RDS instance will be recreated each time, how can I avoid it? or ignore the RDS instance?
RBabout 5 years ago
Since any 0.14 version can apply a 0.14 module, has everyone moved to this new version? I'm still lagging behind with 0.12.x for most of our modules but considering a migration now that it's been out for a while
Cocoabout 5 years ago
Hey all! I'm using
I just learned about the
But in some underlying modules, for example
I'm not too sure if I might be something wrong or if there's a way to override the version in the underlying modules?
Terraform 0.14.3 (+Terragrunt), but I'm facing some issues with the terraform-aws-alb:0.26.0 module. When running terragrunt plan (which runs terraform init at first), I'm getting the following errorError: Unsupported Terraform Core version
on .terraform/modules/alb.access_logs.s3_bucket.this/versions.tf line 2, in terraform:
2: required_version = ">= 0.12.0, < 0.14.0"
...
Error: Unsupported Terraform Core version
on .terraform/modules/alb.access_logs.this/versions.tf line 2, in terraform:
2: required_version = ">= 0.12.0, < 0.14.0"I just learned about the
context.tf file and the issue might be coming from there. In the terraform-aws-alb:0.26.0 module, the null-label module is called with a version that supports Terraform 0.14+ like somodule "this" {
source = "cloudposse/label/null"
version = "0.22.1" // requires Terraform >= 0.12.26
...But in some underlying modules, for example
terraform-aws-lb-s3-bucket:0.9.0, it seems to be called with a version that does not support Terraform 0.14+ like somodule "this" {
source = "git::<https://github.com/cloudposse/terraform-null-label.git?ref=tags/0.19.2>"
...I'm not too sure if I might be something wrong or if there's a way to override the version in the underlying modules?
Cocoabout 5 years ago
Damn, I really like your modules guys <3
Hao Wangabout 5 years ago
Hi, is there a way to define memory/cpu to
null for the module cloudposse/ecs-container-definition/aws and cloudposse/ecs-alb-service-task/aws?Hao Wangabout 5 years ago
so the containers can use available resources
Scott Cochranabout 5 years ago(edited)
I'm having an issue getting terraform-aws-service-control-policies to create a policy.
Here is the output of my terraform run:
# module.service_control_policies.aws_organizations_policy.this[0] will be created
+ resource "aws_organizations_policy" "this" {
+ arn = (known after apply)
+ content = jsonencode(
{
+ Statement = []
+ Version = null
}
)
+ description = "Policy Staging OU SCP"
+ id = (known after apply)
+ name = "namespacetest-envtest-stagetest-nametest"
+ tags = {
+ "Environment" = "envtest"
+ "Name" = "namespacetest-envtest-stagetest-nametest"
+ "Namespace" = "namespacetest"
+ "Stage" = "stagetest"
}
+ type = "SERVICE_CONTROL_POLICY"
}
# module.service_control_policies.aws_organizations_policy_attachment.this[0] will be created
+ resource "aws_organizations_policy_attachment" "this" {
+ id = (known after apply)
+ policy_id = (known after apply)
+ target_id = "ou-<redacted>"
}
Plan: 2 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
module.service_control_policies.aws_organizations_policy.this[0]: Creating...
Error: error creating Organizations Policy (namespacetest-envtest-stagetest-nametest): MalformedPolicyDocumentException: The provided policy document does not meet the requirements of the specified policy type.
Here is my simple policy yaml:
effect: "Deny"
actions:
- "eks:*"
resources:
- "*"
Here is the output of my terraform run:
# module.service_control_policies.aws_organizations_policy.this[0] will be created
+ resource "aws_organizations_policy" "this" {
+ arn = (known after apply)
+ content = jsonencode(
{
+ Statement = []
+ Version = null
}
)
+ description = "Policy Staging OU SCP"
+ id = (known after apply)
+ name = "namespacetest-envtest-stagetest-nametest"
+ tags = {
+ "Environment" = "envtest"
+ "Name" = "namespacetest-envtest-stagetest-nametest"
+ "Namespace" = "namespacetest"
+ "Stage" = "stagetest"
}
+ type = "SERVICE_CONTROL_POLICY"
}
# module.service_control_policies.aws_organizations_policy_attachment.this[0] will be created
+ resource "aws_organizations_policy_attachment" "this" {
+ id = (known after apply)
+ policy_id = (known after apply)
+ target_id = "ou-<redacted>"
}
Plan: 2 to add, 0 to change, 0 to destroy.
Do you want to perform these actions?
Terraform will perform the actions described above.
Only 'yes' will be accepted to approve.
Enter a value: yes
module.service_control_policies.aws_organizations_policy.this[0]: Creating...
Error: error creating Organizations Policy (namespacetest-envtest-stagetest-nametest): MalformedPolicyDocumentException: The provided policy document does not meet the requirements of the specified policy type.
Here is my simple policy yaml:
- sid: "deny_eks"effect: "Deny"
actions:
- "eks:*"
resources:
- "*"
Cocoabout 5 years ago
Hey guys, is there some doc somewhere about the context.tf and
attributes parameter in the modules? I'm a bit confused as to how they behaveCocoabout 5 years ago
I'm using the
aws-alb modules, but it looks like the Name tags on the S3 access logs does not match the bucket ID. I was trying to figure out if I could work around that using the attributes parameter, but not too sure how it should be used
Ankit Rathiabout 5 years ago
Hiii amaziing folks, Good morning 🙂
We are using the following repos in our aws infrastructure
• https://github.com/cloudposse/terraform-aws-s3-bucket.git
• https://github.com/cloudposse/terraform-aws-iam-s3-user.git
We are facing issues while
I see PR’s have already been raised in these repositories for the upgrade 🙂
When are we planning to merge them ?
Thanks
We are using the following repos in our aws infrastructure
• https://github.com/cloudposse/terraform-aws-s3-bucket.git
• https://github.com/cloudposse/terraform-aws-iam-s3-user.git
We are facing issues while
upgrading to terraform version 0.14.2I see PR’s have already been raised in these repositories for the upgrade 🙂
When are we planning to merge them ?
Thanks
Ofir Rabanianabout 5 years ago
Hi! Quick question - how do you work as a team over terraform/other IaC? we’re working on a single dev stack, but sometimes two developers are adding a feature to the stack, in the same week. Having two different branches on github is something we obviously want, but we can’t really let them work simultaneously without taking the other developer’s changes. One option would be to have two stacks, but we are trying to find a different solution due to internal reasons.
Scott Cochranabout 5 years ago
Regarding module terraform-aws-service-control-policies:
I'm trying to figure out how to use a rule based on actions NOT being something. For instance, here is an AWS-supplied rule for restricting regions:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "RestrictRegion",
"Effect": "Deny",
"NotAction": [
"a4b:*",
"budgets:*",
"ce:*",
...
You can see there is a "NotAction" statement. I tried doing this in the module with "notactions:", but that didn't work. I couldn't find any examples of how to do this. Is it possible?
I'm trying to figure out how to use a rule based on actions NOT being something. For instance, here is an AWS-supplied rule for restricting regions:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "RestrictRegion",
"Effect": "Deny",
"NotAction": [
"a4b:*",
"budgets:*",
"ce:*",
...
You can see there is a "NotAction" statement. I tried doing this in the module with "notactions:", but that didn't work. I couldn't find any examples of how to do this. Is it possible?
btaiabout 5 years ago
dumb question: if we have an RDS instance provisioned via a snapshot using
snapshot_identifier , will subsequent applys re-restore that snapshot?
RRRabout 5 years ago
Hi there. A quick question about
terraform-aws-vpc-peering module. Does it works across regions ? Got a VPC id not found, and there's no typo
Gene Fontanillaabout 5 years ago
hi, need insights, on using terraform on aws eks.
which is better used in creating worker nodes?
which is better used in creating worker nodes?
cloudformation stacks or node groups?
Patrick Jahnsabout 5 years ago
Does anyone here use github actions in combination with terraform? I am particularly struggling with modelling an approval process in github actions
melissa Jennerabout 5 years ago
I use terraform to provision the S3 bucket. I would like to create multiple keys in one bucket. For instance, in the bucket, my_bucket, I would like to have keys like "data", "url", "aps/core" and "aps/app". Below is the sample code. Do I need to duplicate this code for each key?
resource "aws_s3_bucket_object" "create_folder" {
bucket = "my_bucket"
acl = var.acl
key = "data"
}melissa Jennerabout 5 years ago(edited)
How to output values created by for_each?
The code below creates two S3 buckets. I would like to output the names of the buckets. The code below does not work.
The code below creates two S3 buckets. I would like to output the names of the buckets. The code below does not work.
module "s3_bucket_for_emr_logs" {
source = "terraform-aws-modules/s3-bucket/aws"
version = "1.17.0"
for_each = toset(["${var.prefix}-emr-logs", "${var.prefix}-emr-logparser-logs"])
bucket = each.key
acl = var.acl
}
output "bucketname_emrs" {
value = module.s3_bucket_for_emr_logs[*].this_s3_bucket_id
}
Thomas Hoefkensabout 5 years ago
Hi all, would anyone know how to create a node of instance_type "Fargate" with TF? I know how to create the EKS cluster, how to create the Fargate profile etc. but I do not know how I can create nodes of type Fargate. When I create a cluster on AWS with eksctl and the command line option --fargate, it does exactly that: it creates nodes of instance_type Fargate but in TF I can only pass EC2 instance types like t1.micro etc.
Hans Westerbeekabout 5 years ago(edited)
Am i missing something or is
Variables.tf does specify that tags can be added.
BTW, tags on alarms are not visible in the AWS console but they do appear on the cli.
terraform-aws-ecs-cloudwatch-sns-alarms indeed not adding any tags to the alarms it creates? See https://github.com/cloudposse/terraform-aws-ecs-cloudwatch-sns-alarms/blob/ad8a6519b757bd497db8d0a0abf7403ebb2b9216/main.tf#L48Variables.tf does specify that tags can be added.
BTW, tags on alarms are not visible in the AWS console but they do appear on the cli.
Mohammed Yahyaabout 5 years ago
Please upvote this + 👍️ https://github.com/hashicorp/terraform-provider-aws/issues/16030
Rogerabout 5 years ago
Hello,
I have a question regarding the terraform-aws-eks-node-group (v0.16.0) module. When I set
I’m using a m5.xlarge instance type.
I see that it creates 2 launch templates. The first launch template is attached to auto scaling group. The second template has encryption options but it isn’t in use.
I have a question regarding the terraform-aws-eks-node-group (v0.16.0) module. When I set
launch_template_disk_encryption_enabled to true is the supposed to encrypt the default managed node group?I’m using a m5.xlarge instance type.
I see that it creates 2 launch templates. The first launch template is attached to auto scaling group. The second template has encryption options but it isn’t in use.
David Napierabout 5 years ago
Hey, is there a module for creating security_groups in AWS?
David Napierabout 5 years ago
Would love to see this merged soon. https://github.com/cloudposse/terraform-aws-alb/pull/68
melissa Jennerabout 5 years ago(edited)
Question on the module, https://github.com/cloudposse/terraform-aws-emr-cluster
I use this module to provision EMR cluster. Below are the outputs.
cluster_master_host =
cluster_master_public_dns = ip-50-20-1-177.us-west-2.compute.internal
cluster_name = emr-test
ssh -i Dev-Keys.pem hadoop@ip-50-20-1-177.us-west-2.compute.internal
ssh: Could not resolve hostname ip-50-20-1-177.us-west-2.compute.internal: Name or service not known
Questions:
1. Why output of cluster_master_host is empty?
2. I am not able to login to ip-50-20-1-177.us-west-2.compute.internal. It complains, "Could not resolve hostname".
Below is the source code:
I use this module to provision EMR cluster. Below are the outputs.
cluster_master_host =
cluster_master_public_dns = ip-50-20-1-177.us-west-2.compute.internal
cluster_name = emr-test
ssh -i Dev-Keys.pem hadoop@ip-50-20-1-177.us-west-2.compute.internal
ssh: Could not resolve hostname ip-50-20-1-177.us-west-2.compute.internal: Name or service not known
Questions:
1. Why output of cluster_master_host is empty?
2. I am not able to login to ip-50-20-1-177.us-west-2.compute.internal. It complains, "Could not resolve hostname".
Below is the source code:
module "emr_cluster" {
source = "git::<https://github.com/cloudposse/terraform-aws-emr-cluster.git?ref=tags/0.16.0>"
master_allowed_security_groups = [data.terraform_remote_state.vpc.outputs.default_security_group_id]
slave_allowed_security_groups = [data.terraform_remote_state.vpc.outputs.default_security_group_id]
region = var.region
vpc_id = data.terraform_remote_state.vpc.outputs.vpc_id
subnet_id = data.terraform_remote_state.vpc.outputs.private_subnets[0]
route_table_id = data.terraform_remote_state.vpc.outputs.private_route_table_ids[0]
subnet_type = "private"
ebs_root_volume_size = var.ebs_root_volume_size
visible_to_all_users = var.visible_to_all_users
release_label = var.release_label
applications = var.applications
configurations_json = var.configurations_json
core_instance_group_instance_type = var.core_instance_group_instance_type
core_instance_group_instance_count = var.core_instance_group_instance_count
core_instance_group_ebs_size = var.core_instance_group_ebs_size
core_instance_group_ebs_type = var.core_instance_group_ebs_type
core_instance_group_ebs_volumes_per_instance = var.core_instance_group_ebs_volumes_per_instance
master_instance_group_instance_type = var.master_instance_group_instance_type
master_instance_group_instance_count = var.master_instance_group_instance_count
master_instance_group_ebs_size = var.master_instance_group_ebs_size
master_instance_group_ebs_type = var.master_instance_group_ebs_type
master_instance_group_ebs_volumes_per_instance = var.master_instance_group_ebs_volumes_per_instance
create_task_instance_group = var.create_task_instance_group
log_uri = format("<s3://%s/%s>", data.terraform_remote_state.s3.outputs.bucketname_emrs[1], "emr-logs/")
key_name = "Dev-Keys"
context = module.this.context
}Mohammed Yahyaabout 5 years ago(edited)
New Big Release >> More AWS SSO Support, Github v2 support in codepipeline, api_gateway waited fixes
terraform-provider-aws 3.24.0 (January 14, 2021)
FEATURES
• New Data Source:
• New Data Source:
• New Data Source:
• New Resource:
• New Resource:
• New Resource:
• New Resource:
• New Resource:
https://github.com/hashicorp/terraform-provider-aws/blob/v3.24.0/CHANGELOG.md#3240-january-14-2021
terraform-provider-aws 3.24.0 (January 14, 2021)
FEATURES
• New Data Source:
aws_api_gateway_domain_name (#12489)• New Data Source:
aws_identitystore_group (#15322)• New Data Source:
aws_identitystore_user (#15322)• New Resource:
aws_cloudwatch_composite_alarm (#15023)• New Resource:
aws_fms_policy (#9594)• New Resource:
aws_route53_resolver_dnssec_config (#17012)• New Resource:
aws_sagemaker_domain (#16077)• New Resource:
aws_ssoadmin_account_assignment (#15322)https://github.com/hashicorp/terraform-provider-aws/blob/v3.24.0/CHANGELOG.md#3240-january-14-2021
Mohammed Yahyaabout 5 years ago(edited)
Just release simple
https://github.com/mhmdio/terraform-aws-sso
Contribution are most welcome, still v0.1.1 version.
terraform-aws-sso module to create an SSO Permission Set, attach managed policy and existing Group to target account.https://github.com/mhmdio/terraform-aws-sso
Contribution are most welcome, still v0.1.1 version.
RBabout 5 years ago
Is
aws_ssoadmin_permission_set_inline_policy ready yet?RBabout 5 years ago
Annoying that aws sso doesn't allow reusing iam managed policies or allowing multiple policy attachments
RBabout 5 years ago
I hope they fix that this year
skel84about 5 years ago
Hello, did someone succeed in using the
I get the same error if i try to do the same with the CLI:
From the web console I can create the role without problems.
Any idea?
terraform-aws-eks-cluster in AWS China? I have tried and it fails when it tries to create the IAM role, with this error An error occurred (InvalidClientTokenId) when calling the CreateRole operation: The security token included in the request is invalid.I get the same error if i try to do the same with the CLI:
❯ aws iam create-role \
--role-name myAmazonEKSClusterRole \
--assume-role-policy-document file://"cluster-role-trust-policy.json"
An error occurred (InvalidClientTokenId) when calling the CreateRole operation: The security token included in the request is invalidFrom the web console I can create the role without problems.
Any idea?
Thomas Hoefkensabout 5 years ago
Hi, does anonye know how a deployed alb-ingress-controller's load balancer can be removed - when calling terraform destroy on an EKS cluster, the associated VPC cannot be destroyed because there's still the load balancer created by the deployment of a helm chart which included the alb ingress controller.. this is not particularly great as it destroys the benefit of cleaning up resources with the tf destroy command...
Steve Wade (swade1987)about 5 years ago
does anyone know a decent tool to delete everything in an AWS account back to the initial account setup?
Steve Wade (swade1987)about 5 years ago
i don't really want to have run
terraform destroy on X repos if i can help it
Sean Turnerabout 5 years ago
Has anyone ever dealt with a time when a tf PR was approved but has been sitting for months? Was it possible to nudge the maintainers to merge it? It's not my PR, but it's something I'm looking to implement for a client. Specifically https://github.com/hashicorp/terraform-provider-aws/pull/14974
Steve Wade (swade1987)about 5 years ago
is a VPC name unique across regions in the same account?
Steve Wade (swade1987)about 5 years ago
e.g. can i have a
dev VPC in Ireland and another dev VPC in Singapore within the same account?RBabout 5 years ago
I created a couple terraform issues today. I didn't see them written up before and id like to get community feedback on them.
• Pass in all resource arguments with a single map
• Override a module resource from outside a module reference
Thanks!
• Pass in all resource arguments with a single map
• Override a module resource from outside a module reference
Thanks!
lorenabout 5 years ago(edited)
fwiw, updated a decent number of tf states from 0.13.5 to 0.14.4 over the last week... no significant issues, but a few things took a little while to understand:
• sensitive values may be marked in the provider, i.e. an iam access/secret key. you cannot
• some of the output handling is a little odd, particularly with conditional resources/modules and accordingly conditional outputs. in some places, outputting
• the workflow around the new lock file,
• if you are updating from 0.12, you'll likely want to (or need to) first update to tf 0.13 for the new provider/registry syntax, to get the old syntax out of your tf 0.12 tfstate
• sensitive values may be marked in the provider, i.e. an iam access/secret key. you cannot
for_each over objects containing these values, but you can for_each over non-sensitive keys and index into the object. any outputs containing provider-marked sensitive values must also be marked sensitive• some of the output handling is a little odd, particularly with conditional resources/modules and accordingly conditional outputs. in some places, outputting
null as the false condition caused a persistent diff. worked fine in tf 0.13.5, but not in tf 0.14.4. changing it to "" fixed it 🤷♂️🏻• the workflow around the new lock file,
.terraform.lock.hcl, is quite cumbersome. it really clutters up the repo when you have a lot of root modules, and means you have to init each root somehow to generate the file, and commit it, anytime you want to update providers? no thanks! but, unfortunately, there is no way to disable it. the file is mandatory for a plan/apply. i'm using terraform-bundle already, setting up the plugin-cache in advance, restricting versions, and restricting network connectivity in CI. so i thought i could just remove the file after init, but no dice. you can remove it after apply, and don't have to commit it (but that means CI will need to generate it)• if you are updating from 0.12, you'll likely want to (or need to) first update to tf 0.13 for the new provider/registry syntax, to get the old syntax out of your tf 0.12 tfstate
zidanabout 5 years ago
Do u have an AWS account and you want to deploy your static website in less than 5 minutes?
I have published a terraform module to do that for u, so fast and quick and it doesn’t require any complicated stuff from u, check it out and let me know what do you think?
https://www.dailytask.co/task/deploy-you-static-website-in-s3-and-cloudfront-using-terraform-ahmed-zidan
I have published a terraform module to do that for u, so fast and quick and it doesn’t require any complicated stuff from u, check it out and let me know what do you think?
https://www.dailytask.co/task/deploy-you-static-website-in-s3-and-cloudfront-using-terraform-ahmed-zidan
S Bhaskar Sarma Emaniabout 5 years ago
Hi All,
I am also facing the same issue. have you found the solution for this scenario.
https://github.com/cloudposse/terraform-aws-elastic-beanstalk-environment/issues/47
I am also facing the same issue. have you found the solution for this scenario.
https://github.com/cloudposse/terraform-aws-elastic-beanstalk-environment/issues/47
Steve Wade (swade1987)about 5 years ago
does anyone know in terraform if you can work out where a map is empty?
Steve Wade (swade1987)about 5 years ago
i have a map like this
if its empty like this I don't want to execute a module
yellowfin = {
instances = {}
schedule = {
down = {}
up = {}
}
}
}if its empty like this I don't want to execute a module
Corey Smithabout 5 years ago
Checking out module: https://github.com/cloudposse/terraform-aws-elasticache-redis
Able to correctly create a cluster with when not in clustering mode but I am getting the following errors when I change to using clustering mode
with the following module configuration
please let me know if you would prefer I open bug report for this or if its just incorrect usage on my part. Thanks!
Able to correctly create a cluster with when not in clustering mode but I am getting the following errors when I change to using clustering mode
Error: Invalid function argument
on .terraform/modules/redis/main.tf line 169, in module "dns":
169: records = var.cluster_mode_enabled ? [join("", aws_elasticache_replication_group.default.*.configuration_endpoint_address)] : [join("", aws_elasticache_replication_group.default.*.primary_endpoint_address)]
|----------------
| aws_elasticache_replication_group.default is tuple with 1 element
Invalid value for "lists" parameter: element 0 is null; cannot concatenate
null values.
Error: Invalid function argument
on .terraform/modules/redis/outputs.tf line 17, in output "endpoint":
17: value = var.cluster_mode_enabled ? join("", aws_elasticache_replication_group.default.*.configuration_endpoint_address) : join("", aws_elasticache_replication_group.default.*.primary_endpoint_address)
|----------------
| aws_elasticache_replication_group.default is tuple with 1 element
Invalid value for "lists" parameter: element 0 is null; cannot concatenate
null values.with the following module configuration
module "redis" {
source = "cloudposse/elasticache-redis/aws"
version = "0.27.3"
availability_zones = ["us-east-1a", "us-east-1b", "us-east-1a"] #1a, 1b, 1c
# namespace = "<http://es.dev.spotlightnews.us|es.dev.spotlightnews.us>"
stage = local.env
name = local.svc_name
# zone_id = var.zone_id
vpc_id = data.terraform_remote_state.network.outputs.vpc_id
subnets = data.terraform_remote_state.network.outputs.private_subnet_ids_list #slice?
allowed_cidr_blocks = ["10.0.0.0/16"] ## get from private subnets
cluster_mode_enabled = true
cluster_mode_num_node_groups = 1
cluster_mode_replicas_per_node_group = 1
instance_type = "cache.t3.small"
apply_immediately = true
automatic_failover_enabled = false
engine_version = "5.0.6"
family = "redis5.0"
at_rest_encryption_enabled = false
transit_encryption_enabled = true
auth_token = "1234567890asdfghjkl"
# parameter = [{}]
}please let me know if you would prefer I open bug report for this or if its just incorrect usage on my part. Thanks!
Steveabout 5 years ago
is there a way to have a before hook globally for terragrunt ?
uselessuseofcatabout 5 years ago
Is there a way for Terraform not to create a new revision if task already exists in ECS cluster but to use the latest existing revision? Or if it doesn't exists at all to create it? Thanks!
Erik Osterman (Cloud Posse)about 5 years ago
@Alex Jurkiewicz Some updates here: https://github.com/cloudposse/terraform-null-label/pull/118
PePe Amengualabout 5 years ago
@loren since you are the for_each/maps Guru do you have an idea why that does not work ? https://github.com/cloudposse/terraform-aws-ec2-autoscale-group/pull/43
Erik Osterman (Cloud Posse)about 5 years ago
woohoo! @Matt Gowie added support for synthetics to our datadog module. https://github.com/cloudposse/terraform-datadog-monitor/pull/25
PePe Amengualabout 5 years ago
So this just happened to me: working on a module for a project using a dev environment but I have another co-worker working in another branch and then she did TF apply and I just got a
Your query returned no results and I thought I broke something ( we use atlantis for other projects so this that do not happen) is there a way to check the state if it was changed ( like doing a git pull) ?(keep in mind in this case was a data. resource so is not going to be recreated)PePe Amengualabout 5 years ago
did anyone shared this before? https://github.com/nozaq/terraform-aws-secure-baseline anyone using it?
Ethan Williamsabout 5 years ago
Is there a reason to implement Atlantis when using GitHub and GitHub actions now that you can create your own comment tool in actions as well as simply apply there as well. Just curious.
Mohammed Yahyaabout 5 years ago
Will this affect Terraform ?
https://aws.amazon.com/about-aws/whats-new/2021/01/aws-sdk-for-go-version-2-now-generally-available/
https://aws.amazon.com/about-aws/whats-new/2021/01/aws-sdk-for-go-version-2-now-generally-available/
Andyabout 5 years ago(edited)
Hi, I was trying to use the cloudposse/terraform-aws-s3-bucket module but was getting this error:
I think because it tries to set two tags:
Error: Error creating IAM User my-non-prod-deployment-artefacts: InvalidInput: Duplicate tag keys found. Please note that Tag keys are case insensitive.I think because it tries to set two tags:
Environment (one of my companies default tags) and environment as set by the module. Is there a workaround for this?rssabout 5 years ago(edited)
v0.14.5
0.14.5 (January 20, 2021)
ENHANCEMENTS:
backend/pg: The Postgres backend now supports the "scram-sha-256" authentication method. (#26886)
BUG FIXES:
cli: Fix formatting of long integers in outputs and console (<a href="https://github.com/hashicorp/terraform/issues/27479" data-hovercard-type="pull_request"...
0.14.5 (January 20, 2021)
ENHANCEMENTS:
backend/pg: The Postgres backend now supports the "scram-sha-256" authentication method. (#26886)
BUG FIXES:
cli: Fix formatting of long integers in outputs and console (<a href="https://github.com/hashicorp/terraform/issues/27479" data-hovercard-type="pull_request"...
sheldonhabout 5 years ago
Is there anything other than tfenv that provides that smooth experience for various terraform versions. Maybe a docker driven approach that’s not hideous to look at with something like whalebrew or the like?
Also I kinda wanted on installing a new version for it to prompt me to set as default instead of having to do 2 commands so before I dive into exploring submitting a PR or something on that, would like to know if it’s still the best tool to use for managing various versions of terraform
Also I kinda wanted on installing a new version for it to prompt me to set as default instead of having to do 2 commands so before I dive into exploring submitting a PR or something on that, would like to know if it’s still the best tool to use for managing various versions of terraform
Hari raghavabout 5 years ago
Hi Guys, I am using terraform 12.24 and trying to run cloudposse asg module,but getting below error though iam using correct version,not sure if iam missing anything else.
terraform init
Initializing modules...
Downloading git::<https://github.com/cloudposse/terraform-aws-ec2-autoscale-group.git?ref=tags/0.10.0> for autoscale_group...
- autoscale_group in .terraform/modules/autoscale_group
Downloading cloudposse/label/null 0.22.1 for autoscale_group.this...
- autoscale_group.this in .terraform/modules/autoscale_group.this
Error: Unsupported Terraform Core version
Module autoscale_group (from
"git::<https://github.com/cloudposse/terraform-aws-ec2-autoscale-group.git?ref=tags/0.10.0>")
does not support Terraform version 0.12.24. To proceed, either choose another
supported Terraform version or update the module's version constraint. Version
constraints are normally set for good reason, so updating the constraint may
lead to other errors or unexpected behavior.N
Neel Patelabout 5 years ago
Getting error while configure eks_cluster_node
voidSurfrabout 5 years ago
hey guys, if anyone can help me understand the https://registry.terraform.io/modules/cloudposse/eks-node-group/aws/latest module - I'd appreciate it. Right now it's creating everything except the nodes themselves. here's a snippet:
https://gist.github.com/todd-dsm/7a8f96fe488917f3d7dd1fc3516e3c3c#file-main-tf-L36-L60
https://gist.github.com/todd-dsm/7a8f96fe488917f3d7dd1fc3516e3c3c#file-main-tf-L36-L60
$ tf apply
...
module.apps_cluster.null_resource.wait_for_cluster[0]: Still creating... [3m40s elapsed]
Error: Error creating IAM Role smpl-stage-pipes-workers: EntityAlreadyExists: Role with name smpl-stage-pipes-workers already exists.
status code: 409, request id: 7bfdb776-988c-4f43-8ac0-4e596d1ee261
Error: Error creating IAM Role smpl-stage-pipes-workers: EntityAlreadyExists: Role with name smpl-stage-pipes-workers already exists.
status code: 409, request id: 3657c9be-1038-4d79-870e-3ae73ce83a64
Error: Error creating IAM Role smpl-stage-pipes-workers: EntityAlreadyExists: Role with name smpl-stage-pipes-workers already exists.
status code: 409, request id: 068bbe8a-b6da-47a7-a53c-b584873f84c9
Error: Error running command 'curl --silent --fail --retry 60 --retry-delay 5 --retry-connrefused --insecure --output /dev/null $ENDPOINT/healthz': exit status 7. Output:
Releasing state lock. This may take a few moments...Mohammed Yahyaabout 5 years ago(edited)
https://github.com/hashicorp/terraform-provider-aws/releases/tag/v3.25.0
• New Resource:
• New Resource:
• New Resource:
• New Resource:
• New Resource:
aws_backup_global_settings (#16475)• New Resource:
aws_sagemaker_feature_group (#16728)• New Resource:
aws_sagemaker_image_version (#17141)• New Resource:
aws_sagemaker_user_profile (#17123)U
Unknown Userabout 5 years ago(edited)
Which task runner you would use? for Terraform operations?
Pierre-Yvesabout 5 years ago(edited)
Hello,
the code below trigger a null_resource for each key at creation and when the resource is removed as well ..
Can you help me figuring out how to triggered it only at resource creation ?
the code below trigger a null_resource for each key at creation and when the resource is removed as well ..
Can you help me figuring out how to triggered it only at resource creation ?
resource "null_resource" "connection_test" {
for_each = local.config_map
triggers = {
key = each.key
}
connection {
..
}
}
oskar maria grandeabout 5 years ago
Has anyone in here created (CICD) deployment pipelines for ECS Fargate container based services? I’m currently falling back to AWS CLI after trying too hard to leverage
aws_ecs_task_definition outside the “resource provisioning” context. So I’m just curious if anybody else had been there – I found surprisingly little out there in the blogosphere.David Napierabout 5 years ago
Using [terraform-aws-alb](https://github.com/cloudposse/terraform-aws-alb): How do you add an instance to a target group?
Ankit Rathiabout 5 years ago
Hi amazing folks,
We are using the following module in our codebase
now
We are using the following module in our codebase
module "module-name" {
source = "git::<https://github.com/cloudposse/terraform-aws-iam-s3-user.git?ref=0.14.1>"
namespace = "xxx"
stage = "xxx"
name = "xxx"
s3_actions = [
"s3:GetBucketLocation",
"s3:ListAllMyBuckets",
"s3:ListBucket",
"s3:PutObject",
"s3:PutObjectAcl",
"s3:GetObjectAcl",
"s3:GetObjectVersion",
"s3:DeleteObject",
"s3:DeleteObjectVersion"
]
s3_resources = [
"my-resources"
]
depends_on = [
"***"
]
}now
strangely it is removing those s3_actions when i execute terraform plan ~ json = jsonencode(
{
- Statement = [
- {
- Action = [
- "s3:PutObjectAcl",
- "s3:PutObject",
- "s3:ListBucket",
- "s3:ListAllMyBuckets",
- "s3:GetObjectVersion",
- "s3:GetObjectAcl",
- "s3:GetBucketLocation",
- "s3:DeleteObjectVersion",
- "s3:DeleteObject",
]
- Effect = "Allow"
- Resource = [
- "***"
]
- Sid = ""
},
]
- Version = "2012-10-17"
}Ankit Rathiabout 5 years ago
we are upgrading to version 0.14.4 and our expection is that there should be no change in infrastrucure when we execute
terraform plan/applyMohammed Yahyaabout 5 years ago
Testing https://taskfile.dev/#/ by creating TF taskfile for all TF ops instead of Makefile
Sample of Taskfile.yml:
Sample of Taskfile.yml:
# <https://taskfile.dev>
version: '3'
vars:
GREETING: XXX >> Terraform Taskfile!
PROFILE: XXX-dev
tasks:
default:
desc: Hello MSG.
cmds:
- echo "{{.GREETING}}"
silent: true
main:
desc: Main workflow.
cmds:
- task: init
- task: validate
- task: plan
aws-vault:
desc: Login using aws-vault.
cmds:
- aws-vault --version
- aws-vault exec {{.PROFILE}} --duration=2h
silent: true
init:
desc: Terraform init.
cmds:
- terraform -chdir=$DIR init
upgrade:
desc: Terraform upgrade.
cmds:
- terraform -chdir=$DIR init -upgrade=true
validate:
desc: Terraform validate.
cmds:
- terraform -chdir=$DIR validate
plan:
desc: Terraform plam.
cmds:
- terraform -chdir=$DIR plan -compact-warnings
apply:
desc: Terraform apply.
cmds:
- terraform -chdir=$DIR apply -auto-approve
Ofek Solomonabout 5 years ago(edited)
Hi guys, when trying to use the terraform-aws-eks-workers module with terraform 0.14.3 im unable to do so because of the hard coded version of the terraform-aws-ec2-autoscale-group in here , is there a reason for that? it prevents me from using the module with our current terraform version. Appreciate the help!
peteabout 5 years ago
Is there a way to tell terraform to ignore changes on "latest_version" while using the autoscale-group module?
diogofabout 5 years ago
Hi everyone, been using
I found out an easy way to use Service Discovery that matches well the modules BUT there is this problem:
ecs-alb-service-task for a long time but now I have come up with a problem: how to make 2 services on the same Cluster to communicate with one another (or better A --> B)?I found out an easy way to use Service Discovery that matches well the modules BUT there is this problem:
Error: InvalidParameterException: Specify a value for either 'port' or the 'containerName' and 'containerPort' combination, but not both. Remove one and retry. Registry: arn:aws:servicediscovery:eu-west-1:790682551775:service/srv-6ixnxocmk32rt3on "demo-release-3tier-web"Pierre-Yvesabout 5 years ago
Hello,
how do you organize your code for multi-region ?
do you set the region at provider level ? or providing location at each element ?
or include the region in the directory structure ?
how do you organize your code for multi-region ?
do you set the region at provider level ? or providing location at each element ?
or include the region in the directory structure ?
David Mirandaabout 5 years ago
Hi,
Just passing here to ask from you guys experience what is the best approach (first one) to build mine Terraform project structure. A little bit of context:
• Currently I'm not using Terraform for provisioning servers; I have a strict infrastructure requirement... be cloud-agnostic; We can use AWS or Azure or even on-premise;
• I already have all the necessary software configurations required to met the previous requirement; All the things are in a "IaS"/automation using Ansible;
• Currently my platform are in a cloud-provider and now I want to add a new one for platform redundancy; Now I believe that is the time to add a provision tool like Terraform.
• All the environment should have the same structure (same network settings, same databases, same backend services, etc). The difference should be production have 5 servers and dev only 1, for example;
• I've seen several examples of code structure like the modules approach, separate the environment by folders an reuse the modules; On question here: this can lead to code duplication right? Any strategy on this or maybe exists a better approach?
• What is the better strategy to use a collaborative approach on the Terraform development? Starting at the beginning saving the state on a centralized service like S3 (is a must have)?
Would be happy to hear from someone with experience about this use case. 🙂
Just passing here to ask from you guys experience what is the best approach (first one) to build mine Terraform project structure. A little bit of context:
• Currently I'm not using Terraform for provisioning servers; I have a strict infrastructure requirement... be cloud-agnostic; We can use AWS or Azure or even on-premise;
• I already have all the necessary software configurations required to met the previous requirement; All the things are in a "IaS"/automation using Ansible;
• Currently my platform are in a cloud-provider and now I want to add a new one for platform redundancy; Now I believe that is the time to add a provision tool like Terraform.
• All the environment should have the same structure (same network settings, same databases, same backend services, etc). The difference should be production have 5 servers and dev only 1, for example;
• I've seen several examples of code structure like the modules approach, separate the environment by folders an reuse the modules; On question here: this can lead to code duplication right? Any strategy on this or maybe exists a better approach?
• What is the better strategy to use a collaborative approach on the Terraform development? Starting at the beginning saving the state on a centralized service like S3 (is a must have)?
Would be happy to hear from someone with experience about this use case. 🙂
Steve Wade (swade1987)about 5 years ago
can anyone recommend some good documentation on configuring terraform compliance?
we would like to run it against CI for our terraform modules monorepo as well as when we execute this modules from other repos as part of Atlantis
we would like to run it against CI for our terraform modules monorepo as well as when we execute this modules from other repos as part of Atlantis
Shannon Dunnabout 5 years ago
Is there anyway to collect all resources of a certain resource type into a list, without explicitly knowing the names of all the resources:
Say I want to get all resources of type azuread_group that exist, but not really have to know the resource name of all of them.
[for azure_ad_group.*] or something along those lines?
Say I want to get all resources of type azuread_group that exist, but not really have to know the resource name of all of them.
[for azure_ad_group.*] or something along those lines?
rssabout 5 years ago(edited)
v0.15.0-alpha20210127
0.15.0 (Unreleased)
BREAKING CHANGES:
The list and map functions, both of which were deprecated since Terraform v0.12, are now removed. You can replace uses of these functions with tolist([...]) and tomap({...}) respectively. (#26818)
Terraform now requires UTF-8 character encoding and virtual terminal support when running on...
0.15.0 (Unreleased)
BREAKING CHANGES:
The list and map functions, both of which were deprecated since Terraform v0.12, are now removed. You can replace uses of these functions with tolist([...]) and tomap({...}) respectively. (#26818)
Terraform now requires UTF-8 character encoding and virtual terminal support when running on...
Mohammed Yahyaabout 5 years ago(edited)
Must watch Github repos:
• https://github.com/donnemartin/awesome-aws
• https://github.com/sdras/awesome-actions
• https://github.com/shuaibiyy/awesome-terraform
• https://github.com/donnemartin/awesome-aws
• https://github.com/sdras/awesome-actions
• https://github.com/shuaibiyy/awesome-terraform
Yoni Leitersdorf (Indeni Cloudrail)about 5 years ago(edited)
Question for discussion here:
Yesterday I noticed that terraform-aws-rds doesn’t set encryption on the RDS by default. I opened an issue which @antonbabenko closed. I completely understand Anton’s reasoning here, but it raises a question for me: how opinionated should the Terraform modules be?
Users can use checkov/cloudrail/sentinel/terrascan/tfsec to catch things like this, but why not reduce the chances they trip on something?
I’m generally of the opinion of reducing the potential for someone to make a mistake, as many people using Terraform today are new to both TF and AWS. I’m curious what others think here.
Yesterday I noticed that terraform-aws-rds doesn’t set encryption on the RDS by default. I opened an issue which @antonbabenko closed. I completely understand Anton’s reasoning here, but it raises a question for me: how opinionated should the Terraform modules be?
Users can use checkov/cloudrail/sentinel/terrascan/tfsec to catch things like this, but why not reduce the chances they trip on something?
I’m generally of the opinion of reducing the potential for someone to make a mistake, as many people using Terraform today are new to both TF and AWS. I’m curious what others think here.
Joe Hostenyabout 5 years ago
Hi folks, I am not sure if this should be here, or the AWS channel. But I am having some difficulty with the new changes on the
So, I deleted the rule temporarily. However, when running the apply I now get:
Anyone run into this, and perhaps have a way to resolve? On this particular project, I can safely delete the stack and re-create, but I a have another where I likely cannot.
terraform-aws-codebuild module. That recently enabled mfa_delete by default. That requires manual intervention to change. When modifying on the CLI, I got the error:An error occurred (InvalidBucketState) when calling the PutBucketVersioning operation: Mfa Authentication is not supported on a bucket with lifecycle configuration. Delete lifecycle configuration before enabling Mfa Authentication.So, I deleted the rule temporarily. However, when running the apply I now get:
Error putting S3 lifecycle: InvalidBucketState: Cannot put lifecycle configuration on a bucket that has MFA enabledAnyone run into this, and perhaps have a way to resolve? On this particular project, I can safely delete the stack and re-create, but I a have another where I likely cannot.
Joe Hostenyabout 5 years ago
I attempted to solve this by deleting the bucket, and letting TF re-apply from the start, but now I am stuck on:
Error putting S3 versioning: AccessDenied: Mfa Authentication must be used for this requestMohammed Yahyaabout 5 years ago
terraform-provider-aws/releases/tag/v3.26.0 is out
Mohammed Yahyaabout 5 years ago
https://www.hashicorp.com/blog/terraform-mono-repo-vs-multi-repo-the-great-debate
@Erik Osterman (Cloud Posse) @Matt Gowie @PePe Amengual the debate from them, similar to stacks approach , the only thing I would do is to add stacks to env folders
@Erik Osterman (Cloud Posse) @Matt Gowie @PePe Amengual the debate from them, similar to stacks approach , the only thing I would do is to add stacks to env folders
Laurynasabout 5 years ago
Hi, I had terraform resource (route53 dns record) created by provider-a (one aws account) but now I manually moved this resource to provider-b(another aws account) I now want to change terraform state to reference to this new manually created resource, what's the way to do that?
Yoni Leitersdorf (Indeni Cloudrail)about 5 years ago
Anybody here using privately built, locally saved, plugins in Terraform? (that is, not a binary that was automatically downloaded via terraform init)
RBabout 5 years ago
We were using one to get kms encrypted secrets from our secrets s3 bucket but then i realized that a data source s3 object (with the object as type text) could replace the plugin. The plug-in is still in use due to old code but it's used less frequently.
RBabout 5 years ago
To download that plugin, we hosted it in a separate s3 bucket. Would be better to put it in artifactory id imagine but it's old so we'll deprecate it eventually
Miguel Zablahabout 5 years ago
Hi, I have a question about GCP Cloud Run is it a good practice to have it on a Load Balancer? Is it possible? I try to have a serverless
google_compute_region_network_endpoint_group and then point that to a backend service but it's failing bc of the health check any ideas?
EvanGabout 5 years ago
Question for AWS users. Has anyone figured out how to use cli MFA with terraform?
E
erikabout 5 years ago
RBabout 5 years ago
Module dependencies will finally get documented soon in terraform docs
https://github.com/terraform-docs/terraform-docs/issues/255
https://github.com/terraform-docs/terraform-docs/issues/255
Sarath Pantalaabout 5 years ago(edited)
I need helpin Terraform
i getting this error in terraform apply
i am using terraform v0.12.0
and AWS eks module v5.0.0
i getting this error in terraform apply
i am using terraform v0.12.0
and AWS eks module v5.0.0
Error: Incorrect attribute value type
on .terraform/modules/eks/workers_launch_template.tf line 40, in resource "aws_autoscaling_group" "workers_launch_template":
40: vpc_zone_identifier = lookup(
Inappropriate value for attribute "vpc_zone_identifier": set of string
required
Michael Dizonabout 5 years ago
love when tf cloud is down
Alex Jurkiewiczabout 5 years ago
Anyone played with Terraform CDK? Thoughts? When i think about the truly awful code I've written in HCL to express quite basic logic, it is appealing...