#terraform - February 2021 | Slack Archive

285 messages

Archive: https://archive.sweetops.com/terraform/

Jan 2021

February 2021

Mar 2021

Laurynasabout 5 years ago

I'm updating Terraform version that is used by our team from 0.13.5 to 0.14.5. So as I understand with terraform 0.14 .terraform.lock.hcl should be committed to git?

Vincent Van der Kussenabout 5 years ago

Hi, does anyone here knows of a way to handle data resources with nill values? I'm using google_kms_key_ring and it seems to return nill when a non existing keyring name is provided

Rogerio Goncalvesabout 5 years ago

hey 👋

https://github.com/cloudposse/terraform-aws-efs/commit/53847b81f887f13a7cfec6132bf362bde6dd3788#diff-05b5a57c136b6ff5965[…]d184d9daa9a65a288eR41-R43
shouldn’t this change be a major release? changing encrypted from false to true will enforce recreation of the EFS resource

Andrew Rothabout 5 years ago

https://www.hashicorp.com/blog/announcing-version-2-0-kubernetes-and-helm-providers-for-hashicorp-terraform

Steve Wade (swade1987)about 5 years ago

is anyone using or planning to use https://github.com/terraform-aws-modules/terraform-aws-pricing ?

Mansoor Ebrahimabout 5 years ago(edited)

trying to setup my terraform project with v0.14.4... however i'm getting an error
Error: Unsupported argument
on main.tf line 21, in provider "kubernetes":
21: load_config_file = false

here is my code
provider "kubernetes" {
host = data.aws_eks_cluster.cluster.endpoint
cluster_ca_certificate = base64decode(data.aws_eks_cluster.cluster.certificate_authority.0.data)
token = data.aws_eks_cluster_auth.cluster.token
load_config_file = false
}

Jeremy G (Cloud Posse)about 5 years ago

Announcement: terraform-null-label v0.23.0 is now out. It allow for setting the letter case of tag names and labels. Previously we forced tag names to be Title case and labels to be lower case. Now we allow some configuration. The primary impetus for this is that GCE does not allow uppercase letters in tag names, but we have taken it a step further based on other requests we have had over the years.

Note that with this version of null label, we have dropped support for Terraform 0.12. All future versions of our Terraform modules (once they are updated to terraform-null-label v0.23.0) are for TF 0.13.0 or above.

syttenabout 5 years ago

Is it possible to list the files uploaded in a remote run?

syttenabout 5 years ago

I feel the upload part is longer than it should and since I work in a monorepo it might be due to some random stuff being uploaded

syttenabout 5 years ago

I added this terraformignore

syttenabout 5 years ago

*
!infrastructure/
**/.terraform/
.git/

syttenabout 5 years ago

thanks in advance if someone has atip

syttenabout 5 years ago(edited)

I opened: https://github.com/hashicorp/terraform/issues/27654

Brandon Wilsonabout 5 years ago

is there a more efficient way to do this? content_type = lookup(var.mime_types, split(".", each.value)[length(split(".", each.value))])

Brandon Wilsonabout 5 years ago

i can’t predict how many . will be in the filename

Brandon Wilsonabout 5 years ago

and I want to grab the last characters after the last . and use that in the lookup to determine the mime type

Alex Jurkiewiczabout 5 years ago

So much functionality is missing from the core functions. I've been waiting for endswith() for years now

lorenabout 5 years ago

any ideas on how to accept a "template string" as a variable, and template it, without using the deprecated template_file (which actually accepted strings not files)? the function templatefile() actually requires a file... for example, i used to template arns like this, so the user wouldn't have to hard-code values if they didn't want to:

data "template_file" "policy_arns" {
  count = length(var.policy_arns)

  template = var.policy_arns[count.index]

  vars = {
    partition  = data.aws_partition.current.partition
    region     = data.aws_region.current.name
    account_id = data.aws_caller_identity.current.account_id
  }
}

Sarath Pantalaabout 5 years ago

Error: Incorrect attribute value type

  on .terraform/modules/eks/workers_launch_template.tf line 40, in resource "aws_autoscaling_group" "workers_launch_template":
  40:   vpc_zone_identifier = lookup(

Inappropriate value for attribute "vpc_zone_identifier": set of string
required

can someone help me how to handle this

Gideon Barabout 5 years ago

I used https://github.com/cloudposse/terraform-aws-emr-cluster to terraform an EMR cluster. I then tried to ssh using the auto-generated key and couldn’t. How do I gain access to the master shell (ssh?) and view spark and zeppelin UI safely (ssh tunneling?)

Sarath Pantalaabout 5 years ago

can anyone connect for a Zoom call or google meet to solve the terraform i am getting

Error: Incorrect attribute value type

  on .terraform/modules/eks/workers_launch_template.tf line 40, in resource "aws_autoscaling_group" "workers_launch_template":
  40:   vpc_zone_identifier = lookup(

Inappropriate value for attribute "vpc_zone_identifier": set of string
required

Sarath Pantalaabout 5 years ago(edited)

I have Terraform scripts for eks which is in terraform v0.11.14 version i need to upgrade to v0.12.0

Sarath Pantalaabout 5 years ago

I need someone's help

OliverSabout 5 years ago

I have an EKS cluster and an EKS node group both created with your modules. Instances of that node group by default have the security group listed under "Cluster Security Group" in the AWS Console's EKS cluster view tab called Networking. I'd like these instances to have an additional security group. How to do this? The workers_security_group_ids adds SG to the security group listed under "Additional Security Groups" of the cluster, so this will not work as instances do not have that security group.

Helder Diasabout 5 years ago

Hello Guys, one question regarding module https://github.com/cloudposse/terraform-aws-eks-iam-role

Helder Diasabout 5 years ago

I can’t use it if the service account doesn’t already exist in the time of apply

Helder Diasabout 5 years ago

service_account_name      = var.external_secrets_service_acount

Helder Diasabout 5 years ago

This account must already exist

Helder Diasabout 5 years ago

which is bad in case you want to recreate from scrathc and you can’t plan

Helder Diasabout 5 years ago

Even with depends_on doesn’t work

Helder Diasabout 5 years ago

Any workaround for this ?

OliverSabout 5 years ago

I need to allow an ALB to communicate with pod that has an ingress and a nodeport service, in an EKS cluster that uses nodegroup. It seems like I have to add the ALB's security group to that of the EKS instances, which were created by AWS EKS NodeGroup. But this does not seem possible out of the box with your EKS cluster module (at least at version 0.4). Am I going about this incorrectly?

David van Ginnekenabout 5 years ago

Hello everyone. 🙂

David van Ginnekenabout 5 years ago

Trying to use this module and I bang my head tying to get access_points setup. What would the variable look like?

David van Ginnekenabout 5 years ago

Right now I have it set this way.

David van Ginnekenabout 5 years ago

access_points = {
example = {
posix_user = {
gid = "55007"
uid = "55007"
},
root_directory = {
creation_info = {
gid = "55007"
uid = "55007"
permissions = "0755"
}
}
}

David van Ginnekenabout 5 years ago

Plus a closing "}" of course 🙂

PePe Amengualabout 5 years ago

Thinking on getting a Mac with a M1 chip, anyone developing in terraform running one?

Nick Marchiniabout 5 years ago

👋

Nick Marchiniabout 5 years ago(edited)

Getting an error message when trying to setup a cluster using the latest version 0.27.0 of the module for Elasticsearch.

Error: invalid value for domain_name (must start with a lowercase alphabet and be at least 3 and no more than 28 characters long. Valid characters are a-z (lowercase letters), 0-9, and - (hyphen).)

  on .terraform/modules/elasticsearch-cluster/main.tf line 102, in resource "aws_elasticsearch_domain" "default":
 102:   domain_name           = module.this.id

I can see in main.tf the following code

resource "aws_elasticsearch_domain" "default" {
  count                 = module.this.enabled ? 1 : 0
  domain_name           = module.this.id

But the context.tf file doesn’t contain anything for id

module "this" {
  source  = "cloudposse/label/null"
  version = "0.22.1" // requires Terraform >= 0.12.26

  enabled             = var.enabled
  namespace           = var.namespace
  environment         = var.environment
  stage               = var.stage
  name                = var.name
  delimiter           = var.delimiter
  attributes          = var.attributes
  tags                = var.tags
  additional_tag_map  = var.additional_tag_map
  label_order         = var.label_order
  regex_replace_chars = var.regex_replace_chars
  id_length_limit     = var.id_length_limit

  context = var.context
}

I want to use a string that is 17 chars long but can only use one that is 10 or the error occurs.
I am passing my domain name to the module variable for name Is this the right way to set the domain name?

Alex Jurkiewiczabout 5 years ago

I'm trying to write variable validation to ensure a list of type = list(number) contains no null values. So I need a test that returns false if the list contains null.

This doesn't work (!): contains([null,1,2], null) ("Invalid value for "value" parameter: argument must not be null.")

This does, but is much uglier: length([for i in [null,1,2] : i if i == null]) == 0.

Any better suggestion?

Mohammed Yahyaabout 5 years ago(edited)

Dose anyone have Architectural Decision Records for Terraform as an example?
I want to learn more about why you picked up Terraform.

Adrian Wnukabout 5 years ago(edited)

Hello guys,

How I can define separately configuration for blocks of cors rules with this module? https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn

I have configuration module something like this

cors_allowed_origins = ["<https://example.com>","*"]

cors_allowed_methods = ["PUT", "DELETE"]
cors_allowed_headers = ["*"]
cors_expose_headers = []
cors_max_age_seconds = 300

and this configuration creating for me 3 cors blocks with origins example.com, * and aliases defined in module (this is pretty good) but I can't edit any options for this origins like allowed_methods, allowed_headers. All of created cors block have same configuration 😨

There is any solution to do this using only this module?

Yoni Leitersdorf (Indeni Cloudrail)about 5 years ago

Anyone using the terraform-aws-vpc module? You’re probably running into this now:

https://github.com/terraform-aws-modules/terraform-aws-vpc/issues/581

Frankabout 5 years ago

I'm trying to upgrade our Terraform from 0.13.5 to 0.14.5 but I'm running into an issue.
All outputs of the terraform-aws-ecs-container-definition module are giving me a Error: Output refers to sensitive values

Is anyone familiar with this error and how it could be fixed? Should the outputs of the module be changed with sensitive = true or is there something on my end I have to change?

RBabout 5 years ago

how does one set the required_version to be picked up automatically by atlantis for 0.13 or 0.14 ?

OliverSabout 5 years ago

I’m upgrading some modules that work fine in terraform 0.12, to terraform 0.13. Got the terraform init to complete. Had to up the version on some third-party modules. The terraform apply gives me several errors “Provider configuration not present”. Unfortunately I do not know how to address this:

To work with
module.eks_main.module.vpc.module.label.data.null_data_source.tags_as_list_of_maps[3]
its original provider configuration at
provider["<http://registry.terraform.io/-/null|registry.terraform.io/-/null>"] is required, but it has been removed.
This occurs when a provider configuration is removed while objects created by
that provider still exist in the state. Re-add the provider configuration to
destroy
module.eks_main.module.vpc.module.label.data.null_data_source.tags_as_list_of_maps[3],
after which you can remove the provider configuration again.

How do I re-add the provider: in what file (the eks_main maint.tf? the vpc module main.tf? etc), and would it just be like

provider "aws" {
    region = "us-east-1"
}

OliverSabout 5 years ago

For upgrade from 0.12 to 0.14, the docs say to first upgrade to 0.13. Does this mean for 0.13 just the init + validate + verify that plan created, or does it also require apply?

Tomekabout 5 years ago

is there a way to get information on the last terraform run (apply/plan)? Basically trying to do something like this feature in terraform cloud https://www.terraform.io/docs/cloud/run/manage.html

Nikola Milicabout 5 years ago(edited)

Hello everyone! 👋 I have spent around a week or two trying to set up basic terraform configuration base for my example project and heard many opinions (yes/no? to Terragrunt, yes/no? to workspaces) so in abundance of various conflicting information and incomplete tutorials (tutorials which advocate an idea but do not showcase it fully) I’ve kind of lost focus. This is when I decided a Stack-overflow post might be a good idea, but that has also backfired since I haven’t got any answers to my broad questions, even though people replied.

TLDR from SO: I’d like to have multi-env (dev,stage) Terraform IaC setup that uses modules, that clearly separates prod and non-prod state management. (for the time being, resources provisioned do NOT matter to me, that can be as simple as an s3 bucket which I tried to illustrate).

Is it okay if I post it here, I’m looking for help in understanding how to set this up, and of course to change my approach If it is too restrictive/plain wrong. Thanks!

Julianabout 5 years ago

Hey everybody - trying to find the best way to import / generate baseline configurations from an AWS environment into terraform code to then edit.
I've been under a small rock, so are we still in the days of the predefined resource + import or is there a more streamlined solution I've been unaware of?

Michael Koroteevabout 5 years ago

Hi,
we are trying to update the “eks-cluster” module (version 0.32) and we started encountering this error when running terraform plan:

Error: Get "<http://localhost/api/v1/namespaces/kube-system/configmaps/aws-auth>": dial tcp [::1]:80: i/o timeout

We suspect it is because of the kubernetes provider version, which was upgraded recently, but in their docs we don’t see any breaking changes regarding this existing configuration:

provider "kubernetes" {
  token                  = join("", data.aws_eks_cluster_auth.eks.*.token)
  host                   = join("", data.aws_eks_cluster.eks.*.endpoint)
  cluster_ca_certificate = base64decode(join("", data.aws_eks_cluster.eks.*.certificate_authority.0.data))
}

Did anyone encounter this issue ?
thanks

aaratnabout 5 years ago

https://docs.gitlab.com/ee/user/infrastructure/

Kevin Huffabout 5 years ago(edited)

Hey all I have a question regarding the terraform-aws-elastic-beanstalk-environment module. We're in the process of upgrading from a real old version. (0.11.0), and I'm trying to get the environment name in elastic beanstalk to match what that version generated, which was just the stage. Looks like were maybe setting it through the Environment tag. Now it's some combination of namespace-name-stage. I assumed setting environment = var.stage would do it but I can't see the affect that has. Any assistance would be greatly appreciated.

rssabout 5 years ago(edited)

v0.14.6
0.14.6 (February 04, 2021)
ENHANCEMENTS:
backend/s3: Add support for AWS Single-Sign On (SSO) cached credentials (#27620)
BUG FIXES:
cli: Rerunning init will reuse installed providers rather than fetching the provider again (<a href="https://github.com/hashicorp/terraform/issues/27582" data-hovercard-type="pull_request"...

curious deviantabout 5 years ago(edited)

Hello,

I am creating an SSH key pair in TF and storing in secrets manager for further use by related resources. While checking out support for SSH key generation via TF code, I came across the warning that the solution is not production grade since the private key would be stored in TF state file. How are others solving for such use cases ?

Thomas Hoefkensabout 5 years ago

Hi everyone! I have created an EKS cluster with the terraform_aws_eks module and the cluster was created with a particular access key and secret key. On a client machine, I cannot use that access key but have to use another set of accesskeys and then assume a role using the aws sts command. After assuming the role, I have "admin access". When I then call kubectl get pods, I do not have access. I thought I could solve this by including this bit in the cluster creation:

map_roles = [
{
rolearn = "arn

iam::844857508710:role/my-role"
username = "my-role"
groups = ["system:masters"]
}
]

where rolearn is the role that I assumed... but when executing kubectl get pods, I still have no access. Could someone point me to a solution 🙂 ?

charleszabout 5 years ago

wanted to auto scale aurora using https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/appautoscaling_target but i cannot see an option on how to scale down

charleszabout 5 years ago

any pointers you can give me or better yet examples that i can play with?

charleszabout 5 years ago

my goal is to scale up/down my rds instances dependeing on time

Vincent Van der Kussenabout 5 years ago

Is there a way to remove a provider in the remote state that has been added but has a typo?

uselessuseofcatabout 5 years ago

hi,

how can I convert [""] to [] ?

uselessuseofcatabout 5 years ago

How can I skip a property when calling cloudformation stack from Terraform? Empty value does not work 😞

RBabout 5 years ago

Try null

RBabout 5 years ago

Thats worked for me in the past

chrismabout 5 years ago

@Erik Osterman (Cloud Posse) https://github.com/cloudskiff/driftctl might be interesting to you

Steve Wade (swade1987)about 5 years ago

does anyone have a recommended guide for configuring AWS SSO (using Azure AD) with Terraform?

Mohammed Yahyaabout 5 years ago

https://github.com/aaratn/terraenv

lorenabout 5 years ago

Emmanuel Gelatiabout 5 years ago

Hi, Why do I need to use DynamoDB with aws remote state?

Ofek Solomonabout 5 years ago

I also have this issue, is there any solution for this? thanks!

uselessuseofcatabout 5 years ago(edited)

Hi, I have a CloudFormation template to which I lost 2 days trying to solve a problem but I am CF noob. I want to put this on Terraform side where one value can be either a string or a list - depending on true or false value.

For example:

false ? "test" : tolist(["test2"])

But I got an error:

The true and false result expressions must have consistent types. The given
expressions are string and list of string, respectively.

Is there any workaround for this?

Many thanks!

RBabout 5 years ago

There isn't. Each variable has to be a single type

RBabout 5 years ago

What are you trying to accomplish with this technique

uselessuseofcatabout 5 years ago

I have one value from CF template that can be either a string AWS::NoValue or a list depending on other values.

RBabout 5 years ago

Oh i thought you were trying to do it in terraform

uselessuseofcatabout 5 years ago

Is there any way to omit line in Terraform template?

RBabout 5 years ago

You can set it to null

charleszabout 5 years ago

hi all, i have a question, i was asked to make a spot fleet that scales in / out according to specific time. is this still applicable in 0.12.x version of terraform? - https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/spot_fleet_request#iam_fleet_role

uselessuseofcatabout 5 years ago

Hi! When I'm loading template_file trough data, how can I specify the list to iterate trough? For example https://www.terraform.io/docs/language/functions/templatefile.html

I know that templatefile function renders the template, but how can I implement that?

For example, this is where I specify template_file:

data "template_file" "cf" {
  template = "${file("${path.module}/templates/cf-asg.tpl")}"
  vars = {
    service_name = "${var.service_name}"
    subnets = join("\",\"", var.subnets)
    availability_zones = join("\",\"", var.availability_zones)
    lc_name = "${aws_launch_configuration.ecs_config_launch_config.name}"
    min_instances = "${var.min_instances}"
    max_instances = "${var.max_instances}"
    desired_instances = "${var.desired_instances}"
    asg_health_check_type = "${var.asg_health_check_type}"
    no_of_resource_signals = "${var.no_of_resource_signals}"
    #tgs = [<http://local.tg|local.tg>]
    region_tag = var.region_tag
    env_tag = var.env_tag
    newrelic_infra_tag = var.newrelic_infra_tag
    purpose_tag = var.purpose_tag
    patch_group_tag = var.patch_group_tag
  }
}

This is where I'm loading it:

resource "aws_cloudformation_stack" "autoscaling_group" {
  name = "${var.service_name}-asg"

  template_body = <http://data.template_file.cf|data.template_file.cf>

  depends_on = [aws_launch_configuration.ecs_config_launch_config]
}

And this is a part of cf-asg.tpl:

      MinSize: "${min_instances}"
      MaxSize: "${max_instances}"
      %{ for tg in tgs ~}
      TargetGroupARNs: ${tg}
      %{ endfor ~}

So, how can I specify the list tgs to iterate trough?

RBabout 5 years ago

data "template_file" "cf" is deprecated in favor of templatefile

RBabout 5 years ago

why are you using a template file to dynamically create a cf stack using tf...

RBabout 5 years ago

why not just create the resources purely in tf

uselessuseofcatabout 5 years ago

Let me explain man, since I'm doing it for 3 days straight 🙂

First of all, I am creating CF stack for ASG because I need rolling updates, and CF can bump max number of instances on the fly

RBabout 5 years ago

isnt there a way to do that in pure tf ?

uselessuseofcatabout 5 years ago

nope man

uselessuseofcatabout 5 years ago

not yet

uselessuseofcatabout 5 years ago

and there is one stupid CF property that can be a list or a value "AWS::NoValue" which tell CF to skip that Property. But the thing is - in some cases I need to set list, in some cases string...

uselessuseofcatabout 5 years ago

so my last resort is template, I can iterate the list and if empty, skip a line in template file

RBabout 5 years ago

oh man i didnt know that

RBabout 5 years ago

is there a module that does all this for you

RBabout 5 years ago

cause that would be amazing

uselessuseofcatabout 5 years ago

Nope, only one page on the whole internet: https://medium.com/@endofcake/using-terraform-for-zero-downtime-updates-of-an-auto-scaling-group-in-aws-60faca582664

uselessuseofcatabout 5 years ago

I already have that set up, but I want to have ALB healthchecks in place

Zachabout 5 years ago

You might be better off doing a blue green swap of the ASGs then

Zachabout 5 years ago

unless you have a hard requirement for the rolling update

Zachabout 5 years ago

or another alternative, update the ASG with your new config but use the instance-refresh CLI command to do the rolling update

Chris Fowlesabout 5 years ago

Terraform supports instance refresh now

Chris Fowlesabout 5 years ago

https://github.com/hashicorp/terraform-provider-aws/issues/13785#issuecomment-748349418

Bobabout 5 years ago

Hi~ Anyone have experience/recommendation keeping your Terraform code DRY? Like how Terragrunt does it, but using Terraform Cloud, Scalr, or Spacelift? We have a few environments we "promote" infrastructure changes to (dev --> test --> prod) and would like get away from "copying" the same terraform code/modules . I notice env0 has support for terragrunt, but want to know what others have done

TIA!

lorenabout 5 years ago

if i could beg for a favor and get some folks to 👍️ the linked issues and the pr, i would truly be grateful... https://github.com/hashicorp/terraform-provider-aws/issues/4426#issuecomment-775504542

Thomas Hoefkensabout 5 years ago

Hi everyone! I have a strange issue and wonder whether any of you have encountered it or managed to solve it.. I deploy an EKS cluster with fargate profiles using terraform, and this works perfectly the first time round. Then I issue a TF destroy and all resources are gone, so far so good.
Now, when again applying the TF scripts, with the same cluster name, the creation gets stuck on creating fargate profiles.. as if something is hindering AWS from recreating the same fargate profile names (which have been correctly deleted by TF):
module.eks.module.fargate.aws_eks_fargate_profile.this["default"]: Still creating... [44m50s elapsed]
Is this is a bug or is there a workaround for this? Often I can see that the Profile got created for the cluster, yet TF is somehow not "seeing" that the creation is complete...

Adnanabout 5 years ago

Hi Everyone!
Is anyone using porter.sh in prod?
Specifically as a bridge between terraform and helm?

Steve Wade (swade1987)about 5 years ago

is there a way in terraform-compliance to test outputs?

Bart Coddensabout 5 years ago

HI all, I am using this module : https://github.com/cloudposse/terraform-aws-tfstate-backend I would like to create this : terraform_state_file = "s3state/var.tier/terraform.tfstate" where var.tier is a variable. The statefile is stored as such then: s3state/test/terraform.tfstate. The variable is tier=test

Bart Coddensabout 5 years ago

With the above module the s3 state backend is configured properly, thanks all for this excellent module

Bart Coddensabout 5 years ago

How do you manage multiple state files, do you generate the backend files by hand ?

Neo-fightabout 5 years ago

Is there a simple ‘how to’ on using terraform-AWScloud fronts3-can ? The .tf under examples/complete doesn’t seem to run for me when I change the relevant parameters to match a brand new AWS setup (AWS hosted domain with R53)? I haven’t been able t find one but then again I’m fried

Erik Osterman (Cloud Posse)about 5 years ago

hot off the press: https://github.com/cloudposse/terraform-aws-sso

cc: @Mohammed Yahya ☝️

lorenabout 5 years ago

well that's nifty, tailscale has a community terraform provider already... https://registry.terraform.io/providers/davidsbond/tailscale/latest/docs

nnsenseabout 5 years ago

Help!!

nnsenseabout 5 years ago

I mean, hi everyone! ok, now, HELP!! 😄

lorenabout 5 years ago

i got you, https://lmgtfy.app/

nnsenseabout 5 years ago

AhhhA! Caution, I've spent the last 3 days between google and cloudposse git, I could bite 😄

nnsenseabout 5 years ago

I really hope somebody can help me with cloudposse EKS cluster.. I really don't know why... first time, it creates the cluster.. second apply... `

Error: the server is currently unable to handle the request (get configmaps aws-auth)

nnsenseabout 5 years ago

It's SO annoying.. reading the TRACE, it seems trying to call localhost (?) which asnwer 503...

nnsenseabout 5 years ago

HTTP/1.1 503 Service Unavailable
Connection: close
Content-Length: 299
Content-Type: text/html; charset=iso-8859-1
Date: Wed, 10 Feb 2021 00:25:35 GMT
Server: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips PHP/5.4.16

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>503 Service Unavailable</title>
</head><body>
<h1>Service Unavailable</h1>
<p>The server is temporarily unable to service your
request due to maintenance downtime or capacity
problems. Please try again later.</p>
</body></html>

nnsenseabout 5 years ago

All this seems related the F. map_additional_iam_roles and also map_additional_iam_users (tried both)

nnsenseabout 5 years ago

That unathorized thing seems to be related module.eks_cluster.kubernetes_config_map.aws_auth[0]

nnsenseabout 5 years ago

This, if I set kubernetes_config_map_ignore_role_changes to true

nnsenseabout 5 years ago

If I set it to false, the the module is instead module.eks_cluster.kubernetes_config_map.aws_auth_ignore_changes

nnsenseabout 5 years ago

I've tried almost everything, but I really don't understand why it run perfectly, but If I run a refresh, an apply, or a destroy, it throws that error and byebye

nnsenseabout 5 years ago

Tried.

nnsenseabout 5 years ago

I've forgotten to say, I'm not using any other module than cloudposse eks cluster and node-groups

lorenabout 5 years ago

now i feel bad about speaking up so flippantly, because i know nothing about eks 😅

nnsenseabout 5 years ago

Oh don't worry, me too 😄

lorenabout 5 years ago

but, i know one big difference between an initial apply and subsequent terraform actions, is that terraform will actually attempt to describe the running resources and compare them to the config. so i'd guess it is that part of the execution that is throwing the error. i have no idea how to use that to help you though

nnsenseabout 5 years ago

Yep, that's correct but I didn't change anything between the two apply (or the apply and the refresh). It's clearly written to change kubernetes_config_map_ignore_role_changes into the readme if I want to change the nodes, or the users, but I don't want, it's throwing that error even if I run tf apply -auto-approve && tf refresh

nnsenseabout 5 years ago

I really don't know what to do, I've tried reading the code of the module, but it looks fine to me

nnsenseabout 5 years ago

@Erik Osterman (Cloud Posse)... I know you know the answer... 😁

lorenabout 5 years ago

i would recommend threading, at least, to give others a chance with their own questions... 🙏

nnsenseabout 5 years ago

Oops.. You're right 🤦

Mr.Devopsabout 5 years ago(edited)

hello - has anyone come with a solution to use a list of instance id in the target_id for the resource https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lb_target_group_attachment#target_id

I find it annoying to have to create multiply lb_target_group_attachment for every instances

Victor Hugo dos Santosabout 5 years ago

Hi... The aws-ssm-iam-role supose to work with terraform 12 ???

Victor Hugo dos Santosabout 5 years ago

Im getting this error:
warning: Quoted type constraints are deprecated

on .terraform/modules/ssm_role.label/variables.tf line 19, in variable "delimiter":
19: type = "string"

Terraform 0.11 and earlier required type constraints to be given in quotes,
but that form is now deprecated and will be removed in a future version of
Terraform. To silence this warning, remove the quotes around "string".

(and 13 more similar warnings elsewhere)
But, look like this module isnt update.. 😞

Patrick Doyleabout 5 years ago

Hello. I'm trying to use the CIS config rules module but getting an error that no source URL was returned when running terraform init with the latest version(0.14.6). I am using the URL defined in the example, https://github.com/cloudposse/terraform-aws-config.git//modules/cis-1-2-rules?ref=master. The module URL seems correct based on the terraform docs so I'm not sure if this is an issue with the repo or with terraform...

rssabout 5 years ago(edited)

v0.15.0-alpha20210210
0.15.0 (Unreleased)
BREAKING CHANGES:

The list and map functions, both of which were deprecated since Terraform v0.12, are now removed. You can replace uses of these functions with tolist([...]) and tomap({...}) respectively. (#26818)

Terraform now requires UTF-8 character encoding and virtual terminal support when running on...

Mr.Devopsabout 5 years ago

please anyone?

Asisabout 5 years ago(edited)

Our team runs terragrunt modules locally , what are the best solutions/ practice to run modules in more unified pattern
Note we have s3bucket + dynamodb for locking state

uselessuseofcatabout 5 years ago

Is someone still using this Lambda https://registry.terraform.io/modules/blinkist/airship-ecs-instance-draining/aws/latest?

It looks it's not working anymore 😞

Lambda logs looks something like this:

Event needs-retry.autoscaling.CompleteLifecycleAction: calling handler <botocore.retryhandler.RetryHandler object at 0x7fe662775b10>

and

Event request-created.autoscaling.CompleteLifecycleAction: calling handler <bound method RequestSigner.handler of <botocore.signers.RequestSigner object at 0x7fe6627a99d0>>

johntellsallabout 5 years ago

This tool visualizes Terraform state files! Has anyone played with Pluralith?
https://www.pluralith.com/

Mohammed Yahyaabout 5 years ago

https://aws.amazon.com/blogs/developer/provision-aws-infrastructure-using-terraform-[…]hicorp-an-example-of-running-amazon-ecs-tasks-on-aws-fargate/

Balazs Vargaabout 5 years ago

hello, can I ask about vault? Is there a way to autogenerate missing passwords and store them on vault? So I don't need to provide from helm/helmfile.

uselessuseofcatabout 5 years ago(edited)

Hi, I have the rolling update set with Terraform and CF for ECS clusters. This is how it works:
- I have ECS cluster behind ALB
- When there is an AMI change, Terraform applies it
- ASG, which was created with CloudFormation template on Terraform, adds a new instance (this was not possible with TF module)

Here it becomes funky:
- Target group sees status of the old instance as "initial draining" 30 seconds after I run terraform apply
- Healthchecks are failing, because, of course, container on my new EC2 instance is not started yet and Target Group sees it as unhealthy, but doesn't continue to serve traffic from the old insntace.
- Then I got bunch of 503s and after 502s until the container on the new instance is up

These parts are ok:
- I have Lambda function that drains ECS containers
- After draining finishes, the instance is killed

This worked before, when I had EC2 checks on ASG. Now I want to use TargetGroupArns to check HTTP and to see if I'll get 200 and if application is really running.

Is there any workaround on this?

Like to set draining of instances with a delay of few minutes?

andrewAtX82about 5 years ago

Hi guys, I was looking through the terraform-aws-ses-lambda-forwarder code as I was intrigued to see a system close to one that we devised. I see that listed under the limitations is the use of a verified domain as the sender. We use SRS to be compliant with without breaking SPF . I've had success using senrews to do SRS0 and SRS1 rewrites.

Another thing to note is additional cleanup of the email. SES very loosely accepts emails, however is very strict with what it sends out. You will need to clean up duplicate headers, remove DKIM signatures and return-paths, etc when forwarding . The aws-lambda-ses-forwarder has some problems with sending bounce messages and a host of other minor bugs. Just a heads up.

Vincent Shefferabout 5 years ago(edited)

Can I get some guidance on the difference between terraform-aws-eks-workers and terraform-aws-eks-node-group ? They both seem very similar and both are actively being maintained. When should we use one over the other?

Vincent Shefferabout 5 years ago

I’ve tried both. eks-node-group seems to work better for me, but wondering what the experience is like for others.

PePe Amengualabout 5 years ago

is this correct?

dynamic "custom_header" {
        for_each = lookup(origin.value, "custom_header", [])
        content {
          name  = custom_header.value.name
          value = custom_header.value.value
        }
      }

Erik Osterman (Cloud Posse)about 5 years ago(edited)

congrats to @marcinw @Paweł Hytry - Spacelift https://techcrunch.com/2021/02/11/cloud-automation-startup-spacelift-raises-6m-series-a-led-by-blossom-capital/

Mohammed Yahyaabout 5 years ago(edited)

https://www.manatee.app/

Manatee alerts you the instant your infrastructure drifts from Terraform. It's free to use, supports all major clouds, and takes minutes to set up.

Mohammed Yahyaabout 5 years ago

one way to keep secrets out of your state file https://secrethub.io/docs/guides/terraform/

Tim Schwenkeabout 5 years ago

Are the Terraform modules https://github.com/cloudposse/terraform-null-label and https://github.com/cloudposse/terraform-terraform-label aimed at usage in any Terraform module or specifically made for Cloud Posse modules? I'm asking this because the docs mention context.tf files that are part of all Cloud Posse modules that use terraform-null-label

Mohammed Yahyaabout 5 years ago

terraform-provider-aws v3.28.0
- +7 NEW FEATURES including aws_securityhub_organization_admin_account
- +35 NEW ENHANCEMENTS
- +10 BUG FIXES
https://github.com/hashicorp/terraform-provider-aws/releases/tag/v3.28.0

Mohammed Yahyaabout 5 years ago

https://cloudgram.dedalusone.com/

Bobabout 5 years ago

Hello guys, this might have been asked before, but what criteria do you guys use when evaluating if something needs to be created as a module?

I recently joined a company with 6 cloud engineers that have been discussing about maturing their terraform deployment, and modules have been brought up. The -legacy- engineers wanted to create a module for everything, even simple ones. For example, azure resource groups, and the arguments were:
1. Takes me 10 mins to write it anyway
2. I can make it accept a comma-delimited name, and it creates multiple resource groups for me
3. If you want to create 1 resource group, the module can handle it anyway
4. I can ask for required tags on the resource groups, and I'm sure we're going to need something else on those resource groups in the future

Our goal is to eventually allow our app dev teams to create their terraform code to deploy their infrastructure for their apps. They originally managed the deployment by creating standalone deployments for each resources - like 1 deployment for resource group, 1 for SQL PaaS, 1 for storage account - all separate repositories and "pipeline". We would like to move to more application-based repositories that contains all the terraform code/infrastructure needed for the said application (shared services infrastructure like AKS will be separately managed)

I feel this is a case of over engineering/YAGNI, but being new, I may be biased. I don't feel simple/standalone terraform resources should have another wrapper on top of it (module). Is there a compelling reason why this pattern can bite us in the future (aka very bad idea)?

Yashodhan Ghadgeabout 5 years ago

hey guys!, Ive got a VPC that some other team has made via terraform , can I define a vpc module and pass in the vpc id to it to add a few more subnets to it?

Reinholds Zviedrisabout 5 years ago

Maybe here is someone who encountered something like that?

Bharat Bhushanabout 5 years ago

Hi, I have an ec2 cluster, there are multiple tags(Name) associated with cluster instances. I want to fetch these tags(Name) and pass it to a module that accepts a list of EC2 instances. Any suggestions ?

lorenabout 5 years ago

Congrats to the BridgeCrew folks? "Prisma Cloud Shifts Left With Proposed Acquisition of Bridgecrew" https://blog.paloaltonetworks.com/2021/02/prisma-cloud-bridgecrew/

kgibabout 5 years ago

I'd like to use the EKS module to deploy EKS with workers in private subnet

kgibabout 5 years ago

what is the simplest method to accomplish?

melissa Jennerabout 5 years ago

I use the terragrunt (terraform) provisioned a VPC times ago. But, today, when I re-run the script I got, "Remote state S3 bucket blue-green-terraform-state does not exist or you don't have permissions to access it.". I login to AWS console, the S3 bucket blue-green-terraform-state is there. I have no clue. Can someone help?

$ terragrunt init
[terragrunt] [/depot/infra/dev/Oregon/nsm/green/vpc] Running command: terraform --version
[terragrunt] Terraform version: 0.13.5
[terragrunt] Reading Terragrunt config file at /depot/infra/dev/Oregon/nsm/green/vpc/terragrunt.hcl
[terragrunt] Initializing remote state for the s3 backend
[terragrunt] [terragrunt] Remote state S3 bucket blue-green-terraform-state does not exist or you don't have permissions to access it. Would you like Terragrunt to create it? (y/n)

$ cat terragrunt.hcl 
remote_state {
  backend = "s3"

  config = {
    encrypt        = false
    bucket         = "blue-green-terraform-state"
    key            = "infra/Oregon/green/vpc/terraform.tfstate"
    region         = "us-west-2"
    dynamodb_table = "green-vpc-lock-table"
  }
}

$ env | grep AWS
AWS_SECRET_ACCESS_KEY=#####################
AWS_ACCESS_KEY_ID=############

Thomas Windellabout 5 years ago

Hi there! Does any know if there would be a way to use this module but have more that one service and task definition? Having multiple service seems like a common architecture with AWS ECS - is there perhaps another module that is more suitable?

Bart Coddensabout 5 years ago

Hey all with the s3 user module: https://github.com/cloudposse/terraform-aws-iam-s3-user I want to do this:

Bart Coddensabout 5 years ago

module "s3_user" {
  source       = "cloudposse/iam-s3-user/aws"
  label_order  = ["namespace", "name", "environment", "stage", "attributes"]
  namespace    = "dspace"
  name         = var.name
  environment  = "s3"
  stage        = var.tier
  s3_actions   = ["s3:GetBucketAcl", "s3:GetBucketVersioning", "s3:ListBucket", "s3:GetBucketLocation"]
  s3_resources = ["arn:aws:s3:::cloudposseisawesome"]
  s3_actions   = ["s3:PutObject", "s3:GetObject", "s3:DeleteObject"]
  s3_resources = ["arn:aws:s3:::cloudposseisawesome/*"]
}

Bart Coddensabout 5 years ago

This does not work because the s3_actions is defined double

Bart Coddensabout 5 years ago

a bit puzzled howto do this

Bradai Hazemabout 5 years ago

Hello there !
Please i have a question, i'm using terraform-aws-nlb module, i'm trying to add 2 listners in the same nlb, there is a way to do that ? Thanks !

Danielabout 5 years ago(edited)

Hi, I was hoping to understand the background on the sensitive output change introduced in terraform-aws-ecs-container-definition#118.

The PR mentions an issue with the terraform-aws-ecs-alb-service-task module but I cannot find any references or examples of the actual issue's code or error. Is there any examples of the actual error and the use-case? While I understand 0.14's sensitive flagging behavior, I'm confused as to what values were being used in the OP's container definition that were flagged as sensitive and caused this issue. In my modules, all the secrets are dumped into SM/SSM Parameters and only their ARN references are exposed in the container definition. I've been using TF 0.14 without issue in this manner. To my knowledge, those are not sensitive values.

My concern is that sensitive outputs are infectious for a lack of better words. Some outputs are indeed sensitive but I don't see how the container definitions are.

Bart Coddensabout 5 years ago

Hi all, I am iplementing replication with this module: https://github.com/cloudposse/terraform-aws-s3-bucket

Bart Coddensabout 5 years ago

in my original configuration I had:

Bart Coddensabout 5 years ago

replication_configuration {
  role = "cloudposseisthebest-role"

  rules {
    id       = "Replicate to DEEP_ARCHIVE on target"
    priority = 0
    status   = "Enabled"


    destination {
      bucket        = "arn:aws:s3:::cloudposseisthebest-role"
      storage_class = "DEEP_ARCHIVE"
    }
  }
}

Bart Coddensabout 5 years ago

can you set the storage class with this module ?

Bart Coddensabout 5 years ago

hah this does the trick:

Bart Coddensabout 5 years ago

  replication_rules = [
    {
      id = "Replicate to DEEP_ARCHIVE on target"
      destination = {
        bucket        = "arn:aws:s3:::cloudposse-${var.name}-is-awesome"
        storage_class = "DEEP_ARCHIVE"
      }
    }
  ]

Mohammed Yahyaabout 5 years ago

https://marketplace.visualstudio.com/items?itemName=Bridgecrew.checkov

rssabout 5 years ago(edited)

v0.14.7
0.14.7 (February 17, 2021)
ENHANCEMENTS:
cli: Emit an "already installed" event when a provider is found already installed (#27722)
provisioner/remote-exec: Can now run in a mode that expects the remote system to be running Windows and excuting commands using the Windows command interpreter, rather than a Unix-style shell. Specify...

michael sewabout 5 years ago(edited)

Question about the branches I see in several of the cloudposse TF modules:
ie. https://github.com/cloudposse/terraform-aws-rds/branches
I see a master, 0.11/master, 0.12/master branch.
is the intention to maintain separate branches for each major TF version?
update: nevermind, i see that support was dropped for 0.12 , so
master = tf0.13
0.12/master = tf0.12 , which i presume features are at standstill
0.11/master = tf0.11, which i presume was stopped back when you guys moved to 0.12

David Lozanoabout 5 years ago(edited)

Hi everyone,

Does anyone know why is this conditions returning false? and what would be the right expression to compare with to get true ?

main.tf

variable "empty_list" {
  type = list(string)
  default = []
  }

console

tf console
> var.empty_list
tolist([])
> 

> var.empty_list == []
false
> var.empty_list == tolist([])
false

Bart Coddensabout 5 years ago

HI all, I am a bit confused with tagging my root volume:

Bart Coddensabout 5 years ago

resource "aws_instance" "bladibla" {
  disable_api_termination     = true

  tags = {
    "Tier"        = "DEV"
    "Application" = "DSpace"
    "Name"        = "UPGRADE-EXPRESS"
    "Terraform"   = "True"
    "Patch Group" = "patch-dev"
  }

  root_block_device {
    volume_type           = "standard"
    volume_size           = 30
    delete_on_termination = false
      tags = {
        "Application" = "DSpace"
        "Data"        = "HOME"
        "Name"        = "UPGRADE-EXPRESS-HOME"
        "Tier"        = "DEV"
        }
      }
    }

Bart Coddensabout 5 years ago

when I do this, the tool refuses with:

Bart Coddensabout 5 years ago

tags is not expected here

Nikola Milicabout 5 years ago

If i use s3 backend for my terraform state, how should I fetch that information for use in my web application or some job in the pipeline?

Use this assumptions:
1. terraform did provision my resources (let’s say - RDS) and saved the state remotely on s3
2. my web application needs those resource informations for the provisioned RDS (some are secrets)

Here are what’s coming to my mind:
1. write a shell script that uses terraform CLI to fetch these secrets from the state and write them to .env file so that the web app can load them
2. use some secret management software, from AWS? Vault (Overkill?)
Take note that I use Gitlab CI for the pipeline, and I know that there is a Terraform integration present there, but I want to know what is the correct way of managing this if I were to transition to Github pipelines some day or something else.

Bart Coddensabout 5 years ago

Hi all, I used the iam-system-user module to create a user with access key and secret. Could you handle over this data to ansible to store it on the machine ? I know this is not best practice but the legacy application cannot work without this

Bart Coddensabout 5 years ago

the output generates this:

Mohammed Yahyaabout 5 years ago

https://tech.ovoenergy.com/building-a-secure-ci-cd-pipeline-for-terraform-infrastructure-as-code/

Bart Coddensabout 5 years ago

Hi all, how do you guys manage the state backend on s3, when I try to do something like this:

Bart Coddensabout 5 years ago

terraform {
  backend "s3" {
    bucket = "bla-test-tfstate"
    key    = "s3/${var.name}/terraform.tfstate"
    region = "eu-west-1"
  }
}

Bart Coddensabout 5 years ago

it fails

Steve Wade (swade1987)about 5 years ago

does anyone have a module (or know of one) that can easily configure the necessary subnet CIDRs for the upstream VPC module?

i know the VPC CIDR block I would like to use and will only ever go across 3 AZs so will need 12 CIDR blocks from the VPC CIDR provided

Steve Wade (swade1987)about 5 years ago

i am trying to automate this away as much as possible to make it super simple for people

David Lozanoabout 5 years ago

Hi everyone,

Has anyone encountered this issue before? I think it has to do with the way terraform processes list values.

If I make the first cidr_blocks an empty list [] to match the second cidr_blocks type it throws a different error "source_security_group_id": conflicts with cidr_blocks since cidr_blocks and source_security_group_id can not be present in the same rule.

main.tf

module "sg" {
  source = "<http://github.com/cloudposse/terraform-aws-security-group?ref=0.1.3|github.com/cloudposse/terraform-aws-security-group?ref=0.1.3>"

  rules = [
    {
      type                     = "ingress"
      from_port                = 22
      to_port                  = 22
      protocol                 = "tcp"
      cidr_blocks              = null
      self                     = null
      source_security_group_id = "sg-0000aaaa1111bbb"
    },

    {
      type                     = "egress"
      from_port                = 0
      to_port                  = 65535
      protocol                 = "all"
      cidr_blocks              = ["0.0.0.0/0"]
      self                     = null
      source_security_group_id = null
    }
  ]
  vpc_id  = "vpc-0000aaaa1111bbb"
  context = module.this.context
}

ERROR

David Lozanoabout 5 years ago

tf apply
panic: inconsistent list element types (cty.Object(map[string]cty.Type{"cidr_blocks":cty.DynamicPseudoType, "from_port":cty.Number, "protocol":cty.String, "self":cty.DynamicPseudoType, "source_security_group_id":cty.String, "to_port":cty.Number, "type":cty.String}) then cty.Object(map[string]cty.Type{"cidr_blocks":cty.Tuple([]cty.Type{cty.String}), "from_port":cty.Number, "protocol":cty.String, "self":cty.DynamicPseudoType, "source_security_group_id":cty.String, "to_port":cty.Number, "type":cty.String}))

goroutine 545 [running]:
<http://github.com/zclconf/go-cty/cty.ListVal(0xc000e784c0|github.com/zclconf/go-cty/cty.ListVal(0xc000e784c0>, 0x2, 0x2, 0xc0005465e0, 0x1, 0x1, 0x1)
        /go/pkg/mod/github.com/zclconf/go-cty@v1.7.1/cty/value_init.go:166 +0x5a8
<http://github.com/zclconf/go-cty/cty/convert.conversionTupleToList.func2(0x3860460|github.com/zclconf/go-cty/cty/convert.conversionTupleToList.func2(0x3860460>, 0xc000bc5420, 0x2f350a0, 0xc000bc5440, 0x0, 0x0, 0x0, 0x3860320, 0x2cebaef0, 0x10, ...)
        /go/pkg/mod/github.com/zclconf/go-cty@v1.7.1/cty/convert/conversion_collection.go:327 +0x794
<http://github.com/zclconf/go-cty/cty/convert.getConversion.func1(0x3860460|github.com/zclconf/go-cty/cty/convert.getConversion.func1(0x3860460>, 0xc000bc5420, 0x2f350a0, 0xc000bc5440, 0x0, 0x0, 0x0, 0xc001009c50, 0xc0005465d0, 0x3860360, ...)
        /go/pkg/mod/github.com/zclconf/go-cty@v1.7.1/cty/convert/conversion.go:46 +0x433
<http://github.com/zclconf/go-cty/cty/convert.retConversion.func1(0x3860460|github.com/zclconf/go-cty/cty/convert.retConversion.func1(0x3860460>, 0xc000bc5420, 0x2f350a0, 0xc000bc5440, 0xc0005465d0, 0x0, 0x0, 0x0, 0xc00030c270, 0x10000c001c70000)
        /go/pkg/mod/github.com/zclconf/go-cty@v1.7.1/cty/convert/conversion.go:188 +0x6b
<http://github.com/zclconf/go-cty/cty/convert.Convert(0x3860460|github.com/zclconf/go-cty/cty/convert.Convert(0x3860460>, 0xc000bc5420, 0x2f350a0, 0xc000bc5440, 0x3860360, 0xc000877040, 0xc000bc5420, 0x2f350a0, 0xc000bc5440, 0x0, ...)
        /go/pkg/mod/github.com/zclconf/go-cty@v1.7.1/cty/convert/public.go:51 +0x1b9
<http://github.com/hashicorp/terraform/terraform.(*nodeModuleVariable).EvalModuleCallArgument(0xc000594900|github.com/hashicorp/terraform/terraform.(*nodeModuleVariable).EvalModuleCallArgument(0xc000594900>, 0x389bce0, 0xc001c441a0, 0xc0005ca301, 0x0, 0x0, 0x0)
        /home/circleci/project/project/terraform/node_module_variable.go:238 +0x265
<http://github.com/hashicorp/terraform/terraform.(*nodeModuleVariable).Execute(0xc000594900|github.com/hashicorp/terraform/terraform.(*nodeModuleVariable).Execute(0xc000594900>, 0x389bce0, 0xc001c441a0, 0xc00003a004, 0x30ada40, 0x3202b60)
        /home/circleci/project/project/terraform/node_module_variable.go:157 +0x7f
<http://github.com/hashicorp/terraform/terraform.(*ContextGraphWalker).Execute(0xc000ebc270|github.com/hashicorp/terraform/terraform.(*ContextGraphWalker).Execute(0xc000ebc270>, 0x389bce0, 0xc001c441a0, 0x2da00048, 0xc000594900, 0x0, 0x0, 0x0)
        /home/circleci/project/project/terraform/graph_walk_context.go:127 +0xbc
<http://github.com/hashicorp/terraform/terraform.(*Graph).walk.func1(0x3202b60|github.com/hashicorp/terraform/terraform.(*Graph).walk.func1(0x3202b60>, 0xc000594900, 0x0, 0x0, 0x0)
        /home/circleci/project/project/terraform/graph.go:59 +0x962
<http://github.com/hashicorp/terraform/dag.(*Walker).walkVertex(0xc000594960|github.com/hashicorp/terraform/dag.(*Walker).walkVertex(0xc000594960>, 0x3202b60, 0xc000594900, 0xc000e78340)
        /home/circleci/project/project/dag/walk.go:387 +0x375
created by <http://github.com/hashicorp/terraform/dag.(*Walker).Update|github.com/hashicorp/terraform/dag.(*Walker).Update>
        /home/circleci/project/project/dag/walk.go:309 +0x1246



!!!!!!!!!!!!!!!!!!!!!!!!!!! TERRAFORM CRASH !!!!!!!!!!!!!!!!!!!!!!!!!!!!

Terraform crashed! This is always indicative of a bug within Terraform.
A crash log has been placed at "crash.log" relative to your current
working directory. It would be immensely helpful if you could please
report the crash with Terraform[1] so that we can fix this.

When reporting bugs, please include your terraform version. That
information is available on the first line of crash.log. You can also
get it by running 'terraform --version' on the command line.

SECURITY WARNING: the "crash.log" file that was created may contain 
sensitive information that must be redacted before it is safe to share 
on the issue tracker.

[1]: <https://github.com/hashicorp/terraform/issues>

!!!!!!!!!!!!!!!!!!!!!!!!!!! TERRAFORM CRASH !!!!!!!!!!!!!!!!!!!!!!!!!!!!

Danabout 5 years ago

Hello! Is there a way to pass a lifecycle ignore_changes in the inputs section when you are trying to point to a source module? (Using Terragrunt.hcl)

Steve Wade (swade1987)about 5 years ago(edited)

can anyone tell me what i am doing wrong please?

public_subnets   = var.subnet_cidrs == {} ? local.subnet_cidr_map["public"] : var.subnet_cidrs["public"]
private_subnets  = var.subnet_cidrs == {} ? local.subnet_cidr_map["private"] : var.subnet_cidrs["private"]
intra_subnets    = var.subnet_cidrs == {} ? local.subnet_cidr_map["intra"] : var.subnet_cidrs["intra"]
database_subnets = var.subnet_cidrs == {} ? local.subnet_cidr_map["database"] : var.subnet_cidrs["database"]

var.subnet_cidrs is empty map of dynamic

Error: Invalid index

  on .terraform/modules/base.vpc/modules/vpc/main.tf line 20, in module "vpc":
  20:   private_subnets  = var.subnet_cidrs == {} ? local.subnet_cidr_map["private"] : var.subnet_cidrs["private"]
    |----------------
    | var.subnet_cidrs is empty map of dynamic

The given key does not identify an element in this collection value.

Bart Coddensabout 5 years ago

hi all while using the module:

Bart Coddensabout 5 years ago

https://github.com/cloudposse/terraform-aws-s3-bucket

Bart Coddensabout 5 years ago

I would like to create a prefix: so the name of the bucket should be cloudposseisawesome-prod/var.name

Mohammed Yahyaabout 5 years ago

https://github.com/hashicorp/terraform-provider-aws/releases/tag/v3.29.0
• aws_securityhub_invite_accepter is finally out

Bart Coddensabout 5 years ago

Dear all, the module: https://github.com/cloudposse/terraform-aws-s3-bucket

Bart Coddensabout 5 years ago

does not seem to support a transition to DEEP_ARCHIVE yet, how can I request this ?

michael sewabout 5 years ago

Just curious how people have managed terraform version upgrades with modules? It seems that since the state is not backwards compatible, we have several workspaces all at some version of 0.12.x .

nnsensealmost 5 years ago(edited)

QQ: is this null_data_source still required as a workaround for nodes to wait for EKS module and cm to be in place? Yesterday I've seen this message from a deployment using it:

Warning: Deprecated Resource

The null_data_source was historically used to construct intermediate values to
re-use elsewhere in configuration, the same can now be achieved using locals

What if I move the two from null_data_source shown into examples from that into a locals { cluster_name = module.eks_cluster.eks_cluster_id } ? Would that achieve the same (waiting for aws-auth cm to exist)? On the same subject, what's the second variable (kubernetes_config_map_id) for? I cannot find it anywhere into the code, how the two are tied together if set into locals (provided it's the right option if we want to make terraform happy and stop using null_data_source
I even tried to move the two vars into locals, and the deployment completed successfully... but I have the strong feeling I'm missing something here... but, if I'm not, and moving those into locals is everything we need to get rid of that message, I'm happy to update and send a PR.

Steve Wade (swade1987)almost 5 years ago(edited)

does anyone know of a tool that can mass terraform import resources from AWS?

i need to get our route53 hosted zones and records under terraform management and away from people using ClickOps to update them all.

i swear there was something from Google that I have seen before but can't for the life of me find it

i think its https://github.com/GoogleCloudPlatform/terraformer

Hao Wangalmost 5 years ago

just a quick update, the RDS wouldn’t be recreated if a snapshot is used, https://github.com/hashicorp/terraform-provider-aws/issues/17037

Hao Wangalmost 5 years ago

by the way, recently I am thinking if there is a package manager for Cloudposse modules, so the modules can be upgraded in TF files, just bump the version something like that 🙂

Bart Coddensalmost 5 years ago

Hi all, I made some changes to the s3 bucket module to support transition to deep archive storage class

Bart Coddensalmost 5 years ago

where can I submit my code ?

Frankalmost 5 years ago

Anyone else experienced this issue when updating the AWS provider from v3.28.0 -> v.3.29.0 (with the terraform-aws-rds module)

Error: ConflictsWith
  on .terraform/modules/rds_postgres_db/main.tf line 44, in resource "aws_db_instance" "default":
  44:   snapshot_identifier         = var.snapshot_identifier
"snapshot_identifier": conflicts with username
Releasing state lock. This may take a few moments...

Not sure what the issue is here. snapshot_identifier is not set (so defaults to "") and database_username is set to a custom value so I don't see why it would conflict.

Nikola Milicalmost 5 years ago

I’ve successfully created a Gitlab CI pipeline v0.1 where I test, build and publish my docker image to ECR repository. Also in this codebase, there is Terraform fully set up (with remote s3 backend) but it’s not automated (connected with CI), but rather provisioning is version controled - but done manually.

I’m ready to step up and create v0.2 - the same thing as above, but where CI actually does provisioning if there are changes to infra. Can you give me some guidelines on where to start?

Asisalmost 5 years ago

Hi 👋
Any harshicop vault experts here ..
I m unable to unseal vault using the 3 master keys . I had the backend storage as consul . Is there a way I can kill the existing vault and recreate attach backend storage as consult.

Bart Coddensalmost 5 years ago

Hi all, I have some a tag on the root volume, I want terraform to ignore it

Bart Coddensalmost 5 years ago

in my config I have:

Bart Coddensalmost 5 years ago

lifecycle {
ignore_changes = [tags, ami]
}

Bart Coddensalmost 5 years ago

the plan says:

Bart Coddensalmost 5 years ago

      ~ root_block_device {
            delete_on_termination = false
            device_name           = "/dev/xvda"
            encrypted             = false
            iops                  = 0
          ~ tags                  = {
              - "Name" = "IOWA-TEST-ROOT" -> null
            }
            throughput            = 0
            volume_id             = "vol-04e6d26cb3fd7a43a"
            volume_size           = 8
            volume_type           = "standard"
        }
    }

RBalmost 5 years ago

try

ignore_changes = [root_block_device.tags, tags, ami]

Bart Coddensalmost 5 years ago

ha ok, but as such you cannot modify the size of the root volume right ?

RBalmost 5 years ago

i dont believe so

Bart Coddensalmost 5 years ago

but that's ok, changing the root volume size is rare

Leon Garciaalmost 5 years ago

hi, I'm facing an issue with latest version of terraform-aws-cloudfront-s3-cdn I have set values for custom_origins and now it asks for custom_headers after adding a blank object list, I get other errors related to path, domain, etc...so I set my version to 0.48.1 and works fine should I open a ticket in github?

Leon Garciaalmost 5 years ago

i see some related changes to custom_headers recently.. but I can't find why I get the errors for other stuff..

Mike Robinsonalmost 5 years ago

Hello team. I'm working with the eks-iam-role module. We have other modules that are responsible for, among other things, adding policies to existing IAM roles when resources (ie. SQS) are created. Thus I do not have a policy to pass into this module, so eks-iam-role cannot plan because aws_iam_policy_document is a required value, and I'd prefer our SQS module handle the IAM policy.

However, this line leads me to think that aws_iam_policy_document was intended to be optional. If I pass "{}" into the module, similar to this coalesce(), the plan works.

Should I file a bug to get aws_iam_policy_document made optional? Hopefully all those words I wrote makes sense to someone. 🙂

Fred Torresalmost 5 years ago

Are folks having issues downloading providers right now?

could not query provider
registry for <http://registry.terraform.io/hashicorp/aws|registry.terraform.io/hashicorp/aws>: failed to retrieve
authentication checksums for provider: 404 Not Found

Mike Robinsonalmost 5 years ago

@Fred Torres Yes, same here and on multiple providers and sources

Error verifying checksum for provider "aws"
The checksum for provider distribution from the Terraform Registry
did not match the source. This may mean that the distributed files
were changed after this version was released to the Registry.

RBalmost 5 years ago

tf cloud is having issues, it appears.

Mike Robinsonalmost 5 years ago

Here we are: https://status.hashicorp.com/incidents/68jxtclzwn33

joshmyersalmost 5 years ago

https://twitter.com/j0sh_myers/status/1363902277354979332

Robert Horroxalmost 5 years ago

This outage is also affecting regular terraform runs

Robert Horroxalmost 5 years ago

Error: Failed to install provider

Error while installing hashicorp/aws v3.29.0: unsuccessful request to
<https://releases.hashicorp.com/terraform-provider-aws/3.29.0/terraform-provider-aws_3.29.0_linux_amd64.zip>:
404 Not Found

Robert Horroxalmost 5 years ago

that provider is missing on their releases site

Yoni Leitersdorf (Indeni Cloudrail)almost 5 years ago

Have you guys been getting "File is not a zip file" too?

erikalmost 5 years ago

melissa Jenneralmost 5 years ago

Question on the module, cloudposse/elasticache-redis/aws. I use this module created redis cluster. See the output below.
1. Why is the word "replicas" part of endpoint? Is the endpoint the redis primary endpoint or replica endpoint?
2. Why output of cluster_host is empty?

cluster_host =
cluster_id = redis-replicas-blue
cluster_port = 6379
redis_cluster_endpoint = <http://clustercfg.redis-replicas-blue.ujhy8y.usw2.cache.amazonaws.com|clustercfg.redis-replicas-blue.ujhy8y.usw2.cache.amazonaws.com>

module "redis" {
  source = "cloudposse/elasticache-redis/aws"
  availability_zones               = data.terraform_remote_state.vpc.outputs.azs
  vpc_id                           = data.terraform_remote_state.vpc.outputs.vpc_id
  enabled                          = var.enabled
  name                             = var.name
  tags                             = var.tags
  allowed_security_groups          = [data.terraform_remote_state.vpc.outputs.default_security_group_id]
  subnets                          = data.terraform_remote_state.vpc.outputs.elasticache_subnets
  cluster_size                     = var.redis_cluster_size #number_cache_clusters
  instance_type                    = var.redis_instance_type
  apply_immediately                = true
  automatic_failover_enabled       = true
  engine_version                   = var.redis_engine_version
  family                           = var.redis_family
  cluster_mode_enabled             = true
  replication_group_id             = var.replication_group_id
  replication_group_description    = var.replication_group_description
  at_rest_encryption_enabled       = var.at_rest_encryption_enabled
  transit_encryption_enabled       = var.transit_encryption_enabled
  cloudwatch_metric_alarms_enabled = var.cloudwatch_metric_alarms_enabled
  cluster_mode_num_node_groups     = var.cluster_mode_num_node_groups
  snapshot_retention_limit         = var.snapshot_retention_limit
  snapshot_window                  = var.snapshot_window
  dns_subdomain                    = var.dns_subdomain
  cluster_mode_replicas_per_node_group = var.cluster_mode_replicas_per_node_group
}

joshmyersalmost 5 years ago

https://github.com/awslabs/tecli

Alex Jurkiewiczalmost 5 years ago

dang. I get the long-term economic incentives of AWS supporting their ecosystem with contributions like this. But it's so rare to see, that it's still a little 🤯

btaialmost 5 years ago(edited)

stupid question, but using a cloudposse module for the first time (surprising) and I can’t seem to get it to provision resources as it currently says No changes. Infrastructure is up-to-date.when i try to run terraform apply.

I have the modules set up as so:

module "monitor_configs" {
  source  = "cloudposse/config/yaml"
  version = "0.7.0"
  enabled = true

  map_config_paths           = ["catalog/monitors/kube.yaml"]
  
  context = module.this.context
}

module "synthetic_configs" {
  source  = "cloudposse/config/yaml"
  version = "0.7.0"
  enabled = true

  map_config_paths           = []
  
  context = module.this.context
}

module "datadog_monitors" {
  source = "git::<https://github.com/cloudposse/terraform-datadog-monitor.git?ref=master>"
  enabled = true

  datadog_monitors     = module.monitor_configs.map_configs
  datadog_synthetics   = module.synthetic_configs.map_configs
  # alert_tags           = var.alert_tags
  # alert_tags_separator = var.alert_tags_separator
  
  context = module.this.context
}

and a context.tf file that is just copypasted this and set var.enabled to true: https://github.com/cloudposse/terraform-datadog-monitor/blob/master/examples/complete/context.tf

am I missing something obvious?

Steve Wade (swade1987)almost 5 years ago

does anyone have a recommend module or starting place to implement https://docs.microsoft.com/en-us/azure/active-directory/saas-apps/aws-multi-accounts-tutorial ?

Steve Wade (swade1987)almost 5 years ago

my current place have done it before but I am really not convinced with the TF code as it seems pretty hacky

Erik Osterman (Cloud Posse)almost 5 years ago

anyone know what happens in the terraform registry when you rename a terraform module git repo? does it keep the stats? does it pick up the redirect automatically? do we need to resubmit it, etc?

lorenalmost 5 years ago

Oh my gosh, been begging for this for years, was just merged! I might actually shed tears of joy/relief... https://github.com/hashicorp/terraform-provider-aws/issues/17510

Prasad Reddyalmost 5 years ago

Hi Any one can please let me know how to pass the variables.tfvars files , by using command

Prasad Reddyalmost 5 years ago

I am running this command terraform apply -var=variables.tfvars for pass the tfvars files

Rajiv Ranjanalmost 5 years ago

-var-file can use thid

Prasad Reddyalmost 5 years ago

ok sure

Prasad Reddyalmost 5 years ago

now it is working terraform apply -var-file=variables.tfvar , Thankyou

Prasad Reddyalmost 5 years ago

I am writing terraform script to launch the MSK cluster in AWS any one have reference scripts please share with me

Abraralmost 5 years ago

Hey guys, I'm writing a ecr terraform module for use with my eks clusters - I believe I need to add this policy to worker nodeInstancerRole for the cluster to be able to pull images from ecr repo: https://docs.aws.amazon.com/AmazonECR/latest/userguide/ECR_on_EKS.html

Abraralmost 5 years ago

In the eks module vars, I cannot find a way to add this policy to the noderole https://github.com/cloudposse/terraform-aws-eks-cluster/blob/0.32.1/variables.tf

Abraralmost 5 years ago

Is there anyway to add an additional node role policy via cloudposse/eks repo or will I have to do this externally to the module?

Abraralmost 5 years ago

Oh I can see the cloudposse/ecr tf module already caters for this, will try it out. Nice! https://github.com/cloudposse/terraform-aws-ecr/tree/0.31.1

Ankit Rathialmost 5 years ago

Hi amazing people,
I have one question for <https://github.com/cloudposse/terraform-aws-rds>
why do we need subnet_ids here ? is it just for making the database available in at least two or more availability zones ? (does it fulfill any other requirement?)

Zachalmost 5 years ago

cross posting from the hangops slack - Hashicorp has reversed and decided to allow the use of ‘undeclared vars’ in tfvars going forward.
https://github.com/hashicorp/terraform/issues/22004

joshmyersalmost 5 years ago

Anyone noticed anything like https://github.com/hashicorp/terraform/issues/27214#issuecomment-784229902 ? terraform plan vs terraform show plan in 0.14.X

joshmyersalmost 5 years ago

https://github.com/cloudposse/terraform-aws-ecs-container-definition/pull/122 ❤️ 🙏 just ran into this

lorenalmost 5 years ago

new to me: a colleague just pointed out this project, kind of a python-pytest equivalent of terratest? https://github.com/GoogleCloudPlatform/terraform-python-testing-helper

Scott Cochranalmost 5 years ago

I may have found a bug in service-control-policies/aws, unless I'm simply doing something wrong. Adding policies is working great, and adding to that policy by adding additional policies is also working. However, when I try to remove something from a policy, that is not working.
For example:
I currently have 2 files policies in use. I add a 3rd, and I can see the additions in terraform plan. However, if I remove one of the policy files from the list_config_paths, leaving only one policy file, then terraform plan says no changes are to be applied.

lorenalmost 5 years ago

Discussion of a "test" command becoming native to terraform... https://twitter.com/mitchellh/status/1364273416178556928?s=19

Yoni Leitersdorf (Indeni Cloudrail)almost 5 years ago(edited)

Today's an exciting day for us as we officially launch Cloudrail - a second generation security analysis tool for Terraform: http://indeni.com/cloudrail/

Basically, we looked at the good work done by the guys at checkov (congrats btw), tfsec and others, and decided to take it one step further. Cloudrail takes the TF plan, merges it in memory with a snapshot of the cloud account, and then runs context-aware rules on it. A few things that allows us to do:
1. When we look at an S3 bucket's ACLs, we know if the account has public access block set or not. This allows us to ignore "public-acl" type settings if the account blocks it anyway.
2. When we look at an IAM role/user/group, we can tell what policies are attached to it, even outside the TF code (in the cloud).
3. When an RDS database is defined without specific VPC information, we can calculate what the default VPC looks like (if there is one), what its default security group and whether that will cause a problem.
And a bunch more examples... Basically Cloudrail was built to be used in the CI pipeline from day one, so it's meant to be very dev/devops friendly.

As a token of appreciation for this amazing forum, we will be giving access to Cloudrail for free until the end of June to any member of this Slack forum. Just DM me for access after you've signed up to Cloudrail. (after June, it will be 30-evaluations/month for free, though that is also expanded to unlimited if you're part of an open source project)

Matt Gowiealmost 5 years ago

Hey does anyone here create DataDog dashboards using Terraform? I’m just tasked an engineer on a client team with moving some of our dashboards to Terraform so we can create them for our dozen environments or so… and now I’m finding out that they don’t accept raw JSON and instead require that you write TF blocks for each widget. Seems excessive to me… and I’m wondering if any folks have a good work around for that.

kgibalmost 5 years ago

Using this module, I'd like to add another group to existing cluster https://github.com/cloudposse/terraform-aws-eks-node-group

kgibalmost 5 years ago

anyone have example? I'm not sure how to get the existing role and add another group to it

kgibalmost 5 years ago

module "eks_node_group_driver" {
  source  = "cloudposse/eks-node-group/aws"
  version = "0.18.3"

  subnet_ids        = module.subnets.private_subnet_ids
  cluster_name      = data.null_data_source.wait_for_cluster_and_kubernetes_configmap.outputs["cluster_name"]
  existing_workers_role_policy_arns = ["module.eks_node_group.node_role_arn"]
  # cluster_name      = aws_eks_cluster.cluster.id
  # node_group_name   = module.label.id
  # node_role_arn     = 
  instance_types    = ["r5.4xlarge"]
  desired_size      = 1
  min_size          = 1
  max_size          = 1
  kubernetes_labels = var.kubernetes_labels
  disk_size         = 100
  resources_to_tag  = ["instance"]

  context = module.this.context

kgibalmost 5 years ago

gives

Error: Error creating IAM Role existing-cluster-workers: EntityAlreadyExists: Role with name existing-cluster-workers already exists.
	status code: 409, request id: c577f222-6e43-43e0-aa23-ae2848ecaa81

rssalmost 5 years ago

v0.15.0-beta1
Version 0.15.0-beta1

rssalmost 5 years ago(edited)

v0.15.0-beta1
0.15.0-beta1 (Unreleased)
BREAKING CHANGES:

Empty provider configuration blocks should be removed from modules. If a configuration alias is required within the module, it can be defined using the configuration_aliases argument within required_providers. Existing module configurations which were accepted but could produce incorrect or undefined behavior may now return errors when loading the configuration. (<a href="https://github.com/hashicorp/terraform/issues/27739"...

larry kirschneralmost 5 years ago

Apologies if this isn't the right forum for my question regarding the terraform-aws-efs module (https://github.com/cloudposse/terraform-aws-efs)

...it looks like when I upgrade module version from 0.27.0 to current 0.30.0 and then apply my existing EFS filesystem gets destroyed/replaced and I get a new fs id.

Is this by design and/or unavoidable? Is there any way I can upgrade module version and not have my fs replaced?

Jeff Dykealmost 5 years ago(edited)

Greetings. I had posted a question on /r/terraform, based on a response from u/CrimeInBlink47, who mentioned that I should check in here and cloudposse had published a module/provider that would allow for terragrunt type yaml(2 levels max) merging. Which is the final reason (i think) i'm still using TG and not plain TF. BTW, love the video's i've seen so far, thanks for the content. And again Hello!

michael sewalmost 5 years ago

Q: Has anybody encountered problems running tfenv on WSL? I've tried ubuntu and centos7, both getting similar errors. it works in windows10 git-bash, but not WSL(s).

msew@NOTEBOOK:~ $ which tfenv
/c/users/msew/.local/bin/tfenv
msew@NOTEBOOK:~ $ tfenv
/usr/bin/env: 'bash\r': No such file or directory

^^^ this seems like a windows/unix CrLf error.

Ankit Rathialmost 5 years ago

Hi amazing folks
I am tring to create very simple RDS mysql - https://github.com/cloudposse/terraform-aws-rds

module "rds_instance" {
  source = "cloudposse/rds/aws"
  # Cloud Posse recommends pinning every module to a specific version
  version = "v0.33.0"
  namespace                   = "backend"
  stage                       = "dev"
  name                        = "somename"
  dns_zone_id                 = var.somezoneid
  host_name                   = "somehostname"
  security_group_ids          = [module.security-group-mysql-www.this_security_group_id]
//  ca_cert_identifier          = "rds-ca-2021"
  allowed_cidr_blocks         = var.dev-vpc-all-bsae-cidr-blocks
  database_name               = "mysqlwww1"
  database_user               = "goodone"
  database_password           = "nicetry"
  database_port               = 3306
  multi_az                    = false
  storage_type                = "gp2"
  allocated_storage           = 100
  storage_encrypted           = false
  engine                      = "mysql"
  engine_version              = "8.0.20"
  major_engine_version        = "8.0"
  instance_class              = "db.t3.medium"
  db_parameter_group          = "mysql8.0"
  //  option_group_name           = "mysql-options"
  publicly_accessible         = false
  subnet_ids                  = [var.dev-vpc-public-subnets[0], var.dev-vpc-public-subnets[1]]
  vpc_id                      = var.dev-vpc-id
  snapshot_identifier         = null
  auto_minor_version_upgrade  = true
  allow_major_version_upgrade = false
  apply_immediately           = false
  maintenance_window          = "Mon:03:00-Mon:04:00"
  skip_final_snapshot         = false
  copy_tags_to_snapshot       = false
  backup_retention_period     = 7
  backup_window               = "22:00-03:00"

  db_parameter = [
    { name  = "myisam_sort_buffer_size"   value = "1048576" },
    { name  = "sort_buffer_size"          value = "2097152" }
  ]
}

Strangely its giving error for DB parameter groups

Error: Missing attribute separator

  on 100-rds.tf line 65, in module "rds_instance":
  65:     { name  = "myisam_sort_buffer_size"   value = "1048576" },

Expected a newline or comma to mark the beginning of the next attribute.

Don’t think the syntax is wrong somewhere ? Anything ?

kumar kalmost 5 years ago

Hello...I have upgraded one of my terraform module from 0.12.29 to 0.14.5.Now I wanted to check if i can restore to old state using a older statefile from s3 with 0.12.29 version.Is this doable?

Tomekalmost 5 years ago

👋 I have two separate terraform projects (with their own terraform state file). Project A creates a lambda that Project B wants to reference. I was going to use the aws_lambda_function data source. E.g.

data "aws_lambda_function" "existing" {
  function_name = var.function_name
}

How are you meant to handle the situation where Project A may have not yet created that lambda and so it won’t exist?

Harold Reinsteinalmost 5 years ago

What are you using to manage tf ? terraform cloud, scalr, env0 pulumi or ?

Bart Coddensalmost 5 years ago

hi all, I am a bit confused by this module:

Bart Coddensalmost 5 years ago

https://github.com/cloudposse/terraform-aws-key-pair

Bart Coddensalmost 5 years ago(edited)

can it be used to create the keypair to provision/boot a machine ?

Bart Coddensalmost 5 years ago

Hey all, I was checking out this module:

Bart Coddensalmost 5 years ago

https://github.com/cloudposse/terraform-aws-iam-user

Bart Coddensalmost 5 years ago

it does not support creation of the groups right ?

Renealmost 5 years ago

Nope! It allows an IAM user to be part of a group through membership however.
See:

• https://github.com/cloudposse/terraform-aws-iam-user/blob/master/main.tf#L21
• https://github.com/cloudposse/terraform-aws-iam-user/blob/master/variables.tf#L18

RBalmost 5 years ago

if you like terraform-docs and want to see anchors supported, upvotes plz

https://github.com/terraform-docs/terraform-docs/issues/408

Steve Wade (swade1987)almost 5 years ago

talking of terraform-docs how do people handle using it with pre-commit hooks?

Steve Wade (swade1987)almost 5 years ago

we have them enabled but when someone does a brew update all hell breaks lose

Alex Jurkiewiczalmost 5 years ago

I wrote up a proposal for the KMS module about supporting more flexible ways of customising key policy.
I'm interested in feedback from maintainers and users who use non default policies:
https://github.com/cloudposse/terraform-aws-kms-key/issues/25

January 2021 Browse by date March 2021