#terraform - July 2021

just wondering if cloudpoose has any video tutorial out there about using any of its modules. anyone at all?

module "rds" {
  source = "../rds"
  aws_region = var.app_region
  db_subnets = var.db_subnets
  vpc_id = local.vpc_id

  for_each=var.sql_db
  rds_name = "${local.cluster_name}-${each.key}-sql-db"
  admin_user = each.value.admin_user
  instance_class = each.value.node_type
  allocated_storage = each.value.disk_size
  rds_type          = each.value.type
}



resource "kubernetes_service" "db_service" {
  for_each = module.rds
  metadata {
    name = "${each.key}-rds"
  }
  spec {
    port {
      port =  each.value.db_port
    }
  }
}

resource "kubernetes_endpoints" "db_service" {
  for_each = module.rds
  metadata {
    name = "${each.key}-rds"
  }
  subset {
    address {
      ip = each.value.db_url
    }
    port {
      port = each.value.db_port
    }
  }
}

I want to use the values of for port and ip coming from the output of rds map of object, how can i do that? i tried with above code and it gave errors

Hey Guys how do i make my load balancer conditional, such that if the type is application it should enforce a security group be set else, it should create without security group if type is set to network in a module. Thanks

Folks using env0 - does the pricing ‘per environment’ boil down to “per unique terraform state file”?

Hi All, I'm hoping someone can point me in the right direction, I'm currently in the process of learning Terraform and still invariably getting some of basics wrong (so please bare with me!).

I'm attempting to create a multi-tiered/multi-az infrastructure, but I'm struggling to get my subnets to work! I've got as far as my code being 'valid', but at the point of applying I receive the following error -

Error: error creating application Load Balancer: ValidationError: At least two subnets in two different Availability Zones must be specified
│ 	status code: 400, request id: 48dcf4c9-ef9c-455b-bdd4-1140be1ccffc
│ 
│   with module.security.aws_lb.app_lb,
│   on modules/security/main.tf line 2, in resource "aws_lb" "app_lb":
│    2: resource "aws_lb" "app_lb" {
│ 
╵
╷
│ Error: Error creating Auto Scaling Group: ValidationError: The subnet ID 'aws_subnet.public_subnet.id' does not exist
│ 	status code: 400, request id: b633e797-4b8e-4edc-9311-befee780686b
│ 
│   with module.security.aws_autoscaling_group.web_asg,
│   on modules/security/main.tf line 84, in resource "aws_autoscaling_group" "web_asg":
│   84: resource "aws_autoscaling_group" "web_asg" {

So on the back of the error received, is there any way I can get my output.tf to include both 'eu-west-2a' and 'eu-west-2b'? I'm sure there will be a simple way of doing this, but it's left me scratching my head for a while.

output "aws_subnet_public_subnet" {
  value = aws_subnet.public_subnet["eu-west-2a"].id
}

My infrastructure consists of the following -

Root Module
main.tf
variables.tf
versions.tf

Child Modules -
Security
• main.tf
• variables.tf
• output.tf
VPC
• main.tf
• variables.tf
• output.tf
EC2
• main.tf
• variables.tf
• output.tf
Thanks! 🙂

i am trying to execute a lambda in terraform and getting the following error ...

403 AccessDenied

does anyone have any ideas as I am running out, it does obtain the source for an s3 bucket in a different account

How to for loop over a map to create a string of maps e.g. { "foo" = "bar", "environment" = "dev"}

@Erik Osterman (Cloud Posse) Are you using atmos in your CICD pipelines ?

Hi y'all! I have a question for y'all!

I'm running a cross region deployment where osaka (ap-northeast-3) in AWS is part of the regions.
I'm getting issues regarding access denied -> Code Signing Config

│ Error: error getting Lambda Function (pushlishGuardDutyFindingsToMSTeams) code signing config AccessDeniedException:
│ status code: 403, request id: 128f5476-b28c-4183-91ec-459acfb6038b

https://github.com/hashicorp/terraform-provider-aws/issues/18328

The region doesn't current have codesigning enabled. I'm deploying a zip of a python function.

This user suggested to use a dynamic block to disable code signing when deploying to ap-northeast-3. The thing is i'm not even enabling it. I assume it is enabled by default.



Any thoughts/suggestions?

does anyone have or know about a nice pattern for passing additional security group rules (as a module input) ?

Hello, I am looking for some information to validate deployment :
by example do you use "http data source" to check network connectivity after a terraform deployment ?
which other post install check do you do ?
Thanks

Has anyone tried referencing the output on a submodule? The submodule’s resources were also created with a for_each, adding to the fun here

I’ve seen some references talking about using a data resource from the state, but I’m hoping I can just directly reference the objects

Hey, I made this module to backup the terraform states from Terraform Cloud to S3. If you have any suggestions or feature requests, let me know. https://github.com/mnsanfilippo/terraform-cloud-backup

oh hi everyone, i'm trying to instantiate a project that uses the cloudposse/label/null resource and it seems to want to error out on terraform 0.12 but then if i bump it up to 0.14 i get hit with the version constraint described in this issue: https://github.com/masterpointio/terraform-aws-amplify-app/issues/1

Hello everyone ! I have a question about https://github.com/cloudposse/terraform-aws-elasticsearch
how to make elasticsearch public?
I created extra VPC with public subnet and put elasticsearch into this public subnet and anyway I have

Error: Head "https://***************.<http://us-east-1.es.amazonaws.com|us-east-1.es.amazonaws.com>": context deadline exceeded

  on es-indexes.tf line 14, in resource "elasticsearch_index" "this":
: resource "elasticsearch_index" "this" {

when I want to create index with mapping.

Fellas, anyone got to this bug yet?
https://github.com/cloudposse/terraform-aws-elasticsearch/issues/18

CC @Erik Osterman (Cloud Posse)

v1.0.2
1.0.2 (July 07, 2021)
BUG FIXES:
terraform show: Fix crash when rendering JSON plan with sensitive values in state (#29049)
config: The floor and ceil functions no longer lower the precision of arguments to what would fit inside a 64-bit float, instead preserving precision in a similar way as most other arithmetic functions. (<a...

Hi - I have a quick question about S3 backend - Do you guys create a TF Backend S3 bucket per account or One S3 bucket to store TF state AWS org wide ?

Hi - do anyone know if i'm having a terraform project and inside that i am having module of eks and all and other than that i'm having a separate directory for providers only,like helm,kubectl and kubernetes so they will require 3 inputs host,cert_ca and token how can i take those as an input in module?

Hey guys, I've got a problem with terraform. After one of my applies certain resources wasn't creates due to errors with datadog api, after another try I managed to fix the error, but now I have duplicates of datadog monitors. Is there are any proper way to clean that up?

I am using terraform to deploy my resources on aws and i am using auto scaling group for ec2 instance deployment for auto scaling. now issue is that every time when due to work load auto scaling group terminate and deploy new instance. private ip get change. and i want to use network interface for route53 records internal. so user can access the app without any issue.

Is there a good way to access the docs for a previous version of terraform? The main website is for latest and I need to work with 0.14.

This message was deleted.

Hi, I am new to this community and have an issue which i am hoping someone could help me with. I am currently looking at a problem where the use of tfmask seems to allow a failed circleci step which runs a terraform plan to pass/green although it has an error? the command looks similar to below, is anyone aware of this? now when i remove tfmask the build fails as expected.

terraform plan -out terraform.plan -var-file=env/$(ENVIRONMENT).tfvars dep/$(PROJECT) | tfmask

Regarding the public terraform registry - https://registry.terraform.io, can the people that publish their modules just remove them at any point? I'm not seeing any info on how that's handled in their documentation.

Hi, what the ‘exports’ directory for? like this: https://github.com/cloudposse/terraform-null-label/tree/master/exports

Has anyone been able to enable ASG CW metrics for eks managed nodes? I saw this issue https://github.com/hashicorp/terraform-provider-aws/issues/13793, however two responses seem to link to a possible solution but elsewhere it says that this isnt supported by EKS. Its a bit confusing..

I have a terraform-compliance question on stackoverflow. Grateful if someone could take a 👀

Hey everyone! A quick question ,i want to create multiple dbs within single rds instance, is it possible? and if it's possible then for multiple rds instances how we can create multiple dbs ? Edit:- this is possible by postgres provider but the thing is we can't use for_each in module with providers(postgres and mysql), is there any way to do so?

Hello guys ! I’m trying to find a way to identify the combination of an ip address + one of its port with a unique int value. Sounds like it’s what we call a network socket if we add the protocol. (https://en.wikipedia.org/wiki/Network_socket)
But is there a way to have a unique int value we could use as an index in terraform ? Like an equation or something ?
My usecase is to identify my target groups created with the community alb module: https://github.com/terraform-aws-modules/terraform-aws-alb Since I have many target groups to create, I did some loops but it ended up in automatic index which is hard to access when I want to add specific rules ^^

How are people (if at all) maintaining a CRL via Terraform without https://github.com/hashicorp/terraform-provider-tls/pull/73 being merged yet?

Does anyone have a good terraform module for deploying a GitHub Enterprise Server to AWS that they would recommend?

v1.1.0-alpha20210714
1.1.0 (Unreleased)
NEW FEATURES:
cli: terraform add generates resource configuration templates (#28874)
config: a new type() function, only available in terraform console (<a href="https://github.com/hashicorp/terraform/issues/28501" data-hovercard-type="pull_request"...

list(string) and map(string) is the same thing? terraform fmt changed from map(string) to list(string) somehow

hi all, I have a question. If I created resources with ansible and would like to use it in terraform. E.g. Transit gw was created earlier with ansible, can I get info from that resource with terraform to use it . e.g ID of the tgw and create and attachment.. I sthat possible only with importing that resouce to terraform ?

Hi all, I’m using the terraform eks module. Im creating managed nodes with it and I realize that the ASG has an activity notification created which you can hook an SNS topic into. How does this notification get created? I looked in the module and cant find it. Any ideas?

Given a data source like https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/s3_bucket, is there a way to see what kind of IAM permissions are required to use the data source?

how could I convert

{a = ["foo", "bar"], b = ["baz"]}

into

[["a", "foo"], ["a", "bar"], ["b", "baz"]]

?

I have this map of object

sql_db={
    postgres={
      node_type       = "db.t3.micro"
      type            = "postgresql"
      disk_size            = 6 // Disk space in GB
      db_names        =     ["db1","db2"]
      admin_user      = "postgresadmin"
    }
  }

If i want to iterate over the db_names list in this map, how can i do that?

Hi All, wanted to run something by here before submitting a issue on GitHub. Trying to use https://github.com/cloudposse/terraform-aws-eks-cluster to build an EKS cluster and workers. Using the example for 0.39.0 I'm getting the following error on Terraform 1.0.2.

│ Error: Error in function call
│
│   on main.tf line 82, in locals:
│   82:   tags = merge(local.common_tags, map("<http://kubernetes.io/cluster/${module.label.id}|kubernetes.io/cluster/${module.label.id}>", "shared"))
│     ├────────────────
│     │ module.label.id will be known only after apply
│
│ Call to function "map" failed: the "map" function was deprecated in Terraform v0.12 and is no longer available; use tomap({ ... }) syntax to write a literal map.

hi, I have some manually created resources , and I am importing them using terraform import. So I am planning this to include this in first stage of jenkins pipeline, where the second stage is terraform init and then terraform apply in the third stage. Using s3 as backend. How can I sync the newly imported state file for the manually created resources with the already created state file stored in the s3 bucket. Should I do a terraform push?FYI this is for PagerDuty

Hi All,

I am facing an issue with the terraform-aws-eks-node-group module. Can someone spot what the issue is?

The code for the nodegroup is the following:

module "linux_nodegroup_1" {
  source  = "xxx"
  enabled = var.linux_nodegroup_1_enabled

  name                              = var.linux_nodegroup_1_name
  ami_image_id                      = var.linux_nodegroup_1_ami_image_id
  subnet_ids                        = var.vpc.private_subnet_ids
  cluster_name                      = module.eks_cluster.eks_cluster_id
  instance_types                    = var.linux_nodegroup_1_instance_types
  desired_size                      = var.linux_nodegroup_1_desired_size
  min_size                          = var.linux_nodegroup_1_min_size
  max_size                          = var.linux_nodegroup_1_max_size
  kubernetes_labels                 = var.linux_nodegroup_1_kubernetes_labels
  kubernetes_taints                 = var.linux_nodegroup_1_kubernetes_taints
  kubernetes_version                = var.linux_nodegroup_1_kubernetes_version
  disk_size                         = var.linux_nodegroup_1_disk_size
  create_before_destroy             = var.linux_nodegroup_1_create_before_destroy
  cluster_autoscaler_enabled        = var.linux_nodegroup_1_cluster_autoscaler_enabled
  existing_workers_role_policy_arns = local.linux_nodegroup_1_existing_workers_role_policy_arns

  context                           = module.this.context
}

We want to spin a nodegroup with a specific AMI, however we observe a strange behaviour. The ASG is creating it’s own launch template, ignoring the launch template created by the Terraform module.
The launch template created by the terraform module is correct. The LT create created by the ASG uses the default Amazon Linux 2 AMI.

Looking at the code is a bit difficult to understand what might be going wrong.

any idea ?

Error: error creating Route in Route Table (rtb-0d0b28cb13c1c4a5c) with destination (192.168.1.0/24): InvalidTransitGatewayID.NotFound: The transitGateway ID 'tgw-0b127487563c95832' does not exist.
│ 	status code: 400, request id: 07f5837d-bfdb-468c-afcc-f3ce90626923

the goal:
create a route in route table and attach it to the subnet I just created earlier.
the transit gateway is an "external/already created" resources. I got the ID using

data "aws_ec2_transit_gateway" "exists_tgw" {
}

in terraform plan I see the correct ID, but when I run the apply I got that error

Hello everyone ! What are the best practices to scan and check AWS IAM policies (permissions)
For example, on one terraform works a lot of people and we want to check permissions not to give too much ( e.g. “*” ) for policies.
It can be maybe a pre-commit hook or terraform module?

I know I'm missing something here, but could use a point in the right direction. I've built an EKS cluster using the updated terraform-aws-eks-cluster module and everything got built properly. When I attempt to run terraform plan or apply again afterwards, I'm presented with the following error.

╷
│ Error: configmaps "aws-auth" is forbidden: User "system:anonymous" cannot get resource "configmaps" in API group "" in the namespace "kube-system"
│
│   with module.eks_cluster.kubernetes_config_map.aws_auth_ignore_changes[0],
│   on .terraform/modules/eks_cluster/auth.tf line 112, in resource "kubernetes_config_map" "aws_auth_ignore_changes":
│  112: resource "kubernetes_config_map" "aws_auth_ignore_changes" {
│
╵

I verified I have an valid kubectl configuration file and have access to the cluster.

Hello! I am trying the Jenkins module, but I am currently get an error with Backup Vault. Could you please confirm what permissions are required?

does anyone know with RDS what the logic is for calculating the max size (for mysql) as when you choose a small initial size (20/50gb) you can't set the max size to 65536 gb as it fails

I have these inputs and I want to map these to two maps(i.e map_users and map_roles for role and user policy)

app_admins    = ["arn:aws:iam::617369727400:user/sam","arn:aws:iam::617369727400:user/rock"]
  app_viewers   = ["arn:aws:iam::617369727400:user/rock","arn:aws:iam::617369727400:role/aws-service-role/eks.amazonaws.com/AWSServiceRoleForAmazonEKS"]
  app_editors   = ["arn:aws:iam::617369727400:user/rock","arn:aws:iam::617369727400:role/AWS-QuickSetup-StackSet-Local-AdministrationRole"]

How can i map these?

Right now, i'm trying to do like this!

map_users = concat([
    for user in var.app_admins:
    {
      userarn  = user
      username = split("/",user)[1]
      groups   = ["system:masters"]
    }]
  ],
  [
    for user in var.app_viewers:
    {
      userarn  = user
      username = split("/",user)[1]
      groups   = ["cluster-viewer"]
    }
  ],
  [
    for user in var.app_editors:
    {
      userarn  = user
      username = split("/",user)[1]
      groups   = ["cluster-editor"]
    }
  ]
  )

but the problem is, it is mapping all the values from the list of string to both the maps

i am doing same for map_roles.

coworker posted a handy one-liner for seeing all the aws permissions your terraform is using...

TF_LOG=trace terraform apply --auto-approve 2>&1 | \
grep 'DEBUG: Request ' | \
sed -e 's/.*: Request//' \
    -e 's/ Details:.*$//' \
    -e 's#/#:#' | \
sort -u

Just pulled up this list for a SweetOps member who DM’d me privately, but if anybody is looking to help work on Cloud Posse open source modules, we’ve got a bunch of “help wanted” tickets ready to go!

https://github.com/issues?q=is%3Aissue+is%3Aopen+org%3Acloudposse+archived%3Afalse+sort%3Aupdated-desc+label%3A%22help+wanted%22+

Hi, new here to modules.
is there any link or vid to learn how to use public modules?
i found it dizzy about "how to use" module.

my questions is :
do i need to make a new main.tf variables.tf and outputs.tf to use modules?
i tried with defining the modules and put every required inputs on main.tf
is that a good of using modules or i need to put them in variables.tf?

Has anyone here been able to enable ASG metrics using the terraform-eks module?

Hello,
I have a requirement to restore elastic cacehe redis cluster from snapshot using terraform.I am using "snapshot_name" parameter to restore,but the automatic backup is getting deleted once it creates new cluster.I found another paramter "snapshot_arns"(rdb from s3)to restore.Which is the best option to restore using terraform?

HashiCorp Waypoint Demo happening now!

v1.0.3
1.0.3 (July 21, 2021)
ENHANCEMENTS
terraform plan: The JSON logs (-json option) will now include resource_drift, showing changes detected outside of Terraform during the refresh step. (#29072)
core: The automatic provider installer will now accept providers that are recorded in their registry as using provider protocol version 6....

Hey there, I'm trying to create an eks_cluster with fargate using cloudposse modules but I keep getting a TLS handshake timeout after an hour... Any one knows what could be the issue? I am new to EKS and Kubernetes so I might be doing something wrong
module.eks_cluster.aws_eks_cluster.default[0]: Still creating... [56m40s elapsed]
╷
│ Error: error creating EKS Cluster (dw-dev-common-eks-cluster-cluster): RequestError: send request failed
│ caused by: Post "https://eks.us-east-1.amazonaws.com/clusters": net/http: TLS handshake timeout
│
│ with module.eks_cluster.aws_eks_cluster.default[0],
│ on .terraform/modules/eks_cluster/main.tf line 47, in resource "aws_eks_cluster" "default":
│ 47: resource "aws_eks_cluster" "default" {
│
╵
Releasing state lock. This may take a few moments...

https://www.linkedin.com/posts/indeni_iac-terraform-cicd-activity-6824396172262735872-3xWh
I will be happy if you guys can join

For those of you that have added OPA to your terraform pipelines, what approach did you take? Did you use OPA directly, conftest, a 3rd party security tool that embedded OPA, remote execution engine that embeds it?

hi guys. anyone mistakenly deleted their terraform.state and was still able to target existing infrastructure and destroy in terraform before 😢

interested to hear how people are using checkov in collab with tflint and tfsec
our tester is currently spiking it but interested in how the wider community integrate it

hey all, I'm looking for some help with this module in preparation for a couple of prs please.
https://github.com/cloudposse/terraform-aws-transit-gateway

The go tests are failing due to

TestExamplesCompleteDisabledModule 2021-07-26T09:38:47+01:00 command.go:121: Error: Invalid count argument
TestExamplesCompleteDisabledModule 2021-07-26T09:38:47+01:00 command.go:121: 
TestExamplesCompleteDisabledModule 2021-07-26T09:38:47+01:00 command.go:121:   on ../../modules/subnet_route/main.tf line 15, in resource "aws_route" "count":
TestExamplesCompleteDisabledModule 2021-07-26T09:38:47+01:00 command.go:121:   15:   count                  = var.route_keys_enabled ? 0 : length(local.route_config_list)
TestExamplesCompleteDisabledModule 2021-07-26T09:38:47+01:00 command.go:121: 
TestExamplesCompleteDisabledModule 2021-07-26T09:38:47+01:00 command.go:121: The "count" value depends on resource attributes that cannot be determined
TestExamplesCompleteDisabledModule 2021-07-26T09:38:47+01:00 command.go:121: until apply, so Terraform cannot predict how many instances will be created.
TestExamplesCompleteDisabledModule 2021-07-26T09:38:47+01:00 command.go:121: To work around this, use the -target argument to first apply only the
TestExamplesCompleteDisabledModule 2021-07-26T09:38:47+01:00 command.go:121: resources that the count depends on.

The solution would appear to be to create the vpcs/subnets before the transit gateway/route tables.
Just wondering if the authors are also seeing this issue?

Hey guys - still got a lot to learn, but I'm looking at the Kafka module and the zone_id variable specifically. Where is that zone ID obtained from AWS? Haven't been able to find anything but AZ IDs in their docs.

does anyone know if you can easily use lambdas with docker containers (hosted in a private repo like Harbor) ?

Hi guys, i am succesfully importing db's into terraform, but i have an issue as there is a second db with the same name but in tokyo instead of frankfurt, and although that the second module has different name, when i am importing it with the same identifier/name, its messing with the first database.
How can i make terraform understand that the second db with the same name is in tokyo and not frankfurt?
i searched for region tag in the modules inputs but no luck 😞

@Paweł Hytry - Spacelift or other spacelift contact... curious if any further updates on support for Azure DevOps Pull requests yet?

Hey all, having a problem on Terraform 0.11 AWS. Under what circumstances would taint not taint a resource, such that it would not be recreated on the next apply? I wasn't aware of any circumstance, but currently I am trying to taint a DB resource, so that it can be recreated, I see:

The resource aws_db_instance.test_db in the module root has been marked as tainted!

after running terraform taint aws_db_instance.test_db yet I don't see the resource being recreated when I next terraform apply

to add a little context, I'm debugging an old project with a CI using this command to recreate a DB, that has previously been working solidly.

AWS provider 2.70
DB in question is an RDS with 9.6.20 for the engine

Hi all, the renovate bot suggested to update the eks module terraform-aws-modules/eks/aws from version 15.2.0 to 17.1.0. Since this will be applied to production, how can i understand the underlying changes that it will trigger? since they have 8 versions difference, reading 8 different readme's is not the proper action i guess right?
thanks!

Hi all I just finished my latest blog on Getting Certified in Terraform, hope it helps people that want to go for the cert: https://bradmccoydev.medium.com/devops-journey-how-to-get-certified-in-terraform-c0bce1caa3d?source=friends_link&sk=517761f1f657b610207662d6a87cf871

Hello everyone here 🙂

i have an issue working in terraform connect modules togrther, i need help plz ?

@Erik Osterman (Cloud Posse) is there a template/starter out there for variant just for running a terraform workflow of a couple directories without all the placeholder yaml. I find the examples repo for using the Atmos/terraform confusing due to level of placeholder yaml files I need to replace. Was hoping to try again but find a barebones one.

Also I am assuming the workflow examples I've seen that mention backend as first step just run your cloudposse backend tf state module.

Been working on the Kafka module - still having issues with the Zone ID. Documentation says it's not necessary afaik, but running without the variable makes TF lose its mind. I've got a zone being created on my end, and tried directly referencing that in the module call for the Kafka, but that doesn't seem to be working either 😅

v1.1.0-alpha20210728
1.1.0 (Unreleased)
NEW FEATURES:
cli: terraform add generates resource configuration templates (#28874)
config: a new type() function, only available in terraform console (<a href="https://github.com/hashicorp/terraform/issues/28501" data-hovercard-type="pull_request"...

Anyone here is good at terraform for OCI and GCP?

Hello, I’m using this module https://registry.terraform.io/modules/cloudposse/cloudfront-cdn/aws/latest, is there a way to modify the Default(*) behavior in ordered_cache input?

hello, updated the terraform-aws-backup module to work in gov cloud… was following the pattern that was recently used in the flow logs s3 bucket module: https://github.com/cloudposse/terraform-aws-backup/pull/22

Any nicer way than this to lowercase keys/values of a map() into a new map?

hi everyone, I’m trying to create a gke cluster, but somehow I’m getting a weird problem, maybe someone has seen this before, any comments are welcome
Terraform v1.0.0
Google Provider v3.77
terraform-google-modules/kubernetes-engine/google v16.0.1

hi all, anyone recently updated the cloudinit from 2.1 to 2.2? any pitfalls that we need to be aware of?

why does terraform's yamldecode function sort lexicographically on keys?

> yamldecode("{a: 1, c: 3, b: 2}")
{
  "a" = 1
  "b" = 2
  "c" = 3
}

Now that terraform is officially publishing regularly updated docker images (pretty sure that's recent for them officially doing this?) is anyone using terraform via docker run only?

I need to check, but think I'd need to mount the .aws/cred, .terraformrc and local directory at a minimum. If I wrap that up in an alias curious if anything else folks have run into issues with on docker based runs?