66 messages
Darrin Falmost 4 years ago
Do you use AWS Control Tower, and do you provision that with IaC or do you just ClickOps the initial setup? We're starting fresh and I'm not sure what to call "Day 0" operations where it doesn't make sense to automate...
idan levialmost 4 years ago
Hi all!
im trying to create
I want to add toleration ,taints and labels to each node group, so i tried to use
but none of them create the node group with the labels/taint .
someone know what is the right way to do it ?
Thanks !!
im trying to create
self managed node groups on EKS using Terraform eks module and terragrun.I want to add toleration ,taints and labels to each node group, so i tried to use
bootstrap_extra_args = "--node-labels=<http://node.kubernetes.io/lifecycle=spot,node/role=os-client|node.kubernetes.io/lifecycle=spot,node/role=os-client>" andbootstrap_extra_args = <<-EOT
[settings.kubernetes.node-labels]
ingress = "allowed"
EOT but none of them create the node group with the labels/taint .
someone know what is the right way to do it ?
Thanks !!
Matt H.almost 4 years ago(edited)
Hello, I'm using the cloudposse tgw module with terragrunt to create a cross-account transit gateway with attachments. I created a module-of-modules that basically mimics the multi-account example here https://github.com/cloudposse/terraform-aws-transit-gateway/tree/master/examples/multi-account, only I replaced the config with vars that I pass in from terragrunt. When it runs, I get everyone's favorite error, "The "count" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will be created" message from the local for lookup_transit_gateway local. I am trying to understand why that may be. It occurs on the vpc_attachments, which should be evaulating to true/1 based on https://github.com/cloudposse/terraform-aws-transit-gateway/blob/master/main.tf#L10 since I pass in the existing_transit_gateway_id.
Niv Weissalmost 4 years ago
Hey guys, can someone please help me? 🙏
I’m creating an EKS cluster using Terraform, and part of it, is to create an ALB.
When I run
I want to be able to run
I’m creating an EKS cluster using Terraform, and part of it, is to create an ALB.
When I run
terraform destroy it doesn’t work because the vpc is locked due to the ALB that needs to be deleted first. But, because it has been created from my ingress controller I don’t know how to make terraform recognize it…I want to be able to run
terraform destroy without the need to manually delete the alb first.Niv Weissalmost 4 years ago
Another question, when I’m creating my cluster, it’s all the time failing during
I’m getting this error message:
terraform apply when it’s getting to run things inside my cluster. Is there a way to make terraform to wait a little bit so that the cluster will be online and then it would not fail?I’m getting this error message:
Error: Kubernetes cluster unreachable: Get "<http://xxxxxxxxx1682.yl4.us-east-1.eks.amazonaws.com/version>": dail tcp xx.xx.xx.xx:443: i/o timeout
rssalmost 4 years ago
v1.2.0-rc1
1.2.0-rc1 (Unreleased)
UPGRADE NOTES:
The official Linux packages for the v1.2 series now require Linux kernel version 2.6.32 or later.
When making outgoing HTTPS or other TLS connections as a client, Terraform now requires the server to support TLS v1.2. TLS v1.0 and v1.1 are no longer supported. Any safely up-to-date server should support TLS 1.2, and mainstream web browsers have required it since 2020.
When making outgoing HTTPS or other TLS connections as a client, Terraform will no...
1.2.0-rc1 (Unreleased)
UPGRADE NOTES:
The official Linux packages for the v1.2 series now require Linux kernel version 2.6.32 or later.
When making outgoing HTTPS or other TLS connections as a client, Terraform now requires the server to support TLS v1.2. TLS v1.0 and v1.1 are no longer supported. Any safely up-to-date server should support TLS 1.2, and mainstream web browsers have required it since 2020.
When making outgoing HTTPS or other TLS connections as a client, Terraform will no...
mfridhalmost 4 years ago
Wow... this is incredibly annoying...
I'm attempting to simplify the data I'm passing around from module to module by wrapping data in more of a predefined "context", so it can be easier passed to other modules...
but as soon as there is an Unknown value inside, it isn't included in a
🧵
I'm attempting to simplify the data I'm passing around from module to module by wrapping data in more of a predefined "context", so it can be easier passed to other modules...
but as soon as there is an Unknown value inside, it isn't included in a
dynamic block where I'm ultimately utilizing it... thus making the plan output very confusing (because it's empty...).🧵
Grummfyalmost 4 years ago
question, when you have several terraform project, what's your prefered way to get some ressources ccreated by another? using data to search after a given ressource, reading terraform state? writing afile somewhere and read it?
Dan Herringtonalmost 4 years ago
hey all, have an arch/folder layout question. We have customer websites deployed in production isolated onto separate instances, but in dev they reside on the same instance. I had started to design the terraform folder structure around application->customer app1, customer app 2, customer app 3, etc. Environment (dev,qa,prod) was defined in tfvars. If I do this though, DEV is going to have different code than QA and Prod.
I'm figuring others have run into this similiar issue, and wondering how you setup your terraform code and modules to handle this type of structure?
I'm figuring others have run into this similiar issue, and wondering how you setup your terraform code and modules to handle this type of structure?
lorenalmost 4 years ago(edited)
Popped in my feed today, seems interesting... https://link.medium.com/1YOv5hToNpb
Grummfyalmost 4 years ago
a comparison with terraspace could be cool
Steve Wade (swade1987)almost 4 years ago
Does anyone know of a terraform to cloud formation tool?
Niv Weissalmost 4 years ago(edited)
Hey, I got this error while deploying
It’s happening when I’m trying to set
Someone knows how can I resolve this problem?
this is the configuration of this resource:
aws-load-balancer-controller :Error: YAML parse error on aws-load-balancer-controller/templates/deployment.yaml: error converting YAML to JSON: yaml: line 27: could not find expected ':'It’s happening when I’m trying to set
podAnnotations with this value: "<http://eks.amazonaws.com/role-arn:${aws_iam_role.alb_role.arn}|eks.amazonaws.com/role-arn:${aws_iam_role.alb_role.arn}>"Someone knows how can I resolve this problem?
this is the configuration of this resource:
resource "helm_release" "alb" {
name = "aws-load-balancer-controller"
repository = "<https://aws.github.io/eks-charts>"
chart = "aws-load-balancer-controller"
namespace = "kube-system"
set {
name = "clusterName"
value = module.eks.cluster_name
}
set {
name = "podAnnotations"
value = "<http://eks.amazonaws.com/role-arn:${aws_iam_role.alb_role.arn}|eks.amazonaws.com/role-arn:${aws_iam_role.alb_role.arn}>"
type = "string"
}Grummfyalmost 4 years ago
hi,
I want to create a file (ressource local__file) with terraform that contains the date fof generation, but if the other value doesn't change I don't want to regenerate a naw date. But I don't see how to do it
I want to create a file (ressource local__file) with terraform that contains the date fof generation, but if the other value doesn't change I don't want to regenerate a naw date. But I don't see how to do it
Adam Roderickalmost 4 years ago
Hello, I am setting the
ssh_user property of cloudposse/ec2-bastion-server/aws but it does not seem to be taking effect. I can ssh into the server with ec2-user but not with the value I put into ssh_user. Am I misunderstanding something?
batman_93almost 4 years ago
Hey Folks, I have a use case, where I need to merge a list into a map and iterate it over. I tried several things using for expression but couldn't get the desired output. Wondering if anyone can help me out here. TIA
list = ["foo", "bar"]
variable "tag" {
default = {
"tag1" = {
product = "xyz"
env = "dev"
lob = "amazon"
},
"tag2" = {
product = "abc"
env = "qa"
lob = "google"
}
}
}
##Desired variable output
variable "tag" {
default = {
"tag1" = {
product = "xyz"
env = "dev"
lob = "amazon"
list = "foo"
},
"tag2" = {
product = "abc"
env = "qa"
lob = "google"
list = "bar"
}
}
}rssalmost 4 years ago
v1.2.0-rc2-rc2
1.2.0-rc1 (Unreleased)
UPGRADE NOTES:
The official Linux packages for the v1.2 series now require Linux kernel version 2.6.32 or later.
When making outgoing HTTPS or other TLS connections as a client, Terraform now requires the server to support TLS v1.2. TLS v1.0 and v1.1 are no longer supported. Any safely up-to-date server should support TLS 1.2, and mainstream web browsers have required it since 2020.
When making outgoing HTTPS or other TLS connections as a client, Terraform will no...
1.2.0-rc1 (Unreleased)
UPGRADE NOTES:
The official Linux packages for the v1.2 series now require Linux kernel version 2.6.32 or later.
When making outgoing HTTPS or other TLS connections as a client, Terraform now requires the server to support TLS v1.2. TLS v1.0 and v1.1 are no longer supported. Any safely up-to-date server should support TLS 1.2, and mainstream web browsers have required it since 2020.
When making outgoing HTTPS or other TLS connections as a client, Terraform will no...
Craig Wrightalmost 4 years ago(edited)
(^^ switching to updated internal release management tooling, still working out kinks in the script)
rssalmost 4 years ago
v1.2.0-rc2
1.2.0-rc2 (Unreleased)
UPGRADE NOTES:
The official Linux packages for the v1.2 series now require Linux kernel version 2.6.32 or later.
When making outgoing HTTPS or other TLS connections as a client, Terraform now requires the server to support TLS v1.2. TLS v1.0 and v1.1 are no longer supported. Any safely up-to-date server should support TLS 1.2, and mainstream web browsers have required it since 2020.
When making outgoing HTTPS or other TLS connections as a client, Terraform will no...
1.2.0-rc2 (Unreleased)
UPGRADE NOTES:
The official Linux packages for the v1.2 series now require Linux kernel version 2.6.32 or later.
When making outgoing HTTPS or other TLS connections as a client, Terraform now requires the server to support TLS v1.2. TLS v1.0 and v1.1 are no longer supported. Any safely up-to-date server should support TLS 1.2, and mainstream web browsers have required it since 2020.
When making outgoing HTTPS or other TLS connections as a client, Terraform will no...
Philip Clarkalmost 4 years ago
Hi all, I'm facing the "Error: Invalid count argument" error when trying to use the Cloudposse transit-gateway module for AWS. I've seen a number of similar SO and Github issues for other modules. People have mentioned using the -target argument in Terraform as a solution, but I'm curious if there are any other workarounds? That approach is really a non-starter if you're using an automated platform like Terraform Cloud/Enterprise
Adam Panzeralmost 4 years ago
Howdy! I’ve been using the eks node group module and noticed something that might be worth making a PR for and wanted to get feedback first.
When you add a node group and don’t specify any ami related things, you end up with a launch template that has no AMI in it, which is fine, that launches the latest/greatest AMI for 1.22. The problem is, dockershim is going away, and if you are in that state of having no ami in the launch template, you might not realize that you still are still using docker as your runtime and not containerd.
More importantly, in order to migrate to using containerd you have to build a new node group. I think it might better, if you aren’t specifying the AMI id, to use the ssm parameters store lookup method instead of the data ami lookup since the parameters store lookup will definitely set an ami and you can modify bootstrap options once that is in place (no ami ID means you can’t modify bootstrap options and that means you can’t enable containerd)
Does this make sense? The PR would essentially ensure you would always have an AMI specified in the LT by using the ssm parameter lookup.
When you add a node group and don’t specify any ami related things, you end up with a launch template that has no AMI in it, which is fine, that launches the latest/greatest AMI for 1.22. The problem is, dockershim is going away, and if you are in that state of having no ami in the launch template, you might not realize that you still are still using docker as your runtime and not containerd.
More importantly, in order to migrate to using containerd you have to build a new node group. I think it might better, if you aren’t specifying the AMI id, to use the ssm parameters store lookup method instead of the data ami lookup since the parameters store lookup will definitely set an ami and you can modify bootstrap options once that is in place (no ami ID means you can’t modify bootstrap options and that means you can’t enable containerd)
Does this make sense? The PR would essentially ensure you would always have an AMI specified in the LT by using the ssm parameter lookup.
Gitau Wairimualmost 4 years ago
On Google Cloud, am lost on why I can't upload a file to a bucket. Here goes the code.
Gitau Wairimualmost 4 years ago
resource "google_storage_bucket" "statics_website_assets" {
name = "statics-website-assets"
location = "US"
uniform_bucket_level_access = false
website {
main_page_suffix = "index.html"
#not_found_page = "404.html"
}
}
resource "google_storage_bucket_object" "website-assets" {
name = "website-assets"
source = "main.tf"
bucket = google_storage_bucket.statics_website_assets.id
}
name = "statics-website-assets"
location = "US"
uniform_bucket_level_access = false
website {
main_page_suffix = "index.html"
#not_found_page = "404.html"
}
}
resource "google_storage_bucket_object" "website-assets" {
name = "website-assets"
source = "main.tf"
bucket = google_storage_bucket.statics_website_assets.id
}
Michael Galeyalmost 4 years ago
How do you guys handle ignoring updates on values in a module? I’m using terraform-aws-ec2-instance, using my own ami filter. In my previous personal module I’d use lifecycle{ ignore_changes: [“ami”] }, to ignore updates to that value after the server is built. I guess I could try to set the ami value outside the module, and use the lifecycle settings there? And use that value as the module input
Kelly Correllalmost 4 years ago(edited)
I have a question regarding the cloudposse/transit-gateway module.
I'm trying to follow the examples on github, however after creating the initial TGW..I attempt to immediately use it to create the attachments. I then get this:
I'm trying to follow the examples on github, however after creating the initial TGW..I attempt to immediately use it to create the attachments. I then get this:
Error: Invalid count argument
│
│ on .terraform/modules/region_tgw.transit_gateway_dev/main.tf line 34, in data "aws_ec2_transit_gateway" "this":
│ 34: count = local.lookup_transit_gateway ? 1 : 0
│
│ The "count" value depends on resource attributes that cannot be determined until apply, so Terraform cannot predict how many instances will be
│ created. To work around this, use the -target argument to first apply only the resources that the count depends on.Kelly Correllalmost 4 years ago
module "transit_gateway_prod" {
source = "cloudposse/transit-gateway/aws"
version = "0.9.0"
ram_resource_share_enabled = true
allow_external_principals = true
auto_accept_shared_attachments = "enable"
ram_principals = ["<account number>"]
config = local.transit_gateway_config
tags = "${merge(local.tags, {Name = "prod-tgw-${var.region}" } )}"
context = module.this.context
providers = {
aws = aws.prod
}
}
module "transit_gateway_dev" {
source = "cloudposse/transit-gateway/aws"
version = "0.9.0"
existing_transit_gateway_id = module.transit_gateway_prod.transit_gateway_id
existing_transit_gateway_route_table_id = module.transit_gateway_prod.transit_gateway_route_table_id
create_transit_gateway = false
create_transit_gateway_route_table = false
create_transit_gateway_vpc_attachment = true
create_transit_gateway_route_table_association_and_propagation = false
config = {
prod = {
vpc_id = data.aws_vpc.dev_vpc.id
vpc_cidr = data.aws_vpc.dev_vpc.cidr_block
subnet_ids = data.aws_subnets.dev_subnets.ids
subnet_route_table_ids = data.aws_route_tables.dev_routes.ids
route_to = null
route_to_cidr_blocks = null
static_routes = null
transit_gateway_vpc_attachment_id = null
}
}
context = module.this.context
providers = {
aws = aws.dev
}
depends_on = [
module.transit_gateway_prod
]
}
Jeremy (UnderGrid Network Services)almost 4 years ago(edited)
I believe I found an issue with the transit-gateway module... since v0.7.0 it would appear it doesn't support v3 of the aws provider or any version <= v4.3.0 as the
transit_gateway_cidr_blocks argument was not added to aws_ec2_transit_gateway until v4.4.0. Even with the variable set to the default null it will error about the argument being passed.
Bryan Dadyalmost 4 years ago
I’m working on setting up a few CloudSearch domains with 
It seems pretty straightforward, and may be worth us creating a module.
But it seems the provider / resource is not honoring the expected
Has anyone else encountered this? I appreciate any help confirming if there’s an API limitation, or some other reason we can’t programmatically Manage Tags on CloudSeach Domains
It seems pretty straightforward, and may be worth us creating a module.
But it seems the provider / resource is not honoring the expected
default_tags, and also complaining if I try to add a tags argument to the resource statement.Has anyone else encountered this? I appreciate any help confirming if there’s an API limitation, or some other reason we can’t programmatically Manage Tags on CloudSeach Domains
Eugenealmost 4 years ago
Hi there! What’s the best way to perform/control rolling update during cluster EKS upgrade with https://github.com/cloudposse/terraform-aws-eks-node-group module?
Hila Falmost 4 years ago
hey 🙂
I’m trying using the
It asks me to init, I did, and then I got-
Any idea why?
This is the module call config-
I’m trying using the
cloudposse/dynamic-subnets/aws module.It asks me to init, I did, and then I got-
Error: Unsupported block type
on .terraform/modules/bi-subnets/moved.tf line 3:
3: moved {
Blocks of type "moved" are not expected here.
Error: Unsupported block type
on .terraform/modules/bi-subnets/moved.tf line 8:
8: moved {
Blocks of type "moved" are not expected here.
Error: Unsupported block type
on .terraform/modules/bi-subnets/moved.tf line 13:
13: moved {
Blocks of type "moved" are not expected here.Any idea why?
This is the module call config-
module "subnets" {
for_each = {
for subnet in local.private_subnets_per_az_mapping :
keys(local.private_subnets_per_az_mapping2)[each] => subnet_name
}
source = "cloudposse/dynamic-subnets/aws"
version = "2.0.0"
name = each.subnet_name
vpc_id = module.bi-usw2-vpc.vpc_id
# igw_id = ["igw-XXXXXXXX"]
ipv4_cidr_block = each.subnet_cidr
availability_zones = each.availability_zone
}
Tyler Jarjouraalmost 4 years ago
Question about the RDS modules…if using them to create a DB from scratch - how are we supposed to manage the DB passwords? Surely we aren’t supposed to just hardcode those as inputs into the modules? Usually I would set them to some default and add an
ignore_changes lifecycle rule but it doesn’t look like this is supported?rssalmost 4 years ago(edited)
v1.2.0
1.2.0 (May 18, 2022)
UPGRADE NOTES:
If you use the third-party credentials helper plugin terraform-credentials-env, you should disable it as part of upgrading to Terraform v1.2 because similar functionality is now built in to Terraform itself.
The new behavior supports the same environment variable naming scheme but has a difference in priority order from the credentials helper: TF_TOKEN_... environment variables will...
1.2.0 (May 18, 2022)
UPGRADE NOTES:
If you use the third-party credentials helper plugin terraform-credentials-env, you should disable it as part of upgrading to Terraform v1.2 because similar functionality is now built in to Terraform itself.
The new behavior supports the same environment variable naming scheme but has a difference in priority order from the credentials helper: TF_TOKEN_... environment variables will...
lorenalmost 4 years ago
some seriously awesome features in the 1.2 release
•preconditionandpostconditioncheck blocks for resources, data sources, and module output values: module authors can now document assumptions and assertions about configuration and state values. If these conditions are not met, Terraform will report a custom error message to the user and halt further execution.
•replace_triggered_byis a newlifecycleargument for managed resources which triggers replacement of an object based on changes to an upstream dependency.
Brant Bobbyalmost 4 years ago
Is there a way to define mutually-exclusive input variables in a module? (I could have sworn I’ve seen this implemented somewhere but I can’t remember the details now) I want a user to be able to specify either
var.foo or var.bar (or neither), but throw an error if they specify both.
Tom Hughesover 3 years ago
This has probably been asked millions of times so far. But what's the best approach to organising terraform code for multiple aws accounts? Are we thinking multiple repos per account? A mono repo that calls modules?
Nitinover 3 years ago
👋 Hello, team!
Nitinover 3 years ago
https://github.com/cloudposse/terraform-aws-ecr
While creating permission for lambda then it is allowing other services from that account to call ecr service
Also there should be write_only_permission too needed
While creating permission for lambda then it is allowing other services from that account to call ecr service
Also there should be write_only_permission too needed
Nitinover 3 years ago
so that blast redius can be reduce when permission is given to other account principle arns.
Alex NOVACOVSCHIover 3 years ago
hi guys, glad to join this space! I have a question regarding aws ecr module: https://registry.terraform.io/modules/cloudposse/ecr/aws/latest
How can I change the lifecycle policy params for a particular repo? I found only enable_lifecycle_policy and max_image_count params related to lifecycle policy config.
How can I change the lifecycle policy params for a particular repo? I found only enable_lifecycle_policy and max_image_count params related to lifecycle policy config.
Alex NOVACOVSCHIover 3 years ago
found a github issue that describes exactly what I need - https://github.com/cloudposse/terraform-aws-ecr/issues/92
ismail yenigulover 3 years ago
Hi @Andriy Knysh (Cloud Posse)
Can someone from Cloud Posse review this PR?
https://github.com/cloudposse/terraform-aws-elasticache-redis/pull/160
Can someone from Cloud Posse review this PR?
https://github.com/cloudposse/terraform-aws-elasticache-redis/pull/160
Ross Rochfordover 3 years ago
Against my better judgement, I implemented a Terraform clone in Python/Django: https://github.com/rossrochford/make-it-so
Josh B.over 3 years ago
Is this something that will approved in the near future? https://github.com/cloudposse/terraform-aws-rds-cluster/pull/138
Jeremy (UnderGrid Network Services)over 3 years ago
I don't think I say it nearly enough, that said... I am never at a loss for the availability of so many high quality modules I'm trying to work out the raw resources needed to perform a step that I know how to do manually when I think, "Is there a Cloudposse module to do this?" and low and behold there is 😄
managedkaosover 3 years ago
in #office-hours today we were talking about minimizing the output from
Here’s an alias that i use for that:
terraform plan.Here’s an alias that i use for that:
alias fvp='terraform fmt && terraform validate && terraform plan | grep -v unchanged | grep -E "(#|Plan:)" || true'managedkaosover 3 years ago
output is similar to…
Success! The configuration is valid.
# module... will be updated in-place
# module... will be updated in-place
# module... will be updated in-place
# module... will be updated in-place
# module... will be updated in-place
# module... will be destroyed
# module... will be updated in-place
Plan: 0 to add, 6 to change, 1 to destroy.Jeremy (UnderGrid Network Services)over 3 years ago
Anyone else using the
cloudposse/terraform-aws-eks-cluster module able to confirm what I'm seeing? I'm passing in the map_additional_iam_user argument and I've left the aws_auth_yaml_strip_quotes default to true which should be removing the double quotes but I am still seeing them in the aws-auth ConfigMap and Terraform plan output. Interestingly though I note that the map_additional_iam_roles that is being passed in does not have the double quotes, only the mapUsers.
Amit Karpeover 3 years ago
Hey IaC Guru,
Anyone would like to point me good document / guide which share best practice for TG/TF to implement “Multiple AWS Accounts with AWS Organizations”.
I am configuring AWS multi account, so want to follow best practises from IaC specifically Terragrunt point of view.
Anyone would like to point me good document / guide which share best practice for TG/TF to implement “Multiple AWS Accounts with AWS Organizations”.
I am configuring AWS multi account, so want to follow best practises from IaC specifically Terragrunt point of view.
András Sándorover 3 years ago
Hi, I'm using the cloudposse/terraform-aws-ecs-web-app module and having some problems with setting the context for the child modules. terraform-aws-ecs-web-app module calls ecs-cloudwatch-sns-alarms child module. The both the root and child modules uses cloudposse/label/null to set context, like so:
main.tf
I set the context in root like so:
context.tf
I'd expect the cloudwatch alarms to come out as company-dev-backend-3XX-count-high, but only company-dev-backend is being used. This results in all Cloudwatch alarms having identical ARNs, which is obviously not desired. Am I missing something with the null label, or how variables are passed down in modules?
main.tf
module "httpcode_target_3xx_alarm_label" {
source = "cloudposse/label/null"
version = "0.25.0"
attributes = ["3XX", "count", "high"]
context = module.this.context
}
...I set the context in root like so:
context.tf
...
variable "context" {
type = any
default = {
enabled = true
namespace = "company"
tenant = null
environment = "dev"
stage = null
name = "backend"
delimiter = null
attributes = []
tags = {}
additional_tag_map = {}
regex_replace_chars = null
label_order = ["namespace","environment", "name"]
id_length_limit = null
label_key_case = "lower"
label_value_case = "lower"
descriptor_formats = {}
....
}
...I'd expect the cloudwatch alarms to come out as company-dev-backend-3XX-count-high, but only company-dev-backend is being used. This results in all Cloudwatch alarms having identical ARNs, which is obviously not desired. Am I missing something with the null label, or how variables are passed down in modules?
Kelly Correllover 3 years ago
So, I've been messing with the "multi-account" example for the transit gateways......and the entire example is completely busted. For example, I'm using terraform 1.1.8, aws provider 4.15.1, and with JUST replacing the providers with something that map to what I have it doesn't work out of the box. The modules listed in the version are too old. So, I updated them to the latest. Replaced the problem "count" code for determining the tgw owner vs the vpc owner...and now I've run into yet another "count" problem.
Kelly Correllover 3 years ago
i can definitively say that the multi-account example does not work out. too many things require plan time data.
Laurynasover 3 years ago
Hi, has anyone done a migration from terraform to terraform cdk? I'm interested in gradual migration where we already have a huge infra in terraform but want to write some stuff in cdk for terraform
Amit Karpeover 3 years ago
Hi,
With ref to above questions, I would to know more from best practice point of view.
Is there any document or guide to understand best practice to manage AWS Multi Account using TF/TG? What should be directory structure? Whether we should prefer mono-repo or separate repository for dev/test/qa/prod/cicd/monitoring environment? How to handle other IaC repo like we have like github, azure, Cloudflare?
With ref to above questions, I would to know more from best practice point of view.
Is there any document or guide to understand best practice to manage AWS Multi Account using TF/TG? What should be directory structure? Whether we should prefer mono-repo or separate repository for dev/test/qa/prod/cicd/monitoring environment? How to handle other IaC repo like we have like github, azure, Cloudflare?
Tarak_Brainboardover 3 years ago
Hi everyone! We just did a Terraform Training for our community at Brainboard. Would it be helpful / useful to share it with you?
Soren Jensenover 3 years ago
Anyone know how I bring an error from a bash script run in local-exec up to the terraform level so my terraform deploy will be marked as failed? I had an issue running terraform apply in a github action runner. All looked fine, only due to application error we found the bash script had failed.
Seanover 3 years ago(edited)
What approach have y’all taken to keep secrets out of terraform state?
For example, when you create an AWS RDS database, the master password is stored in state. Even if you pre-create the password in a secure storage (such as AWS Secrets), terraform will still store the password in association with the RDS resource.
For example, when you create an AWS RDS database, the master password is stored in state. Even if you pre-create the password in a secure storage (such as AWS Secrets), terraform will still store the password in association with the RDS resource.
Tazover 3 years ago
👋 Hello, team! Can anyone advise on a good terraform course that involves high level hands on learning for an experienced AWS infrastructure admin but with limited IaC. Thanks
DevOpsGuyover 3 years ago
Hi All, Question: "Terraform-How to change AWS Instance type without deleting instance if the instances are already running/stopped."
Amit Karpeover 3 years ago
Hi,
Is there any way to install tf/tg with darwin_amd64 support on Mac with M1 chip?
My system is Apple M1, and when I upgrade my tf/tg it is now using arm arch.
But this is causing issues with all my old and new providers. I want to continue using darwin_amd64 binaries and providers.
Any suggestions?
Is there any way to install tf/tg with darwin_amd64 support on Mac with M1 chip?
My system is Apple M1, and when I upgrade my tf/tg it is now using arm arch.
But this is causing issues with all my old and new providers. I want to continue using darwin_amd64 binaries and providers.
Any suggestions?
Amit Karpeover 3 years ago
I have moved my tf/tg back to darwin_adm64.
I thought this will work smoothly with all my providers. but I am still getting wired errors, which indicate my (OS arch for ) providers are not correct.
I thought this will work smoothly with all my providers. but I am still getting wired errors, which indicate my (OS arch for ) providers are not correct.
$ tg plan
╷
│ Error: Failed to load plugin schemas
│
│ Error while loading schemas for plugin components: Failed to obtain
│ provider schema: Could not load the schema for provider
│ <http://registry.terraform.io/hashicorp/aws|registry.terraform.io/hashicorp/aws>: failed to instantiate provider
│ "<http://registry.terraform.io/hashicorp/aws|registry.terraform.io/hashicorp/aws>" to obtain schema: Unrecognized remote
│ plugin message:
│
│ This usually means that the plugin is either invalid or simply
│ needs to be recompiled to support the latest protocol...
╵
ERRO[0017] 1 error occurred:
* exit status 1
❯ file $(which terraform)
/Users/amit/bin/terraform: Mach-O 64-bit executable x86_64
❯ file $(which terragrunt)
/opt/homebrew/bin/terragrunt: Mach-O 64-bit executable x86_64