#terraform - June 2022 | Slack Archive

43 messages

Archive: https://archive.sweetops.com/terraform/

May 2022

June 2022

Jul 2022

Abderrahime EL IDRISSIover 3 years ago

Hi everyone, I want to know how to block the use of an OS type for new aws/gcp instance resource creations and allow only plan/apply for existing stacks, is there a way to do this with Terraform? I have tested the validation variables but it doesn’t in all cases? T hanks 🙂

Danial Cauleyover 3 years ago

Hi guys: I opened this PR to the cloudposse aws-transfer-sftp terraform module to properly output the 'id' of the provisioned transfer server. it looks like the output.tf still had some template / example code? The 'id' output of the current version is always empty for me. This PR makes the 'id' output output the id of the provisioned transfer server. I referred to the ec2 instance module for style / naming / language conventions. Any chance I can get a review?

https://github.com/cloudposse/terraform-aws-transfer-sftp/pull/21

rssover 3 years ago(edited)

v1.2.2
1.2.2 (June 01, 2022)
ENHANCEMENTS:
Invalid -var arguments with spaces between the name and value now have an improved error message (#30985)
BUG FIXES:
Terraform now hides invalid input values for sensitive root module variables when generating error diagnostics (<a href="https://github.com/hashicorp/terraform/issues/30552"...

lorenover 3 years ago

some possible progress on the "optional" attrs experiment, setting a default value as the second argument... https://github.com/hashicorp/terraform/pull/31154

rssover 3 years ago(edited)

Isaacover 3 years ago

For those using Spacelift, how crazy do you all go with the login/access/approval/plan policies? Looking to glean some ideas to approach implementing this.

Jay Simoniover 3 years ago

is anyone else getting throttling errors when trying to manage AWS SSO resources (aws_ssoadmin_account_assignment in particular) with terraform?
https://github.com/hashicorp/terraform-provider-aws/issues/24858

Stephen Bennettover 3 years ago

Hi, if i have a object with multiple values in it in terraform is it possible to call a specific set of them?

ie i have a test.values and it returns:

1,2,3,4,5

if i do

output "test" {
values = test.vaules[0]
}

it returns 1

is it possible to return: 1,2,3 or 3,4,5?

ive tried `test.values[0-2] and it errors saying

The given key does not identify an element in this collection value: a negative number is not a valid index for a sequence.

thanks for any help

lorenover 3 years ago

This seems like it would be very handy... https://twitter.com/andymac4182/status/1534438515760824320?t=TBJuF1EzNAoAD08VPiFDYg&s=19

PePe Amengualover 3 years ago

Anyone here can spot the issue with my openapi doc for apigateway?

rssover 3 years ago

v1.3.0-alpha20220608
1.3.0 (Unreleased)
UPGRADE NOTES:

Module variable type constraints now support an optional() modifier for object attribute types. Optional attributes may be omitted from the variable value, and will be replaced by a default value (or null if no default is specified). For example:
variable "with_optional_attribute" {
type = object({
a = string # a required attribute
b = optional(string) # an optional attribute
c = optional(number, 127) # an optional attribute...

Nitinover 3 years ago

https://github.com/cloudposse/terraform-aws-ecr/pull/98

Mninawa Mkokoover 3 years ago

Hi all, I'm new in the platform, as well as using Cloudposse, I would like to know if you have a module for Fargate to deploy Java springboot

Adnanover 3 years ago

In the aws_rds_cluster resource definition/docs it says ...

To manage cluster instances that inherit configuration from the cluster (when not running the cluster in serverless engine mode), 
see the aws_rds_cluster_instance resource.

I am confused about the when not running the cluster in serverless engine mode

Does anybody understands what this means?
Does this mean aws_rds_cluster_instance is not supported in engine mode is serverless?
Does this mean it automatically scales replicas in engine mode is serverless?

yasin yaqoobiover 3 years ago

Hello, I am running into the same issue here: https://sweetops.slack.com/archives/CB6GHNLG0/p1636820679151800

rssover 3 years ago(edited)

v1.2.3
1.2.3 (June 15, 2022)
UPGRADE NOTES:
The following remote state backends are now marked as deprecated, and are
planned to be removed in a future Terraform release. These backends have
been unmaintained since before Terraform v1.0, and may contain known bugs,
outdated packages, or security vulnerabilities.
artifactory
etcd
etcdv3
manta
swift

BUG FIXES:
Missing check for error diagnostics in GetProviderSchema could result in panic (<a href="https://github.com/hashicorp/terraform/issues/31184"...

Zeeshan Sover 3 years ago

Hello,

Whats the safest way to delete default VPC and default subnets in an account for all regions

Kian Sajjadiover 3 years ago

Anyone ever gotten an error like this: https://i.imgur.com/7yPfFgr.png?

Kian Sajjadiover 3 years ago

I changed a variable to add an iam user, but then this started happening. I've added/removed staff from the list of iam users before without any issues

Tomasz Krzyżanowskiover 3 years ago

Hello everyone!

I just joined, so sorry if I'm making a mess on the channel 😅

I'm using CP modules for setting up my container based environments based on ECS and as TF module for ALB service fits great for my needs I didn't found the similar module for ECS Scheduled Tasks and I'm thinking about implement it myself based on CP TF modules.

Do you have any process for incubating new "meta-module" projects under CP umbrella?

FYI: I didn't started implemented it yet, I have for now messy barebones, but they will need more love and standardization to show anything 🙂

Joaquin Fernandez Campoover 3 years ago

Hi everyone!
I have a question about this https://github.com/cloudposse/terraform-aws-vpc-peering-multi-account module and how tagging works on a couple of resources (aws_vpc_peering_connection-accepter, aws_vpc_peering_connection). I'm hitting an issue where terraform never converges, every time it runs it tries to remove the 'Side = "accepter"' tag or the 'Side = "requester"' one, seems like the terraform resource underneath uses the same ID for both (vpc_peering_connection , vpc_peering_connection_accepter). I was wondering if someone else has seen this too.

Michael Dizonover 3 years ago

is anyone else having trouble accessing <https://registry.terraform.io/>

Rodrigo Mota Motaover 3 years ago

Hi, i am from Brazil - Rio de Janeiro

Rodrigo Mota Motaover 3 years ago

hello, I'm starting with TerraForm, can I learn here with you?

Rodrigo Mota Motaover 3 years ago

i am beginner devops

setheryopsover 3 years ago

I need a second set of eyes please...Im trying to use a list of strings to populate a variable thats used in a conditional variable of a data lookup...

Guy Ellenbogenover 3 years ago

Hello, can you suggest a DRY way to create multiple logical Postgres DB's under a created aurora cluster (using this module: https://github.com/cloudposse/terraform-aws-rds-cluster, it allows to create the first DB). i see that db_name is optional (db_name Database name (default is not to create a database)) is there another module only for generating multiple DB's in the same cluster? thanks!

Mikalai Ramanchukover 3 years ago(edited)

Hello everyone, I try to use this module https://registry.terraform.io/modules/cloudposse/s3-bucket/aws/latest
But getting error on init step

Could not retrieve the list of available versions for provider hashicorp/aws: no available releases match the given constraints >= 2.0.0, >= 4.9.0

Maybe some one can help me resolve this issue?

OliverSover 3 years ago(edited)

I'm not finding any info on the web that clearly identifies the gains of going tf cloud vs aws s3 backends other than the tf cloud GUI and "with tf cloud, you don't have to manage your own aws resources for tfstate storage and access control".

But if a team already has tfstate stored in s3 backends (eg using https://registry.terraform.io/modules/schollii/multi-stack-backends/aws/latest 😉), and some simple tooling to create the associated buckets and ddb tables and iam roles/policies when additional state is needed, is there any compelling reason left to transition to tf cloud? Using tf cloud means you become dependent on a third-party to keep your tfstates highly-available to you/your team... that' seems like a pretty major con.

Fernanda Martinsover 3 years ago

Hey everyone,
Does anyone knows tools that generate auto documentation (graphs) for terraform and/or Azure?

Julio Chanaover 3 years ago

Hi everyone!!

I’m using the eks module (v2.2.0) to manage my EKS cluster. I’ve found an issue when managing the aws_auth configuration with terraform. Adding additional users works perfectly, but when trying to add roles, it’s not adding them to the configmap.

The behaviour changes depending on the “kubernetes_config_map_ignore_role_changes” config.
• If I leave it as default (false), the worker roles are added, but not my additional roles.
• If I change it to true, the worker roles are removed and my additional roles are added.
I’m attaching an example when I change the variable (from false to true). Also, I don’t see a difference on the map roles in the data block for both options except for the quoting.

Could someone help me with this? I’d love to use the “ignore changes” but adding roles, as I’m adding users.

Karina Titovover 3 years ago(edited)

Hi everyone! I really needing some help ith the cloudposse/waf module.
Trying to create an and_statement for rate-based-statement

rate_based_statement_rules = [
    {
      name     = "statement_name"
      priority = 1

      action = "block"

        statement = {
          aggregate_key_type = "IP"
          limit              = 100

          scope_down_statement = {
            and_statement = {
              statement = [{

                regex_pattern_set_reference_statement = {
                  arn = "some_arn_goes_here"

                  field_to_match = {

                    single_header = {
                      name = "authorization"
                    }
                  }

                  text_transformation = {
                    priority = 0
                    type     = "NONE"
                  }
                }
              },
              {

                byte_match_statement = {
                  positional_constraint = "STARTS_WITH"
                  search_string         = "search_string"

                  field_to_match = {

                    uri_path = {}
                  }

                  text_transformation = {
                    priority = 0
                    type     = "NONE"
                  }
                }
              },
              {

                byte_match_statement = {
                  positional_constraint = "EXACTLY"
                  search_string         = "DELETE"

                  field_to_match = {

                    method = {}
                  }

                  text_transformation = {
                    priority = 0
                    type     = "NONE"
                  }
                }
              }]
            }
          }
      }

      visibility_config = {
        cloudwatch_metrics_enabled = true
        metric_name                = "metric-name"
        sampled_requests_enabled   = true
      }
    }
  ]

but seems like everything inside of a statement being ignored, besides limit and aggregate_key_type

rssover 3 years ago

v1.3.0-alpha20220622
1.3.0 (Unreleased)
NEW FEATURES:

Optional attributes for object type constraints: When declaring an input variable whose type constraint includes an object type, you can now declare individual attributes as optional, and specify a default value to use if the caller doesn't set it. For example:
variable "with_optional_attribute" {
type = object({
a = string # a required attribute
b = optional(string) # an optional attribute
c = optional(number, 127) # an...

David Spedziaover 3 years ago

Question, for https://github.com/cloudposse/terraform-aws-eks-node-group is there a best practice, or way to set the instance names?

Mikalai Ramanchukover 3 years ago

Hello everyone, I started to use you asg module https://github.com/cloudposse/terraform-aws-ec2-autoscale-group
But you doesn’t use name for aws_autoscaling_group resource, only name_prefix .
Is it possible add support of name to future releases??

jonjitsuover 3 years ago

When using module sources pointing to private github repos, is there a way of defining the source using some kind of connection agnostic way instead of specifying a specific method https+pat or ssh+key?

MalluLukeover 3 years ago

My setup is, we have atlantis running in a central account and assuming roles in child accounts to run terraform plan and terraform apply. In the backend.tf i have dynamodb table specified for terraform locking. It looks like terraform is using the dynamoDB in the central account for storing the lock info instead of child accounts. I want terraform to use dynamoDB in the other accounts. Is it possible to tell Terraform to use local dynamodb in the accounts where it is running plan and apply?

DevOpsGuyover 3 years ago

I am creating newrelic synthetic pings for 1500 websites. NewRelic has a rate limit of 1000 requests per minute. I ran into issue initially when I have not passed the argument -parallelism. So, in general while making this many requests through terraform to any provider ""How can we check that - How many network requests does terraform is making with the provider in total or per minute OR any sort ?"" is there a way to check this ?

Yoav Mamanover 3 years ago(edited)

Hi everyone!

I’m trying to use Cloud Posse’s ECS Web App module, I’m pretty new to Terraform and would like your help to make sure I understood the complete example and best practices correctly.
I’m planning on structuring my directories like this:

roots
└── api-app
    ├── backend.tf
    ├── context.tf
    ├── env
    │   ├── dev.tfvars
    │   └── prod.tfvars
    ├── main.tf
    ├── outputs.tf
    ├── variables.tf
    └── versions.tf

This way, the fixtures.us-east-2.tfvars file from the example could be replaced with each environment’s tfvars file, right?
Also, what is the best practice for passing environment variables to this web app’s task definition? How can it be done without hardcoding values to the code?

Cheers

rssover 3 years ago(edited)

v1.2.4
1.2.4 (June 29, 2022)
ENHANCEMENTS:
Improved validation of required_providers to prevent single providers from being required with multiple names. (#31218)
Improved plan performance by optimizing addrs.Module.String for allocations. (<a href="https://github.com/hashicorp/terraform/issues/31293" data-hovercard-type="pull_request"...

Patrick Carneyover 3 years ago

👋 Hi, i'm new here, but lately I've been using the AWS RDS Proxy module in Terraform Cloud and on "Create" it works great! but when I flip the enabled to false to delete it seems to always give me a:

Error: only lowercase alphanumeric characters and hyphens allowed in "name"
with module.proxy.aws_db_proxy.this
on .terraform/modules/proxy/main.tf line 2, in resource "aws_db_proxy" "this":
  name                   = module.this.id

and

Error: first character of "name" must be a letter
with module.proxy.aws_db_proxy.this
on .terraform/modules/proxy/main.tf line 2, in resource "aws_db_proxy" "this":
  name                   = module.this.id

not sure if this is the right place to ask this question or I should file an issue? Thanks!

btaiover 3 years ago(edited)

has anyone used HCL/terraform to generate not your typical “infrastructure” resources? i like the way HCL does template files and want to generate yaml files from terraform but feels kinda weird to be using terraform for that

Naeem Faheemover 3 years ago(edited)

Hi, is there any document detailing how to update a cloudposse module? I am looking to update dynamic subnet module but want to do this in a systematic way without breaking anything. If anyone knows of it then kindly share. Thanks a bunch

May 2022 Browse by date July 2022