56 messages
sripeover 3 years ago
Hi, I have a map object as below. I was able to go one level down and was able to get the entire "dev" value . how do i get only node_group_name value ?
managed_node_groups = {
"dev" = {
eks = {
node_group_name = "node-group-name1"
instance_types = ["m5.large"]
update_config = [{
max_unavailable_percentage = 30
}]
}
mng_custom_ami = {
node_group_name = "mng_custom_ami"
custom_ami_id = "ami-0e28cf2562b7b3c9d"
capacity_type = "ON_DEMAND"
}
}
"qe"= {
eks = {
node_group_name = "node-group-name2"
instance_types = ["m5.large"]
}
mng_custom_ami = {
node_group_name = "mng_custom_ami"
custom_ami_id = "ami-0e28cf2562b7b3c9d"
capacity_type = "ON_DEMAND"
block_device_mappings = [
{
device_name = "/dev/xvda"
volume_type = "gp3"
volume_size = 150
}
]
}
}
}
variable env {}
mng = var.managed_node_groups[var.env]
Kirupakaranover 3 years ago
could anyone suggest, what will be the perfect auto-scaling during the high traffic of the ecs fargate, and also send me the github link for my reference, thanks in advance.
Amit Karpeover 3 years ago
What is best practise to install packages and configure few settings in ec2 instance?
Do you prefer provisioner with “remote-exec”?
or Ansible or packer?
I need to run an applications in four ec2 instance with pre-configuration.
I have shell script ready but wanted to know better approach.
Do you prefer provisioner with “remote-exec”?
or Ansible or packer?
I need to run an applications in four ec2 instance with pre-configuration.
I have shell script ready but wanted to know better approach.
Kirupakaranover 3 years ago
Hi everyone, I supposed to create ecs on multi region using tf, now ecs running on us-east-1, could anyone help me to solve this problem. Thanks in advance
Jamesover 3 years ago
Hey guys - I have creation of ECR in my TF. How do you flag the ECR part to avoid destroying it during executing
terraform destroy?
Manjunath shettyover 3 years ago
I have created multiple ec2 instance using count . In that one ec2 instance deleted using -target option or manually . In the subsequent deployment I want terraform to skip the deployment of manual deleted instance. How to achieve this?
Manjunath shettyover 3 years ago
resource "aws_instance" "web" {
count = 4 # create four similar EC2 instances
ami = "ami-00785f4835c6acf64"
instance_type = "t2.micro"
tags = {
Name = "Server ${count.index}"
}
lifecycle {
ignore_changes = [
aws_instance.web[1]
]
}
}Manjunath shettyover 3 years ago
i try to implement using lifecylce ignore change but getting error This object has no argument, nested block, or exported attribute named "aws_instance".
Manjunath shettyover 3 years ago
Any pointers on this?
Kirupakaranover 3 years ago
can anyone help me to ..assign ecs fargate public ip to target group, now private ip is assigned on target group.
Jamesover 3 years ago
Hey guys,
Running an initial
How do you approach with this kind of case?
Running an initial
terraform apply has been failed due to expired aws credential. I updated the creds and rerunning apply, it's failed once again due to the resources being existed already resulted from the initial applied earlier.How do you approach with this kind of case?
OliverSover 3 years ago(edited)
I discovered recently while I was looking at using HCL Go libraries to do our own config processing, that TF 1.3 will have some pretty awesome improvements to config defaults. And I saw in this channel a syndicated post about it just now, but it might have gotten missed, so I'm writing this.
The improvement actually goes way beyond providing the optional value in the
But HC also fixed a major issue with defaults merge in 1.2 (as was available in both
There's really only 2 use cases that these 1.3 improvements do not solve for me, but I can live without them (whereas the issues that 1.3 fixes were deal breakers for us and we were going to roll our own using hclwrite lib).
I'll be moving our current in-house config system to use the new capabilities of 1.3 over the next few weeks (depends on client priorities, might take longer), very excited to see how far I can get.
The improvement actually goes way beyond providing the optional value in the
optional() function call. That improvement alone is great, because it allows for a much more natural way to declare default objects and easier to grok the structure (instead of using a separate default attribute in variable. or defaults() function).But HC also fixed a major issue with defaults merge in 1.2 (as was available in both
deafult attrib and defaults() function): it will create default nested objects to full depth based on the spec. Which it does not do in the experimental support available in 1.2, thus rendering the defaults() function almost useless (IMO).There's really only 2 use cases that these 1.3 improvements do not solve for me, but I can live without them (whereas the issues that 1.3 fixes were deal breakers for us and we were going to roll our own using hclwrite lib).
I'll be moving our current in-house config system to use the new capabilities of 1.3 over the next few weeks (depends on client priorities, might take longer), very excited to see how far I can get.
sripeover 3 years ago
hey guys, how are you managing user creation in rds, any best practices ?
Jonas Steinbergover 3 years ago(edited)
Module development and best practices 🧵 Looking for experience and opinions
Simpson Sayover 3 years ago
Hi team — hoping to get some eyes on this when someone has the time: https://github.com/cloudposse/terraform-datadog-platform/pull/71
Erik Osterman (Cloud Posse)over 3 years ago
Does the free edition of terraform cloud still require each workspace hardcode AWS credentials? Or can you setup an IAM role that it can assume?
muhahaover 3 years ago(edited)
Hey, are You using Checkov/TFsec/Kicks in CI ( Github Actions for example ) ? I just wanted to ask, I just discovered https://github.com/security-alert/security-alert/tree/master/packages/sarif-to-comment/, which can effectively convert SARIF to GH comment... But its not working correctly, because all these tools are predownloading modules and analyses them with given input on the filesystem. So It can generate comments, but it will generate diff URLs based on local path, instead of just pointing to the correct "upstream" module called from main.tf. Ideas?
Shlomo Daariover 3 years ago
Does anyone know why I’m getting this error?
In the Terraform site, it shows that this should be under the module eks section.
An argument named "iam_role_additional_policies" is not expected here.In the Terraform site, it shows that this should be under the module eks section.
Tommyover 3 years ago(edited)
is it somehow possible to test the github action pipelines of the modules locally or within the fork? I have some troubles to pass all pipeline steps 😞
rssover 3 years ago
v1.3.0-rc1
1.3.0 (Unreleased)
NEW FEATURES:
Optional attributes for object type constraints: When declaring an input variable whose type constraint includes an object type, you can now declare individual attributes as optional, and specify a default value to use if the caller doesn't set it. For example:
variable "with_optional_attribute" {
type = object({
a = string # a required attribute
b = optional(string) # an optional attribute
c = optional(number, 127) # an...
1.3.0 (Unreleased)
NEW FEATURES:
Optional attributes for object type constraints: When declaring an input variable whose type constraint includes an object type, you can now declare individual attributes as optional, and specify a default value to use if the caller doesn't set it. For example:
variable "with_optional_attribute" {
type = object({
a = string # a required attribute
b = optional(string) # an optional attribute
c = optional(number, 127) # an...
Erik Osterman (Cloud Posse)over 3 years ago
Lol, this headline could make some people do a double take…
Jim Parkover 3 years ago
Hypothetical reasons to arrest an actual Terraform founder in this thread please 😈
Mallikarjuna Mover 3 years ago
Hi Team,
can some one help me with creating IAM user in terraform by passing variable from values.yml file
can some one help me with creating IAM user in terraform by passing variable from values.yml file
Jeremy (UnderGrid Network Services)over 3 years ago
Has anyone tried using any of the existing EKS related TF modules to deploy a Windows EKS node group for a cluster?
automationtraineeover 3 years ago(edited)
Anyone have an idea on which module I need to update this variable in?
module.tf_cloud_builder.module.bucket.google_storage_bucket.bucket: Destroying... [id=]
╷
│ Error: Error trying to delete bucket containing objects without force_destroy set to true
PePe Amengualover 3 years ago
What is the greatest lates on TF pipelines lately? How do you run multi tenant/user self serve infra with feature branches in multi account, multi region setups? 🧵
Angela Zhuover 3 years ago(edited)
Hey Team, does anyone know why account_id is not part of cloudposse/terraform-cloudflare-zone module?
resource "cloudflare_zone" "example" {
account_id = "f037e56e89293a057740de681ac9abbe"
zone = "<http://example.com|example.com>"
}
ghostfaceover 3 years ago(edited)
i have a
how do i ignore all scaling configs for all of the keys?
currently i have the above, am i right in thinking this will only effect the first loop?
for_each for an EKS_node_group resource like below:resource "aws_eks_node_group" "nodegroup" {
for_each = var.nodegroups
...how do i ignore all scaling configs for all of the keys?
lifecycle {
create_before_destroy = true
ignore_changes = [scaling_config.[0].desired_size]
}currently i have the above, am i right in thinking this will only effect the first loop?
Ben Grayover 3 years ago
Hi! Hopefully I can get some direction on my issue.
I am trying to use this module to create an AWS client VPN endpoint, and running into an issue. I cannot avoid getting this error:
I have been able to prove something is wrong with this module as if I modify the above referenced line in that file, with a name directly, it works. And I am very confused on how this is working.
I am trying to use this module to create an AWS client VPN endpoint, and running into an issue. I cannot avoid getting this error:
│ Error: "name" isn't a valid log group name (alphanumeric characters, underscores, hyphens, slashes, hash signs and dots are allowed): ""
│
│ with module.ec2_client_vpn.module.cloudwatch_log.aws_cloudwatch_log_group.default[0],
│ on .terraform/modules/ec2_client_vpn.cloudwatch_log/main.tf line 17, in resource "aws_cloudwatch_log_group" "default":
│ 17: name = module.log_group_label.idI have been able to prove something is wrong with this module as if I modify the above referenced line in that file, with a name directly, it works. And I am very confused on how this is working.
Kirupakaranover 3 years ago
Hi all, i want to redirect https://example1.example.com to https://example.com/example1 in nginx, if anyone aware of nginx please help me to slove this problem.
rssover 3 years ago
v1.3.0
1.3.0 (September 21, 2022)
NEW FEATURES:
Optional attributes for object type constraints: When declaring an input variable whose type constraint includes an object type, you can now declare individual attributes as optional, and specify a default value to use if the caller doesn't set it. For example:
variable "with_optional_attribute" {
type = object({
a = string # a required attribute
b = optional(string) # an optional attribute
c = optional(number, 127) #...
1.3.0 (September 21, 2022)
NEW FEATURES:
Optional attributes for object type constraints: When declaring an input variable whose type constraint includes an object type, you can now declare individual attributes as optional, and specify a default value to use if the caller doesn't set it. For example:
variable "with_optional_attribute" {
type = object({
a = string # a required attribute
b = optional(string) # an optional attribute
c = optional(number, 127) #...
Kirupakaranover 3 years ago
I have multiple databases in one db instances, how can i backup particular databases in aws, i am using aurora mysql.
Julian Olssonover 3 years ago(edited)
Hi Folks, I’m experiencing what feels like a fun bug with the Cloudposse Datadog-Lambda-Forwarder Module. For my use case, I’m deploying it to all of our accounts in a centralized workspace using provider blocks. Calling the module multiple times produces an error that calling it a single time does not. Error details and a minimally reproducible code example in 🧵 . (Resolved by
depends_on)OliverSover 3 years ago
Looks like s3 bucket replication of existing objects is not currently supported by latest AWS provider (4.31).
So my best option seems to be to first run terraform apply to put new-object replication in place for desired buckets, then run a Batch Replication job from CLI using
But then it is easy to forget to run that script after terraform apply, so better:
• Add a
• Better add that provisioner to a
Any considerations I might be forgetting?
So my best option seems to be to first run terraform apply to put new-object replication in place for desired buckets, then run a Batch Replication job from CLI using
aws s3control create-job ... on each bucket (since I have a lot of buckets to replicate existing objects, and replication jobs require a replication config to already exist).But then it is easy to forget to run that script after terraform apply, so better:
• Add a
local-exec provisioner to the bucket replication config resource in my tf code, with when=create. But this would get skipped for buckets that already have replication config (ie already created).• Better add that provisioner to a
null_resource that is enabled only if a variable is set to true (and no when set). I would set it to true, apply, set it to false, push. Any considerations I might be forgetting?
Jeremy (UnderGrid Network Services)over 3 years ago
Anyone looked at updating the terraform-aws-elasticsearch module to support OpenSearch or creating a new module for it?
Ray Bothaover 3 years ago(edited)
Hey all, I'm trying to set up a new AWS organization and accounts with the
Yeah I'm not a member of an organization, my impression is the account module is supposed to create the organization no? (Resolved by terraform clean)
terraform-aws-components/account module but running into an odd issue on the atmos terraform plan:│ Error: error reading Organizations Policy (p-9tkedynp): AWSOrganizationsNotInUseException: Your account is not a member of an organization.
│
│ with module.organizational_units_service_control_policies["platform"].aws_organizations_policy.this[0],
│ on .terraform/modules/organizational_units_service_control_policies/main.tf line 37, in resource "aws_organizations_policy" "this":
│ 37: resource "aws_organizations_policy" "this" {Yeah I'm not a member of an organization, my impression is the account module is supposed to create the organization no? (Resolved by terraform clean)
Kirupakaranover 3 years ago
Hey all, is there any tool for convert cloudformation to terraform ??
Herman Smithover 3 years ago(edited)
Is it possible to have a terraform module enforce that the aws provider it inherits is configured to a certain region? (And fail if a provider for a different region is in use)
Mazin Ahmedover 3 years ago
I have this issue where I can not run
terraform import on a new remote state within TFE at a workspace. It's a new workspace and does not have resources yet, I am trying run import script before merging a PR for all tf resources. Any ideas how to solve this?Acquiring state lock. This may take a few moments...
Failed to persist state: Error uploading state: resource not foundPePe Amengualover 3 years ago
TFC Cloud pricing question: anyone know the actual price?
OliverSover 3 years ago
I have a stack that will consist of N tfstates. I could easily write an N-line bash script to do tf apply on each one, but I'm wondering if one of terragrunt, terramate, terraspace or cdktf might have good support for this and aspects of such design that I might now yet realize 🙂
Eg N-1 of those states will be completely independent one another and will depend only on the first module (which is a base layer), so technically they could all be updated in parallel. Does one of these tools support describing the stack in terms of separate states, and the dependencies of module on other modules, then it could automatically figure out the order of tf applies and do some in parallel.
Eg N-1 of those states will be completely independent one another and will depend only on the first module (which is a base layer), so technically they could all be updated in parallel. Does one of these tools support describing the stack in terms of separate states, and the dependencies of module on other modules, then it could automatically figure out the order of tf applies and do some in parallel.
Konrad Bloorover 3 years ago
Just got to say, as someone new to terraform trying to build infrastructure quickly for a new venture, cloudposse terraform modules rule, wow. Thanks 🏆️ 🙏
Ray Bothaover 3 years ago(edited)
Has cloudposse developed any module/components for AWS ipam?
I'm looking into using IPAM instead of working out all the IP blocks in a spreadsheet
I'm looking into using IPAM instead of working out all the IP blocks in a spreadsheet
Ray Bothaover 3 years ago(edited)
Has anyone setup centralized egress for all your VPCs through the network account, via an NAT gateway, using cloudposse terraform-aws-components? I'm using transit gateway but it looks like that would require a lot of changes to the tgw components' route configs.
setheryopsover 3 years ago
Any recs on apps for detecting drift in Terraform if you are NOT on Terraform cloud? Every place ive worked we have always had an internally developed custom app. I really dont want to have to write another one again for my current gig.
Lee Broomover 3 years ago
Any recommendations for a good guide on deploying cloudposse modules into own projects?
rssover 3 years ago
v1.3.1
1.3.1 (September 28, 2022)
NOTE:
On darwin/amd64 and darwin/arm64 architectures, terraform binaries are now built with CGO enabled. This should not have any user-facing impact, except in cases where the pure Go DNS resolver causes problems on recent versions of macOS: using CGO may mitigate these issues. Please see the upstream bug <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1231779689" data-permission-text="Title is private"...
1.3.1 (September 28, 2022)
NOTE:
On darwin/amd64 and darwin/arm64 architectures, terraform binaries are now built with CGO enabled. This should not have any user-facing impact, except in cases where the pure Go DNS resolver causes problems on recent versions of macOS: using CGO may mitigate these issues. Please see the upstream bug <a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="1231779689" data-permission-text="Title is private"...
Tim Schwenkeover 3 years ago(edited)
Hey everyone, I have a question regarding terraform-null-label: I get how to use it as a module. But do I also include the
context.tf in my own files if I'm writing a module myself (which I do all the time because everything in Terraform is a module)? Basically replicating what Cloud Posse is doing within their own modules.
Thomas Panickerover 3 years ago
Is there anyone out there interested in upgrading TF 0.12 to something more current..
Nitinover 3 years ago
Hello Team,
How can remove a resouce created using cloudposse/vpc-peering-multi-account/aws
How can remove a resouce created using cloudposse/vpc-peering-multi-account/aws
Nitinover 3 years ago
we don't need vpc peering.. what is the best way to do it.
Nitinover 3 years ago
because if i delete it and then plan and apply it is faling
Nitinover 3 years ago
if i set enable = false then authorization issue is coming