55 messages
JoseFover 3 years ago
I was looking for the https://github.com/cloudposse/terraform-aws-ec2-cloudwatch-sns-alarms but looks to me 404 not found. Is this expected?
JoseFover 3 years ago(edited)
Also wonder if I can collaborate somehow to do a PR and add some more event_categories in the https://github.com/cloudposse/terraform-aws-rds-cloudwatch-sns-alarms. Since I am looking to add/use
• availability
• configuration change
• deletion
• read replica
Since the one current available are:
• recovery
• failure
• maintenance
• notification
• failover
• low storage
• availability
• configuration change
• deletion
• read replica
Since the one current available are:
• recovery
• failure
• maintenance
• notification
• failover
• low storage
Tom Vaughanover 3 years ago
Having an issue with terraform-aws-tfstate-backend module and s3 bucket. We put our state files in the same s3 bucked under different keys.
For example:
state-file-bucket/vpc
state-file-bucket/rds
I am using the latest release of the module and it is throwing an error saying the the s3 bucket already exists, which it does b/c it was created previously. Using this module in this way hasn't been a problem with previous versions. Is there something I need to set for it to work? I tried setting bucket_enabled to false but the ends up clearing the bucket value in backend.tf which then throws another error. So, I am going in circles here.
When using version 0.37.0 I don't have this issue.
For example:
state-file-bucket/vpc
state-file-bucket/rds
I am using the latest release of the module and it is throwing an error saying the the s3 bucket already exists, which it does b/c it was created previously. Using this module in this way hasn't been a problem with previous versions. Is there something I need to set for it to work? I tried setting bucket_enabled to false but the ends up clearing the bucket value in backend.tf which then throws another error. So, I am going in circles here.
When using version 0.37.0 I don't have this issue.
Alanis Swanepoelover 3 years ago
@Erik Osterman (Cloud Posse)
• https://aws.amazon.com/about-aws/whats-new/2022/10/amazon-machine-images-support-instance-metadata-service-version-2-default/
• https://github.com/hashicorp/terraform-provider-aws/issues/27083
•
• https://aws.amazon.com/about-aws/whats-new/2022/10/amazon-machine-images-support-instance-metadata-service-version-2-default/
• https://github.com/hashicorp/terraform-provider-aws/issues/27083
•
Jonas Steinbergover 3 years ago(edited)
Hey everyone,
Looking to have a bit of a debate on the topic of monitoring as code and whether or not it actually matters. More specifically: whether having monitors, dashboards, service level objects and the like actually need to be backed by IaC and within a GitOps workflow.
Many of us have monitoring products like datadog or cloudwatch in which the vast majority of monitors, dashboards, SLOs and the like have been clickops'd. For example at my current shop there are about 350 dashboards and almost none are in IaC and what's more we don't really know which ones are critical and which ones can be deleted. And the same goes for monitors and SLOs.
Now imagine that you used Terraformer (or equivalent, if there even is such a thing for Cloudformation) to get all these things into terraform and into all the appropriate repos. And then you even took that a step further and developed a system to do this continuously and also to clean up your monitoring product in the meanwhile, e.g. delete any dashboard not label
My questions to the community are:
• so what? All of those clickops'd dashboards are backed up by the CSP or 3rd party; if they have a catastrophic event they'll probably be able to get them back to you?
• and do we really want to be writing dashboards as code? It gets fairly ridiculous.
• and as for labeling them and then automating their cleanup: will it be that much of a feng shui or cost improvement?
Curious about people's thoughts regarding this topic because now that I have everything in IaC and a potential solution for automating parity and cleanup I find myself asking, "Who cares?" And of course if there are other reasons for storing monitors, dashboards, SLOs and the like as code please bring those up as I'm always interested in learning how other people are solving problems!
Looking to have a bit of a debate on the topic of monitoring as code and whether or not it actually matters. More specifically: whether having monitors, dashboards, service level objects and the like actually need to be backed by IaC and within a GitOps workflow.
Many of us have monitoring products like datadog or cloudwatch in which the vast majority of monitors, dashboards, SLOs and the like have been clickops'd. For example at my current shop there are about 350 dashboards and almost none are in IaC and what's more we don't really know which ones are critical and which ones can be deleted. And the same goes for monitors and SLOs.
Now imagine that you used Terraformer (or equivalent, if there even is such a thing for Cloudformation) to get all these things into terraform and into all the appropriate repos. And then you even took that a step further and developed a system to do this continuously and also to clean up your monitoring product in the meanwhile, e.g. delete any dashboard not label
critical or something.My questions to the community are:
• so what? All of those clickops'd dashboards are backed up by the CSP or 3rd party; if they have a catastrophic event they'll probably be able to get them back to you?
• and do we really want to be writing dashboards as code? It gets fairly ridiculous.
• and as for labeling them and then automating their cleanup: will it be that much of a feng shui or cost improvement?
Curious about people's thoughts regarding this topic because now that I have everything in IaC and a potential solution for automating parity and cleanup I find myself asking, "Who cares?" And of course if there are other reasons for storing monitors, dashboards, SLOs and the like as code please bring those up as I'm always interested in learning how other people are solving problems!
Erik Osterman (Cloud Posse)over 3 years ago
Anyone at the Hashiconf Global mixer tonight?
jim carlover 3 years ago
Hello everyone !
jim carlover 3 years ago
Is anybody plans to take terraform exam this month or soon ??
rssover 3 years ago(edited)
v1.3.2
1.3.2 (October 06, 2022)
BUG FIXES:
Fixed a crash caused by Terraform incorrectly re-registering output value preconditions during the apply phase (rather than just reusing the already-planned checks from the plan phase). (#31890)
Prevent errors when the provider reports that a deposed instance no longer exists (<a...
1.3.2 (October 06, 2022)
BUG FIXES:
Fixed a crash caused by Terraform incorrectly re-registering output value preconditions during the apply phase (rather than just reusing the already-planned checks from the plan phase). (#31890)
Prevent errors when the provider reports that a deposed instance no longer exists (<a...
Kyryloover 3 years ago(edited)
👋 Hello, team!
Is it possible to create two
When I've tried to create two
https://github.com/cloudposse/terraform-aws-eks-node-group
Is it possible to create two
eks_node_group for one eks_cluster? I've seen that in case of such scenario documentation recommends to use eks_workers, but I need to use eks_node_group instead.When I've tried to create two
eks_node_group I've got an error that default IAM role already exists and as there are no documentation how to replace it I'm stuck with a solution. Could you give me a hints?https://github.com/cloudposse/terraform-aws-eks-node-group
JoseFover 3 years ago
Hello Team. Question related to the RDS repo and the
What if the default one want to be used? I don't see any way to current use this. And because of this some limits are reached which is not the expected result, but use the default ones, to keep things simple.
Any idea?
parameter_group_name and option_group_name vars. It looks like that every time a new plan is deployed, a new option_group and parameter_group is created with the namespace-environment-stage-name format.What if the default one want to be used? I don't see any way to current use this. And because of this some limits are reached which is not the expected result, but use the default ones, to keep things simple.
Any idea?
Herman Smithover 3 years ago
Can a provider configuration depend upon a module output, or do providers need to be fully initialized before any modules can be applied?
Adam Panzerover 3 years ago
Hiya!
I’m using the https://github.com/cloudposse/terraform-aws-acm-request-certificate module and I have this setup:
Domain: bar.com
Subdomain: foo.baz.bar.com
In v0.16.2 this apply worked just fine.
Now in v0.17.0 it gives me an error saying it can’t find a zone for baz.bar.com which weird cuz, I don’t need that zone.
I’m using the https://github.com/cloudposse/terraform-aws-acm-request-certificate module and I have this setup:
Domain: bar.com
Subdomain: foo.baz.bar.com
In v0.16.2 this apply worked just fine.
module "acm_request_certificate_east_coast" {
source = "cloudposse/acm-request-certificate/aws"
version = "0.16.2"
domain_name = "<http://foo.baz.bar.com|foo.baz.bar.com>"
process_domain_validation_options = true
ttl = "300"
subject_alternative_names = ["*.<http://foo.baz.bar.com|foo.baz.bar.com>", "*.<http://bar.com|bar.com>"]
providers = {
aws = aws.use1
}
}Now in v0.17.0 it gives me an error saying it can’t find a zone for baz.bar.com which weird cuz, I don’t need that zone.
mrwackyover 3 years ago
Is there a way to use TF to attach Control Tower guardrails to OUs? Best I can see is to recreate with SCPs manually 😐️
taskinerover 3 years ago
Hi all! I wonder if anyone experienced weird cycle errors when trying to disable a module with
count. I drawed cycles but its not something readable. any hints for debugging these much appreciated!, error cycle in thread.
Stephen Bennettover 3 years ago
Hi, Is there a new way of writing in
ie code:
Gets warnings:
data or resources to objects to stop tflint interpolation-only error:ie code:
resource "aws_s3_bucket_policy" "opensearch-backup" {
bucket = aws_s3_bucket.opensearch-backup.id
policy = jsonencode({
Version = "2012-10-17"
Id = "BUCKET-POLICY"
Statement = [
{
Sid = "EnforceTls"
Effect = "Deny"
Principal = "*"
Action = "s3:*"
Resource = [
"${aws_s3_bucket.opensearch-backup.arn}/*",
"${aws_s3_bucket.opensearch-backup.arn}"
]
Condition = {
Bool = {
"aws:SecureTransport" = "false"
}
}
}
]
})
}Gets warnings:
Warning: Missing version constraint for provider "aws" in "required_providers" (terraform_required_providers)
on s3-snapshot-bucket.tf line 72:
72: resource "aws_s3_bucket_policy" "opensearch-backup" {
Reference: <https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.1.1/docs/rules/terraform_required_providers.md>
Warning: Interpolation-only expressions are deprecated in Terraform v0.12.14 (terraform_deprecated_interpolation)
on s3-snapshot-bucket.tf line 85:
85: "${aws_s3_bucket.opensearch-backup.arn}"
Reference: <https://github.com/terraform-linters/tflint-ruleset-terraform/blob/v0.1.1/docs/rules/terraform_deprecated_interpolation.md>
Manoj Kumarover 3 years ago
👋 Hello, team!
Manoj Kumarover 3 years ago
I am trying to use this module:
https://github.com/cloudposse/terraform-aws-vpc-peering-multi-account
Can someone please post IAM-ROLE example code for terraform that should be used in this example
https://github.com/cloudposse/terraform-aws-vpc-peering-multi-account
Can someone please post IAM-ROLE example code for terraform that should be used in this example
Manoj Kumarover 3 years ago
I am facing this error now:
https://github.com/cloudposse/terraform-aws-vpc-peering-multi-account/issues/6
https://github.com/cloudposse/terraform-aws-vpc-peering-multi-account/issues/6
Manoj Kumarover 3 years ago
Terraform resource has
aws_instance which have an argument ip_address . Any have example how to use it?
Mallikarjuna Mover 3 years ago
Hi All is it possible to send mails using terraform?
Mallikarjuna Mover 3 years ago
After creating AWS IAM users, we want to send credentials via terraform is there any possibilities?
Chris Grayover 3 years ago
I’m 90% sure this issue is just because I’ve been looking at it too long but here’s hoping someone can help. I’m looking at creating AWS SSO users but ideally I want to do something like the following where I define a user in a local e.g.
Then I would create the group membership based on what is set in the groups list but right now I’m just unable to grok the logic I need, anyone done something similar? I would just use the group list directly but
locals {
users = {
user1 = {
userdetail = "some info"
groups = [
"admin",
"developer"
]
}
}
}Then I would create the group membership based on what is set in the groups list but right now I’m just unable to grok the logic I need, anyone done something similar? I would just use the group list directly but
aws_identitystore_group_membership seems to need a string
tyuover 3 years ago
Hey folks, out of curiosity, has anyone seen this error before when making a simple update like changing the instance type? I am using this module: https://github.com/cloudposse/terraform-aws-eks-node-group
│Error: error creating EKS Node Group: ResourceInUseException: NodeGroup already exists with name xxxx and cluster name yyyytyuover 3 years ago
Is the recommended way to destroy and recreate the cluster?
Konrad Bloorover 3 years ago
Hey! A sanity check amongst you experts would be great. Say I have a java based lambda. The source is in github. A github action creates the jar file in each release. I have another github action to, on each release, deploy to a specific environment (using the serverless framework).
Terraform creates this environment inside github, with the github provider.
I’d like terraform, when setting up a bit of infrastructure, to also trigger a deploy (of the latest release, using a github actions workflow) into the environment it created, in order to fully setup that part of the system.
Is this a good way of doing things? Should I be doing things differently?
Terraform creates this environment inside github, with the github provider.
I’d like terraform, when setting up a bit of infrastructure, to also trigger a deploy (of the latest release, using a github actions workflow) into the environment it created, in order to fully setup that part of the system.
Is this a good way of doing things? Should I be doing things differently?
Muhammad Taqiover 3 years ago
Hy folks, I'm trying to create a VPC and dynamic subnets using full example, but i got this error again and agian, is this bcz of latest versions?
Herman Smithover 3 years ago(edited)
With a resource
I'd have expected the "resource changed" check to apply to the specific key of that resource, not if any key associated to that resource is changed!
Edit: corrected description at https://sweetops.slack.com/archives/CB6GHNLG0/p1666024029538429?thread_ts=1666022676.252819&cid=CB6GHNLG0
for_each'd, being driven from a set of strings, I can see that adding a new item to that set of strings (and thus creating a new resource, without affecting the old) leads to data sources (similarly for_each'd on the keys() of the list of those resources) to be considering unchanged resources (with their original key, no less) as changed, and thus forcing data source reads and "known after apply" for everything unnecessarily. Is this a known issue?I'd have expected the "resource changed" check to apply to the specific key of that resource, not if any key associated to that resource is changed!
Edit: corrected description at https://sweetops.slack.com/archives/CB6GHNLG0/p1666024029538429?thread_ts=1666022676.252819&cid=CB6GHNLG0
Zach Bover 3 years ago(edited)
When separating configuration from code, such as in the case of what atmos aims to accomplish,
I’ve seen a lot of “stacks” or “components” implementations. The same ideas can be applied to terragrunt projects.
What I haven’t yet figured out is: Every single example where these “components” are used/referenced, they take on the singular noun and it almost seems impossible to create multiple of the same component in the same stack and therefore multiple of the same underlying resources unless you customize that component specifically.
i.e. If I wanted to deploy 14 CloudFront distributions to a single account and region, would you recommend I:
1. Create a single component using
2. Create a separate component and explicitly define these 14 distributions inline?
3. Create 14 different stacks that reference the same component?
^ If option #1, then I have trouble understanding why it is not a “standard” approach to apply
I’ve seen a lot of “stacks” or “components” implementations. The same ideas can be applied to terragrunt projects.
What I haven’t yet figured out is: Every single example where these “components” are used/referenced, they take on the singular noun and it almost seems impossible to create multiple of the same component in the same stack and therefore multiple of the same underlying resources unless you customize that component specifically.
i.e. If I wanted to deploy 14 CloudFront distributions to a single account and region, would you recommend I:
1. Create a single component using
for_each and allow input variables to determine how many are created?2. Create a separate component and explicitly define these 14 distributions inline?
3. Create 14 different stacks that reference the same component?
^ If option #1, then I have trouble understanding why it is not a “standard” approach to apply
for_each on all componentsZach Bover 3 years ago
From this
https://github.com/cloudposse/atmos/blob/master/examples/complete/stacks/orgs/cp/tenant1/prod/us-east-2.yaml
atmos example, if I wanted to create multiple VPCs from the same component in this stack, how would I accomplish that?:https://github.com/cloudposse/atmos/blob/master/examples/complete/stacks/orgs/cp/tenant1/prod/us-east-2.yaml
import:
- mixins/region/us-east-2
- orgs/cp/tenant1/prod/_defaults
- catalog/terraform/top-level-component1
- catalog/terraform/test-component
- catalog/terraform/test-component-override
- catalog/terraform/test-component-override-2
- catalog/terraform/test-component-override-3
- catalog/terraform/vpc
- catalog/helmfile/echo-server
- catalog/helmfile/infra-server
- catalog/helmfile/infra-server-override
components:
terraform:
"infra/vpc":
vars:
cidr_block: 10.8.0.0/18JoseFover 3 years ago
Hello Team. Looking the elastic-beanstalk repo, how is possible to customize the userdata launchconfiguration for the autoscaling?
• I use already ebextensions that works flawless during deploy time, but after a scaling event, the ebextension customization is lost (/weird).
• I've tried this already to spin a new environment, deploy, after manual terminate the instance and wait the ASG to spin a new instance, the internal customization is gone.
Any advice would be nice. Thanks 😅
• I use already ebextensions that works flawless during deploy time, but after a scaling event, the ebextension customization is lost (/weird).
• I've tried this already to spin a new environment, deploy, after manual terminate the instance and wait the ASG to spin a new instance, the internal customization is gone.
Any advice would be nice. Thanks 😅
rssover 3 years ago(edited)
v1.3.3
1.3.3 (October 19, 2022)
BUG FIXES:
Fix error when removing a resource from configuration which has according to the provider has already been deleted. (#31850)
Fix error when setting empty collections into variables with collections of nested objects with default values. (<a href="https://github.com/hashicorp/terraform/issues/32033"...
1.3.3 (October 19, 2022)
BUG FIXES:
Fix error when removing a resource from configuration which has according to the provider has already been deleted. (#31850)
Fix error when setting empty collections into variables with collections of nested objects with default values. (<a href="https://github.com/hashicorp/terraform/issues/32033"...
Alanis Swanepoelover 3 years ago
anyone here played with https://github.com/cdktf/cdktf-provider-template ?
Karina Titovover 3 years ago
hi. i have this pr for aws-iam-role module, what i'm trying to do here is to have the ability provide a custom name for the iam role policy, that is being created https://github.com/cloudposse/terraform-aws-iam-role/pull/50
Berjan Bover 3 years ago
Hello Folks,
Berjan Bover 3 years ago
I am creating s3 bucket with CDN using terraform
but where to define IAM Policy, Role
but where to define IAM Policy, Role
Berjan Bover 3 years ago(edited)
provider aws {
region = "us-east-1"
alias = "us-east-1"
}
# create acm and explicitly set it to us-east-1 provider
module "acm_request_certificate" {
source = "cloudposse/acm-request-certificate/aws"
providers = {
aws = aws.us-east-1
}
# Cloud Posse recommends pinning every module to a specific version
domain_name = "<http://cdn.xxx.mn|cdn.xxx.mn>"
process_domain_validation_options = true
ttl = "300"
}
module "cdn" {
source = "cloudposse/cloudfront-s3-cdn/aws"
namespace = "tbf"
stage = "prod"
name = "cdn-bucket"
aliases = ["<http://cdn.xxxxx.mn|cdn.xxxxx.mn>"]
dns_alias_enabled = true
# parent_zone_name = "<http://xxxxxx.mn|xxxxxx.mn>"
parent_zone_id = var.aws_route53_hosted_zone_id
cloudfront_access_logging_enabled = false
acm_certificate_arn = module.acm_request_certificate.arn
# depends_on = [module.acm_request_certificate]
}
Fair Deal Home Buyerover 3 years ago
any body who famylliar with lambda forwarder datodog?
Omar Hountondjiover 3 years ago
Hello guys,
Omar Hountondjiover 3 years ago
I am new to this group, basically I am looking for ways to create multiples performance alerts for Azure VMs in terraform. Can anybody point me to the right resources/repos for that?
Gary Cuga-Moylanover 3 years ago
Posted this in #aws before I realized there was a terraform channel 😃:
https://sweetops.slack.com/archives/CCT1E7JJY/p1666364196926439
https://sweetops.slack.com/archives/CCT1E7JJY/p1666364196926439
OliverSover 3 years ago
I'm getting this error by
Setting TF_LOG_PROVIDER=trace does not give additional info (eg the 403 does not appear anywhere in the trace output)
Cloudtrail does not show an access denied operation even after several minutes (I've used it many times before for this type of issue, so I'm pretty sure -- although no guarantee - that I'm querying it correctly)
Any ideas?
terraform plan :│ Error: AccessDenied: Access Denied
│ status code: 403, request id: XXX, host id: YYYSetting TF_LOG_PROVIDER=trace does not give additional info (eg the 403 does not appear anywhere in the trace output)
Cloudtrail does not show an access denied operation even after several minutes (I've used it many times before for this type of issue, so I'm pretty sure -- although no guarantee - that I'm querying it correctly)
Any ideas?
Soren Jensenover 3 years ago
Is this possible to do in a tfvars file? I want to check if my environment variable env.ENV_PREFIX is prod. If env.ENV_PREFIX = prod set a variable production = true, if env.ENV_PREFIX is dev set production = false..
Nitinover 3 years ago
terraform-aws-vpc-peering-multi-account module does not create IPv6 interal routes?
PePe Amengualover 3 years ago(edited)
We are looking for companies that want to share their experience with Atlantis and success histories and that they might want to add their logo to the Atlantis page to showcase companies using Atlantis, I’m one of the contributors for the Atlantis project, please PM me
Herman Smithover 3 years ago(edited)
This returns all values held within
But this returns an error -
Should the splat expression not be equivalent to the first?
some_list of the various some_map entries:value = toset([for k, v in var.some_object.some_map : v.some_list])But this returns an error -
This map does not have an element with the key "some_list" :value = toset(var.some_object.some_map[*].some_list)Should the splat expression not be equivalent to the first?
Mallikarjuna Mover 3 years ago
Hello Everyone,
Does anyone know about the best and easy way of VPN configuration?
Does anyone know about the best and easy way of VPN configuration?
Herman Smithover 3 years ago
Is
required_providers required even in root terraform modules which don't directly use resources, but simply rely on modules (which themselves have required_providers)? Seems redundant
Vincent Shefferover 3 years ago
Trying to just add instance types to an existing cluster using eks_node_group module, but doesn’t seem to support that.
Vincent Shefferover 3 years ago
More specifics: I’m using cloudposse/eks-cluster/aws 2.5.0 and eks_node_group 2.4.0. Adding instance types to the list of instance_types causes all of the existing ones to be destroyed and then recreated, which in, well, any environment seems bad. I did add another instance of the eks_node_group module but got an error where the iam “default” policy is being recreated. Dug into the module code and I don’t see any way to prevent that from happening.
It’s really important to be able to add new node groups to an existing cluster without disruption and it just isn’t clear how to do that in the documentation. Help is very much appreciated.
It’s really important to be able to add new node groups to an existing cluster without disruption and it just isn’t clear how to do that in the documentation. Help is very much appreciated.
Herman Smithover 3 years ago
Has anyone successfully used
For example: module
In the root module, I've changed
Yet I get
moved blocks to refactor within multiple levels of module nesting?For example: module
a wraps module b (a adds no new resources, it just takes variables and passes them through to b's) - I'd like to eliminate module a , being the useless wrapper that it is.In the root module, I've changed
module "a" { to module "b" { , and added the following moved block below:moved {
from = module.a.module.b
to = module.b
}Yet I get
The argument "from" is required, but no definition was found., which seems a bizarre error!Herman Smithover 3 years ago(edited)
Findings about this subject online seem a little contradictory and ambiguous/unspecific, but there does seem to be suggestion it's possible, given that cross-module boundaries can be crossed with
moved
Amrutha Sunkaraover 3 years ago
Hello Folks, is there a terraform module that any of you know of/use to create a tunnel via SSM?
Jonas Steinbergover 3 years ago
So -- terraform cloud input variables...
Are they only returned as strings?
I'm having a helluva time using them.
Are they only returned as strings?
I'm having a helluva time using them.
Johanover 3 years ago
Hi, I’m using cdktf with python and I want to loop over resource creation, which each should be stored in their own
This is what I get when I run a loop over the
CloudBackend. Is that even possible? It seems that I can only define only 1 CloudBackend per TerraformStack?This is what I get when I run a loop over the
CloudBackend , within a TerraformStack (with various NamedCloudWorkspace s):jsii.errors.JSIIError: There is already a Construct with name 'backend' in TerraformStack [stackname]