42 messages
rssover 3 years ago(edited)
v1.3.4
1.3.4 (November 02, 2022)
BUG FIXES:
Fix invalid refresh-only plan caused by data sources being deferred to apply (#32111)
Optimize the handling of condition checks during apply to prevent performance regressions with large numbers of instances (<a href="https://github.com/hashicorp/terraform/issues/32123"...
1.3.4 (November 02, 2022)
BUG FIXES:
Fix invalid refresh-only plan caused by data sources being deferred to apply (#32111)
Optimize the handling of condition checks during apply to prevent performance regressions with large numbers of instances (<a href="https://github.com/hashicorp/terraform/issues/32123"...
Patrick McDonaldover 3 years ago
Hello, looking for opinions: should the application create sqs queues or let terraform manage them? I say terraform should manage them since it’s infrastructure. New dev manager wants the app to manage them. What do you think?
U
Unknown Userover 3 years ago(edited)
Hi All, I'm also in the mood to get some different opinions.. What does others do with their terraform modules?
Chintanover 3 years ago
Hi All, does anyone know how to configure single cloudtrail with multiple data source (like S3, Lambda, DynamoDB) events using the terraform.
setheryopsover 3 years ago
I made a thing if anyone is looking for RDS IAM Authentication done with Terraform. https://gitlab.com/setheryops/rds-iam-auth
Davidover 3 years ago
Does anyone know any information about when associate 003 will be available? I’m looking to get certified but don’t really want to sit 002 if 003 is coming soon
Norma Riggsover 3 years ago
Hey everyone! When it comes to having a git-ops workflow for applying terraform changes, do most people squash & merge code before running apply or vice versa? I’m setting up CI/CD terraform workflows for multiple repositories and keep running into this philosophical question. It would be great to hear any friction points people have experienced in either setup
Andrew Miskellover 3 years ago
Does anyone know if it's possible to set the name of an access point created with terraform-aws-efs? It seems to want to name every access point with the same name as the filesystem itself which isn't helpful to identifying which access point is which by name.
lorenover 3 years ago
Always interesting to read about how others run terraform, especially large teams with large infrastructures...
https://slack.engineering/how-we-use-terraform-at-slack/
https://slack.engineering/how-we-use-terraform-at-slack/
Arash Bahramiover 3 years ago
Hi guys I'd like to ask if anyone knows what is the best way to import existing aws infrastructure to terraform?
Liene Jansoneover 3 years ago
Hello there 👋
I’m looking at using the amazing terraform-aws-elasticache-redis module, but stubbled across mission option to disable the Auto upgrade minor versions option.
I’ve seen the previously created issues on this (#117, #70), which were raised when the parameter was not editable from API, which is no longer the case, based on the API documentation. It works as expected for cluster versions 6+. I’ve created an issue as well #182.
Thank you for creating and maintaining this module ❤️
I’m looking at using the amazing terraform-aws-elasticache-redis module, but stubbled across mission option to disable the Auto upgrade minor versions option.
I’ve seen the previously created issues on this (#117, #70), which were raised when the parameter was not editable from API, which is no longer the case, based on the API documentation. It works as expected for cluster versions 6+. I’ve created an issue as well #182.
Thank you for creating and maintaining this module ❤️
JoseFover 3 years ago
After clone the repo ECS, it gives this variable error. Of course, it can be fix with a sed and replace for the proper variable declaration. This give me the doubt if the repo is outdated?
ghostfaceover 3 years ago
i'm finding that specifying
and instead uses the local credentials.
role_arn here is ignored for the s3 bucket. it's used for the dynamo lock lookup, but for the s3 bucket init, it doesn't use the role_arn defined here https://www.terraform.io/language/settings/backends/s3#assume-role-configurationand instead uses the local credentials.
Jonas Steinbergover 3 years ago
How do people feel about the
something feels off about this, but maybe it's cleaner or more convenient or something?
live vs modules directory/src approach? It annoys me that everything just isn't in a single directory. I'm trying to understand the reasoning of something like:terraform/my_modules/my_mod/{main.tf,variables.tf}
terraform/live/{dev,staging,qa,prod}/{main.tf,variables.tf,versions.tf}
and then live goes:
module "my_mod" {
source = "../modules/dev/my_mod"
}something feels off about this, but maybe it's cleaner or more convenient or something?
Jonathan Forgetover 3 years ago
Hi, I am currently having an issue using the module:
If I don't set the variable
If I do set it I get this one:
I don't really see a way to make it works, does somebody have an idea ?
<https://github.com/cloudposse/terraform-aws-ec2-client-vpn>If I don't set the variable
name I get this error:╷
│ Error: "name" isn't a valid log group name (alphanumeric characters, underscores, hyphens, slashes, hash signs and dots are allowed): ""
│
│ with module.client_vpn.module.cloudwatch_log.aws_cloudwatch_log_group.default[0],
│ on .terraform/modules/client_vpn.cloudwatch_log/main.tf line 17, in resource "aws_cloudwatch_log_group" "default":
│ 17: name = module.log_group_label.id
│
╵If I do set it I get this one:
╷
│ Error: failed creating IAM Role (ci-vpn-log-group): InvalidInput: Duplicate tag keys found. Please note that Tag keys are case insensitive.
│ status code: 400, request id: *********************
│
│ with module.client_vpn.module.cloudwatch_log.module.role.aws_iam_role.default[0],
│ on .terraform/modules/client_vpn.cloudwatch_log.role/main.tf line 29, in resource "aws_iam_role" "default":
│ 29: resource "aws_iam_role" "default" {
│I don't really see a way to make it works, does somebody have an idea ?
rssover 3 years ago(edited)
v1.4.0-alpha20221109
1.4.0 (Unreleased)
BUG FIXES:
The module installer will now record in its manifest a correct module source URL after normalization when the URL given as input contains both a query string portion and a subdirectory portion. Terraform itself doesn't currently make use of this information and so this is just a cosmetic fix to make the recorded metadata more correct. (<a href="https://github.com/hashicorp/terraform/issues/31636" data-hovercard-type="pull_request"...
1.4.0 (Unreleased)
BUG FIXES:
The module installer will now record in its manifest a correct module source URL after normalization when the URL given as input contains both a query string portion and a subdirectory portion. Terraform itself doesn't currently make use of this information and so this is just a cosmetic fix to make the recorded metadata more correct. (<a href="https://github.com/hashicorp/terraform/issues/31636" data-hovercard-type="pull_request"...
Joe Perezover 3 years ago
Hello All! I wanted to share a post I created about simplifying your terraform workflow with a wrapper https://www.taccoform.com/posts/tf_wrapper_p1/
Matty Marshallover 3 years ago(edited)
Hi is anyone able to help me with the EC2 Client VPN Module?
https://github.com/cloudposse/terraform-aws-ec2-client-vpn
My first initial run of this module ran out successfully, I then made some changes to the configuration and ever since my applies fall over on the SSM Parameter creation. I have also completed changed the naming standard so they are 'fresh resources' - it still seems to fall over.
Any help in regards this would be extremely appreciated!
https://github.com/cloudposse/terraform-aws-ec2-client-vpn
My first initial run of this module ran out successfully, I then made some changes to the configuration and ever since my applies fall over on the SSM Parameter creation. I have also completed changed the naming standard so they are 'fresh resources' - it still seems to fall over.
╷
│ Error: error creating SSM Parameter (/staging-awsvpn.key): ParameterAlreadyExists: The parameter already exists. To overwrite this value, set the overwrite option in the request to true.
│
│ with module.ec2_client_vpn.module.self_signed_cert_server.aws_ssm_parameter.private_key[0],
│ on .terraform/modules/ec2_client_vpn.self_signed_cert_server/ssm.tf line 12, in resource "aws_ssm_parameter" "private_key":
│ 12: resource "aws_ssm_parameter" "private_key" {Any help in regards this would be extremely appreciated!
IKover 3 years ago
has anyone been able to pass any pre-defined variables from say Github or Gitlab into Terraform Cloud? Looking to pass in say the
$GITLAB_USER_EMAIL`` variable to use in Terraform Cloud (via TF_VAR_user_email or something). The documentation (https://developer.hashicorp.com/terraform/enterprise/run/run-environment#environment-variables) indicates a set of pre-defined environment variables are injected automatically, however haven’t been able to find a way to pass in other variables.. cheers!
karandeep singhover 3 years ago(edited)
hello guys. i am using this module for creating emr cluster.
https://github.com/cloudposse/terraform-aws-emr-cluster
While, creating task instance group. i want task instance group to be spot and bid_price as use_on_demand_as_max_price.
How do i pass that ?It's failing when i pass bid_price="OnDemandPrice".
I don't see any example for this issue.Can anyone help?
https://github.com/cloudposse/terraform-aws-emr-cluster
While, creating task instance group. i want task instance group to be spot and bid_price as use_on_demand_as_max_price.
How do i pass that ?It's failing when i pass bid_price="OnDemandPrice".
I don't see any example for this issue.Can anyone help?
rssover 3 years ago(edited)
Deciphering Terraform Module Vars
I inherited some Terraform to manage but I am quite new to HCL and so I am struggling to decipher this commonly used code. I have no one to pass on this knowledge to me and so I find myself here. This below is a snippet, but I am looking for is an explanation to what is going on. I am particularly interested in the var definitions and how that translates to finding a value.
#main.tf
module "alb_multi_target" {
for_each = local.alb_multi_target_components
source =...
I inherited some Terraform to manage but I am quite new to HCL and so I am struggling to decipher this commonly used code. I have no one to pass on this knowledge to me and so I find myself here. This below is a snippet, but I am looking for is an explanation to what is going on. I am particularly interested in the var definitions and how that translates to finding a value.
#main.tf
module "alb_multi_target" {
for_each = local.alb_multi_target_components
source =...
Susieover 3 years ago
How can I use additional_tag_map to change the "Name" tag for the security groups created by the module? https://registry.terraform.io/modules/cloudposse/emr-cluster/aws/latest?tab=inputs
Raymond Chenover 3 years ago
Hi, I found there were always changes when I
terraform plan with module cloudposse/lb-s3-bucket/aws although I haven’t changed my config. It never gets to the synchronized state.Joe Perezover 3 years ago(edited)
After spending most of my time provisioning AWS resources in Terraform, I decided to try provisioning resources across multiple Cloud/SaaS offerings. This exploration opened up a new level of orchestration
https://www.taccoform.com/posts/tfg_p6/ (link fixed)
https://www.taccoform.com/posts/tfg_p6/ (link fixed)
rssover 3 years ago(edited)
v1.3.5
1.3.5 (November 17, 2022)
BUG FIXES:
Prevent crash while serializing the plan for an empty destroy operation (#32207)
Allow a destroy plan to refresh instances while taking into account that some may no longer exist (<a href="https://github.com/hashicorp/terraform/issues/32208" data-hovercard-type="pull_request"...
1.3.5 (November 17, 2022)
BUG FIXES:
Prevent crash while serializing the plan for an empty destroy operation (#32207)
Allow a destroy plan to refresh instances while taking into account that some may no longer exist (<a href="https://github.com/hashicorp/terraform/issues/32208" data-hovercard-type="pull_request"...
PePe Amengualover 3 years ago
any ways to overcome this ? https://github.com/hashicorp/terraform-provider-aws/issues/10329
OliverSover 3 years ago
Has anyone used the terraform-provider-github? 200k downloads for the latest release, lots of issues raised, so it seems to be well used. But only 500 stars on github, so I'm just curious to find out limitations before I start using it?
Alcpabout 3 years ago
I am trying out the Getting started with Atmos — Cloud Posse Developer Hub
The workflow command seems to fail
if I try with -f option I get the following error
not sure what I am missing
The workflow command seems to fail
✗ . [none] (HOST) 02-atmos ⨠ atmos workflow deploy-all -s example
Error: required flag(s) "file" not set
Usage:
atmos workflow [flags]if I try with -f option I get the following error
⧉ Tutorials
✗ . [none] (HOST) 02-atmos ⨠ atmos workflow deploy-all -s example -f /tutorials/02-atmos/stacks/example.yaml
yaml: unmarshal errors:
line 1: cannot unmarshal !!seq into config.WorkflowConfig
line 3: cannot unmarshal !!str `example` into config.WorkflowDefinitionnot sure what I am missing
Adnanabout 3 years ago
Does terraform have a mechanism of knowing that a plan file was already executed?
Rikabout 3 years ago
Hi, I’m trying to implement the terraform-aws-datadog-lambda-forwarder. and have enabled the forwarder_rds
I keep running into the following error:
I tried many things to get past it. I just cannot figure out what resource or variable must exist to get this to pass…
I keep running into the following error:
Error: error creating IAM Policy rds: MalformedPolicyDocument: Resource must be in ARN format or "*".
status code: 400, request id: 0d4b0d8a-3fee-4f6f-8149-d2f049c9286e
with module.datadog_lambda_forwarder.aws_iam_policy.lambda_forwarder_rds[0], on .terraform/modules/datadog_lambda_forwarder/lambda-rds.tf line 53, in resource "aws_iam_policy" "lambda_forwarder_rds": 53: resource "aws_iam_policy" "lambda_forwarder_rds" {I tried many things to get past it. I just cannot figure out what resource or variable must exist to get this to pass…
Kavish Khannaabout 3 years ago(edited)
Hi team
I am implementing the module terraform-aws-ecs-cloudwatch-sns-alarms and there is no input variable for datapoints_to_alarm. This is part of the additional configurations.
Should I make the changes and raise a PR or is there any new release coming for these changes?
I am implementing the module terraform-aws-ecs-cloudwatch-sns-alarms and there is no input variable for datapoints_to_alarm. This is part of the additional configurations.
Should I make the changes and raise a PR or is there any new release coming for these changes?
Guru Prasadabout 3 years ago
Hi team,
I am getting below error when trying to run 'terraform plan' to check for changes to K8 service accounts. There are loads of service account but the error is being thrown only for few service accounts, has anyone come across this or do you have any suggestions plz?
I am getting below error when trying to run 'terraform plan' to check for changes to K8 service accounts. There are loads of service account but the error is being thrown only for few service accounts, has anyone come across this or do you have any suggestions plz?
Error: Get "<https://eks_control_plane_endpoint/api/v1/namespaces/namespace-name/serviceaccounts/serviceaccount-name>": dial tcp: lookup eks-control-plane-api-endpoint on 0.0.0.0:53: read udp 172.17.0.2:35383->0.0.0.5:53: i/o timeout
Soren Jensenabout 3 years ago
Anyone who got an example using the cloudposse/s3-bucket/aws module to create 2 buckets in different regions with cross region replication setup between them?
Vinko Vrsalovicabout 3 years ago
Target group 'arn
elasticloadbalancing:eu-east-1:110072843540:targetgroup/mytargetgroup/1d7561147f16c315' is currently in use by a listener or a rule
I'm trying to change the target group on terraform but I get the above error. Is there a way to fix it in pure terraform? I know I can go to the UI and remove the target from the lb, but I'd rather let terraform do it correclty
elasticloadbalancing:eu-east-1:110072843540:targetgroup/mytargetgroup/1d7561147f16c315' is currently in use by a listener or a ruleI'm trying to change the target group on terraform but I get the above error. Is there a way to fix it in pure terraform? I know I can go to the UI and remove the target from the lb, but I'd rather let terraform do it correclty
VvV Vabout 3 years ago
Hi guys. I have been using terraform for some years, but still time to time struggle with for_each stuff. Compiling complex objects from locals etc using multiple for each loops and extracting needed values. Anyone has any good recommendation for book, documentation, video guide or blog post that would be helpful for me to deal with these in terraform? Anyone that faced similar issues and found good resource, paid or free and can recommend something, would be appreciated.
Ryan Rykeabout 3 years ago
has anyone seen this error
Error: Error retreiving Projects: "InvalidInputException: Invalid project ARN: region does not match caller's region"
Slackbotabout 3 years ago
This message was deleted.
Jeff Behlabout 3 years ago
folks - guidance on best way to keep configuration around but not have the resources active? case in point is a eks cluster with a number of node groups defined with the
terraform-aws-eks-node-group module. I don’t need a specific node group that was dedicated to some testing, but may want to bring it up later. maybe this is as much a terraform question as this specific module, but what’s the best way to accomplish? I could obviously just comment out the block, but perhaps there’s another way within the module? thxAdnanabout 3 years ago
In the terraform aws rds docs there is this serverless v2 example:
"An
Did I understand this correctly and is it really the case that you cannot create a serverless v2 cluster without an
"An
aws_rds_cluster_instance resource must also be added to the cluster"resource "aws_rds_cluster" "example" {
cluster_identifier = "example"
engine = "aurora-postgresql"
engine_mode = "provisioned"
engine_version = "13.6"
database_name = "test"
master_username = "test"
master_password = "must_be_eight_characters"
serverlessv2_scaling_configuration {
max_capacity = 1.0
min_capacity = 0.5
}
}
resource "aws_rds_cluster_instance" "example" {
cluster_identifier = aws_rds_cluster.example.id
instance_class = "db.serverless"
engine = aws_rds_cluster.example.engine
engine_version = aws_rds_cluster.example.engine_version
}Did I understand this correctly and is it really the case that you cannot create a serverless v2 cluster without an
aws_rds_cluster_instance resource?
Paulaabout 3 years ago
Hi! someone had this problem before? i made a mess with the state, destroying all and migrating it. https://github.com/hashicorp/terraform/pull/2376 i ran the last script in there:
but when i apply the error still being the same.
I tried deleting by hand all the security group rules and it didnt work neither
while read -r addr
do
if [[ "$addr" == "module."** ]]
then
module="${addr%.*.*}"
addr="${addr#$module.}"
echo terraform taint -module="${module//module./}" "$addr"
else
echo terraform taint "$addr"
fi
done < <(terraform state list | grep "aws_security_group_rule")but when i apply the error still being the same.
I tried deleting by hand all the security group rules and it didnt work neither
rssabout 3 years ago(edited)
v1.3.6
1.3.6 (November 30, 2022)
BUG FIXES:
Terraform could crash if an orphaned resource instance was deleted externally and had condition checks in the configuration (#32246)
Module output changes were being removed and re-added to the stored plan, impacting performance with large numbers of outputs (<a...
1.3.6 (November 30, 2022)
BUG FIXES:
Terraform could crash if an orphaned resource instance was deleted externally and had condition checks in the configuration (#32246)
Module output changes were being removed and re-added to the stored plan, impacting performance with large numbers of outputs (<a...