40 messages
jwoodover 2 years ago
Is there an example out there of how to put my entire org's tfstate into a specific account? Multiple buckets is fine, but ideally I'd like to house it all in a specific account. I see that the
tfstate-backend module has a tfstate_account_id , should I be wrapping that in another module to pass the account ID from the account-map module, or is there a better way? Using atmos if that matters.Arthurover 2 years ago
Hello,
I am using
and I cannot figure out what is the new right way to configure my worker module, any idea?
I am using
terraform-aws-eks-workers and I would like to bump its version from v0.20.0 to v1.0.0 . Unfortunately, I was using the input security_groups like sosecurity_groups = [aws_security_group.eks_nodegroups_security_group.id, aws_security_group.eks_alb_ingress.id]and I cannot figure out what is the new right way to configure my worker module, any idea?
Mikhailover 2 years ago
Hello!
Could you please take a look at this PR?
https://github.com/cloudposse/terraform-aws-ecs-cluster/pull/9
It really important, because now it doesnβt work with current version of module.
Could you please take a look at this PR?
https://github.com/cloudposse/terraform-aws-ecs-cluster/pull/9
It really important, because now it doesnβt work with current version of module.
Andrew Miskellover 2 years ago(edited)
Heya guys, got a quick ask for help, I'm still pretty new with Terraform. I have this local variable in which I'm trying to build a listing of host, internal_ip and external_ip. The last octet of the internal_ip is derived from external_ip, I've got mostly everything working except I can't seem to wrap my head around how to construct the internal ip.
I know I can use
With the current code, my output looks like
I know I can use
split(".", ip)[3]to extract the last octet from the ip, but I can't seem to figure out/understand how to combine that with join(".", slice(split(".", data.aws_subnet.sending[k].cidr_block), 0, 3)) to construct a complete ip address
sending_ip_map = flatten([
for k, v in var.sending_ips : [
for ip in v : [
{
host = k,
external_ip = ip,
private_ip = join(".", slice(split(".", data.aws_subnet.sending[k].cidr_block), 0, 3))
}
]
]
])With the current code, my output looks like
debug = [
+ {
+ external_ip = "44.194.111.252"
+ host = "eis1"
+ private_ip = "10.0.234"
},
+ {
+ external_ip = "44.194.111.254"
+ host = "eis1"
+ private_ip = "10.0.234"
},
+ {
+ external_ip = "44.194.111.253"
+ host = "eis2"
+ private_ip = "10.0.234"
},
+ {
+ external_ip = "44.194.111.255"
+ host = "eis2"
+ private_ip = "10.0.234"
},
]rssover 2 years ago
v1.5.0-rc2
1.5.0-rc2 (June 5, 2023)
NEW FEATURES:
check blocks for validating infrastructure: Module and configuration authors can now write independent check blocks within their configuration to validate assertions about their infrastructure.
The new independent check blocks must specify at least one assert block, but possibly many, each one with a condition expression and an error_message expression matching the existing <a...
1.5.0-rc2 (June 5, 2023)
NEW FEATURES:
check blocks for validating infrastructure: Module and configuration authors can now write independent check blocks within their configuration to validate assertions about their infrastructure.
The new independent check blocks must specify at least one assert block, but possibly many, each one with a condition expression and an error_message expression matching the existing <a...
Tom Hughesover 2 years ago
Anyone else had weird behaviour using the helm provider? I'm just ran a plan, one in tf cloud, and one locally, and they're both wildy different. The code is the same, the providers look the same too. same backend. Everything. I can't workout why this would be. Anyone got any idea?
Dexter CariΓ±oover 2 years ago
I have question, when you create an environment in elasticbeanstalk with loadbalancer there will be a created security group
now I have a custom security group named mysql-secgrp, now my question is how can I automatically add the security group id of the elasticbeanstalk environment to my custom security group.
iβm trying to explore the terraform βdataβ and the βoutputβ but Iβm stuckβ¦
now I have a custom security group named mysql-secgrp, now my question is how can I automatically add the security group id of the elasticbeanstalk environment to my custom security group.
iβm trying to explore the terraform βdataβ and the βoutputβ but Iβm stuckβ¦
Alex Atkinsonover 2 years ago
Can someone explain why trim doesn't trim this hyphen, but replace operates on it as expected?
> trim("foo-bar", "-")
"foo-bar"
> replace("foo-bar", "-" , "")
"foobar"Erik Osterman (Cloud Posse)over 2 years ago
Arthurover 2 years ago
Hello guys, do you have any ideas on how to create a warm pool
terraform-aws-eks-workers module?Waqar Ahmedover 2 years ago
Hi, I recall; carrying out an AWS ASG Rolling Update through Terraform was not previously possible (due to no Update Policy API being exposed ). This was something comparatively easily achievable in CloudFormation through update policy. Is this ASG Rolling Update achievable now in TF ? Thanks in advance !
rssover 2 years ago
v1.5.0
1.5.0 (June 12, 2023)
NEW FEATURES:
check blocks for validating infrastructure: Module and configuration authors can now write independent check blocks within their configuration to validate assertions about their infrastructure.
The new independent check blocks must specify at least one assert block, but possibly many, each one with a condition expression and an error_message expression matching the existing <a...
1.5.0 (June 12, 2023)
NEW FEATURES:
check blocks for validating infrastructure: Module and configuration authors can now write independent check blocks within their configuration to validate assertions about their infrastructure.
The new independent check blocks must specify at least one assert block, but possibly many, each one with a condition expression and an error_message expression matching the existing <a...
Afolabi Omotosoover 2 years ago
Hi, Just wondering if it is advisable to use only s3 lock feature without dynamoDB for the state files. We are trying to get rid of dynamoDB to save some costs.
Makeshiftover 2 years ago
Hey guys - had a quick question about Terraform and was wondering if anyone knew about this.
The Arbitrary Expressions with Argument Syntax docs page implies that all blocks are supported as arrays (Which was welcome news to me, having hated blocks ever since they were introduced), meaning this should work if
However, I get Unsupported Argument. Is support for this dependent on the provider, or am I misunderstanding the docs?
The Arbitrary Expressions with Argument Syntax docs page implies that all blocks are supported as arrays (Which was welcome news to me, having hated blocks ever since they were introduced), meaning this should work if
settings was usually defined in block syntax and api_settings was an object:settings = [var.api_settings]However, I get Unsupported Argument. Is support for this dependent on the provider, or am I misunderstanding the docs?
Nat Williamsover 2 years ago
I've encountered something with
cloudposse/label/null that feels like an issue to me, or at least a potential feature, and wanted to get some opinions before I try fixing it. When setting label_key_case, the Name tag is still affected the same as every other tag. Its value is treated as a special case (getting the id), but not the key itself. I know it's kind of AWS specific, but it feels to me like Name should always be title-cased regardless of label_key_case.egy ardianover 2 years ago
Hi, How do you disable encryption_at_rest on terraform documentdb by cloudposse?
seems there is no option to do that
seems there is no option to do that
James Aover 2 years ago
Who wants a brain teaser? Getting this error with
terraform-aws-config but my config appears (to my eyes) to be valid.Elad Leviover 2 years ago
I would appreciate if you could take a look on the PR
Its for
@Andriy Knysh (Cloud Posse) @Dan Miller (Cloud Posse)
Its for
firewall-manager - shield_advanced.tf@Andriy Knysh (Cloud Posse) @Dan Miller (Cloud Posse)
Nemanjaover 2 years ago
Hi guys, thanks for having me here π Does anybody knows if OpenSearch support for terraform-aws-elasticsearch is going to be available soon, I'm planing an upgrade but wanted to continue using cloudposse module?
MrAtheistover 2 years ago(edited)
anyone knows how these files are getting generated (via terraform / terragrunt)...? ive inherited a couple of legacy aws accounts and noticed that theres this bucket getting exploded with all of these gibberish (10gb+) , but im not sure where it's coming from and how to stop it.
Veronika Gnilitskaover 2 years ago
Hey guys,
I am seeking feedback from those who have begun utilizing check blocks in their Terraform configurations.
1. What has your experience been like so far?
2. Could you highlight any specific use-cases where you found the application of check blocks particularly beneficial?
3. Have you encountered any potential pitfalls, challenges, or concerns in their implementation?
Any feedback or insights would be greatly appreciated π
I am seeking feedback from those who have begun utilizing check blocks in their Terraform configurations.
1. What has your experience been like so far?
2. Could you highlight any specific use-cases where you found the application of check blocks particularly beneficial?
3. Have you encountered any potential pitfalls, challenges, or concerns in their implementation?
Any feedback or insights would be greatly appreciated π
Sahil Touraniover 2 years ago
Hi folks, I have a question π Lets say im building a libary of terraform modules and publishing them to a private registry e.g. citizen. I have an internal development portal that is effectively through pipelines calling these individual modules to stand up infra resources. What would be better, establishing a means of downloading the module from the private registry? Calling the module in a .tf file within the examples directory? (But then how do i dynamically control the version o the module?)
Josh Pollaraover 2 years ago
I wanted to share this article. It's a result of a lot of thinking and talking with many Terraform users about where IaC and Terraform should go in the next few years. It's very opinionated. Would be great to hear people's thoughts even if they strongly disagree with the post. The tl;dr version of it is that ClickOps + HCL is the future, continuing to use HCL is a good thing because humans and computers can read, write, and modify HCL, and it enables Terraform users to get powerful tooling, especially around GUIs that could consume and produce HCL. Additionally, we believe CDKs are the wrong direction.
https://terrateam.io/blog/the-future-of-terraform-is-clickops
https://terrateam.io/blog/the-future-of-terraform-is-clickops
Adnanover 2 years ago
Can someone remind me what terraform does with "looped" resources if the order in the list changes?
Terraform probably destroys and recreates the resources if I change
But maybe someone can confirm it.
my.tfvarsbuckets = {
one = {
replication_enabled = true
}
two = {
replication_enabled = true
}
}main.tfmodule "bucket" {
for_each = {for k, v in var.buckets : k => v}
name = k
replication_enabled = v.replication_enabled
}Terraform probably destroys and recreates the resources if I change
my.tfvars to:buckets = {
two = {
replication_enabled = true
}
one = {
replication_enabled = true
}
}But maybe someone can confirm it.
mrwackyover 2 years ago
Are there any decent ways to generate half-way decent graphs of TF resources?
Use case - putting a pretty picture in our TF modules READMEs so our co-workers can get a better idea what a module does without being experts
Use case - putting a pretty picture in our TF modules READMEs so our co-workers can get a better idea what a module does without being experts
DaniC (he/him)over 2 years ago
Hi folks,
Anyone around who is publishing the modules into a private registry - TFC or others and then is using rennovate for upgrades ?
If so do you have a sample on how that configuration looks like? Note i'm trying to do the following:
β’ the token api to access TFC private registry is / should be in GH org secret or at least repo secrets
β’ in rennovate.json i'd like to use the secret
β’ upgrades for child modules defined in root modules (easy to achieve) but equally for child of child modules)
Anyone around who is publishing the modules into a private registry - TFC or others and then is using rennovate for upgrades ?
If so do you have a sample on how that configuration looks like? Note i'm trying to do the following:
β’ the token api to access TFC private registry is / should be in GH org secret or at least repo secrets
β’ in rennovate.json i'd like to use the secret
β’ upgrades for child modules defined in root modules (easy to achieve) but equally for child of child modules)
Mikhailover 2 years ago
Hello!
Cloud Posse team, could you please review this PR?
https://github.com/cloudposse/terraform-aws-alb-ingress/pull/68
Cloud Posse team, could you please review this PR?
https://github.com/cloudposse/terraform-aws-alb-ingress/pull/68
Sohamover 2 years ago
Can anyone help me to understand why adding
in the data source for
filter {
name = "instance-state-name"
values = ["running"]
}in the data source for
aws_instance starts complaining saying no matching EC2 instance found. The total code block isdata "aws_instance" "syslog" {
filter {
name = "tag:Name"
values = ["xx-yy"]
}
filter {
name = "tag:ManagedBy"
values = ["Terraform"]
}
filter {
name = "instance-state-name"
values = ["running"]
}
}Andy Wortmanover 2 years ago
Hi all. Weβre looking to implement a TACOS solution like atlantis, spacelift, env0, etc (solution hasnβt been selected yet). Most of the solutions appear to handle plan review and apply in git PRs. While Iβm sure this is fine for most changes, Iβm concerned that complex changes, new modules, etc would be awkward to test and troubleshoot via PR comments. For those using these kinds of solutions:
* Is troubleshooting complex changes via PR comments painful? Is there another workflow available in the tool you use?
* Do you allow any βpower usersβ to run terraform manually when needed, trusting them to commit changes properly at the end?
Iβm thinking of use cases like importing complex legacy resources that donβt currently match the βnewβ architecture. Today, Iβd be iterating through many runs of terraform plan to identify differences, and resolve them through module updates or even ClickOps, until I could run an apply at the end a get everything fully synced. Similarly, when developing a new component, it may take a lot of iteration to get it right.
* Is troubleshooting complex changes via PR comments painful? Is there another workflow available in the tool you use?
* Do you allow any βpower usersβ to run terraform manually when needed, trusting them to commit changes properly at the end?
Iβm thinking of use cases like importing complex legacy resources that donβt currently match the βnewβ architecture. Today, Iβd be iterating through many runs of terraform plan to identify differences, and resolve them through module updates or even ClickOps, until I could run an apply at the end a get everything fully synced. Similarly, when developing a new component, it may take a lot of iteration to get it right.
Greg Petrasover 2 years ago
hello, I am trying to use
"Error: creating FMS Policy: InvalidInputException: Resource ["AWS::CloudFront::Distribution"] can not be used in region: us-east-2."
I'm not sure how to create a CloudFront-specific policy that gets set in the global region, while everything else gets provisioned in my otherwise default region of
cloudposse/terraform-aws-firewall-manager version 0.4.0 but I am running into a problem. I am trying to define multiple waf_v2_policies but I run into a problem. I would like to also enforce policy against CloudFront distributions but I know they're a special case, and need to be provisioned "globally" (aka in us-east-1) does anyone know how to go about doing that successfully? when I try to put a list of two policies (one for ALBs and one for CloudFront Distros), I get this error:"Error: creating FMS Policy: InvalidInputException: Resource ["AWS::CloudFront::Distribution"] can not be used in region: us-east-2."
I'm not sure how to create a CloudFront-specific policy that gets set in the global region, while everything else gets provisioned in my otherwise default region of
us-east-2 . Has anyone been able to do this? Once I figure it out I am happy to add an example to the module for future reference. thanks!!Ihor Urazovover 2 years ago
https://github.com/terraform-aws-modules/terraform-aws-solutions#cloudwatch-log-retention-manager ready to use solution to deal with cloudwatch log groups without proper retention
Radhikaover 2 years ago(edited)
Hello Team, I am here to seek help. I am new to cloudposse. I am trying to implement datadog-synthetics-private-location Followed instructions on this page. If this is not the right place to seek help please point me to the right direction. Downloaded atmos.tool
1. I started with
2. Created similar folder structure for datadog-synthetics-private-location . On terminal cd into datadog-synthetics-private-location folder and ran this command
1. I started with
atmos tutorial and it works fine. 2. Created similar folder structure for datadog-synthetics-private-location . On terminal cd into datadog-synthetics-private-location folder and ran this command
atmos terraform plan datadog-synthetics-private-location --stack=test .This gives me below error. I have Atmos.yaml file. What am I missing here?β Error:
β 'atmos.yaml' CLI config files not found in any of the searched paths: system dir, home dir, current dir, ENV vars.
β You can download a sample config and adapt it to your requirements from <https://raw.githubusercontent.com/cloudposse/atmos/master/examples/complete/atmos.yaml>
β
β with module.iam_roles.module.account_map.data.utils_component_config.config,
β on .terraform/modules/iam_roles.account_map/modules/remote-state/main.tf line 1, in data "utils_component_config" "config":
β 1: data "utils_component_config" "config" {Dan Hamiltonover 2 years ago
Iβve got a question regarding the terraform-aws-sso module. Anyone else here use this to manage access to their AWS infra?
Crosspost from #aws :https://sweetops.slack.com/archives/CCT1E7JJY/p1688052257621759
Crosspost from #aws :https://sweetops.slack.com/archives/CCT1E7JJY/p1688052257621759
Jonathan Leover 2 years ago
Anyone else having issues installing TF providers right now?
Ashish Singhover 2 years ago
hey guys,
i need one help on https://registry.terraform.io/modules/cloudposse/elasticache-redis/aws/latest?tab=inputs version 0.52.0
encountered an
like this and don't what to fix here
Please do let me know if i am missing anything on this.
i need one help on https://registry.terraform.io/modules/cloudposse/elasticache-redis/aws/latest?tab=inputs version 0.52.0
encountered an
Errors related to https://github.com/cloudposse/terraform-aws-security-group/blob/main/normalize.tf Error: Invalid function argument
β
β on .terraform/modules/redis.aws_security_group/normalize.tf line 32, in locals:
β 32: self = lookup(rule, "self", null) == true ? true : null
β
β Error: Invalid function argument
β
β on .terraform/modules/redis.aws_security_group/normalize.tf line 27, in locals:
β 27: source_security_group_id = lookup(rule, "source_security_group_id", null)
β
β Invalid value for "inputMap" parameter: lookup() requires a map as the first argument.
β Error: Invalid function argument
β
β on .terraform/modules/redis.aws_security_group/normalize.tf line 20, in locals:
β 20: description = lookup(rule, "description", local.default_rule_description)
β
β Invalid value for "inputMap" parameter: lookup() requires a map as the first argument.
β Error: Unsupported attribute
β
β on .terraform/modules/redis.aws_security_group/normalize.tf line 19, in locals:
β 19: protocol = rule.protocol
β
β Can't access attributes on a primitive-typed value (string).like this and don't what to fix here
Please do let me know if i am missing anything on this.
aws = {
source = "hashicorp/aws"
version = ">= 2.17.0"
}
###########
Terraform v1.5.2
on darwin_arm64
+ provider <http://registry.terraform.io/hashicorp/aws|registry.terraform.io/hashicorp/aws> v5.5.0Ashish Singhover 2 years ago
Can anyone help me with above issue
Thanks in Advance
Thanks in Advance