40 messages
Bart Coddensover 2 years ago
Hi All, I would like to use a value fetched with a datasource in my terraform.tfvars
Bart Coddensover 2 years ago
Like this:
Bart Coddensover 2 years ago
aws-accounts = {
Bart Coddensover 2 years ago
"0" = ["NAME","ARN","data.aws_ssm_parameter.iam-external-id.value"]
Bart Coddensover 2 years ago
}
Bart Coddensover 2 years ago
But that does not seem to work
Josh Pollaraover 2 years ago
Head on over to #opentofu for OpenTofu-related conversations and release notifications
SAover 2 years ago
Hello all,
In a terraform module, locals.tf we are hard-coding the UUIDs of the RDS clusterβs secrets. Can we can accomplish this with a data lookup instead?
In a terraform module, locals.tf we are hard-coding the UUIDs of the RDS clusterβs secrets. Can we can accomplish this with a data lookup instead?
Kris Musardover 2 years ago
Hi! Ran Atmos on AWS for last 18 months. I have now landed on Azure and need to refactor some TF. Anybody using Atmos on Azure? Tips? Examples?
OliverSover 2 years ago
Any advice on how to support more than 1 person updating the same terraform state? eg one team member is editing some iam roles, and another some s3 buckets, both defined in the same stack; they can each create their plan, but sometimes it can be useful to apply the plan as some issues only emerge during apply.
So basically to avoid having a PR accepted only to find during apply that some changes are broken, it is good to apply the plan, if only for a short period (say 10-30 minutes). There is a window of time where the tfstate has changed but the shared tf code has not.
Similarly, once a PR is merged, there is a window of time where the code has changed but the plan on master has not yet been applied. Esp if terraform is not yet under github actions.
So basically to avoid having a PR accepted only to find during apply that some changes are broken, it is good to apply the plan, if only for a short period (say 10-30 minutes). There is a window of time where the tfstate has changed but the shared tf code has not.
Similarly, once a PR is merged, there is a window of time where the code has changed but the plan on master has not yet been applied. Esp if terraform is not yet under github actions.
suzuki-shunsukeover 2 years ago
tfprovidercheck is a simple command line tool to prevent malicious Terraform Providers from being executed. You can define the allow list of Terraform Providers and their versions, and check if disallowed providers aren't used.
https://github.com/suzuki-shunsuke/tfprovidercheck
https://github.com/suzuki-shunsuke/tfprovidercheck
Brian Adamsover 2 years ago
Hey all, I have a super basic question here. The docs for digitalocean kubernetes provider say the following:
When I run
Anyone have any recommendations here?
terraform {
required_providers {
digitalocean = {
source = "digitalocean/digitalocean"
version = "2.31.0"
}
}
}When I run
terraform init I get the following error:β Error: Failed to query available provider packages
β
β Could not retrieve the list of available versions for provider
β digitalocean/digitalocean: no available releases match the given constraints
β 2.31.0Anyone have any recommendations here?
James Stallingsover 2 years ago
is the github_oauth_token variable in https://github.com/cloudposse/terraform-aws-cicd a standard PAT or some other token I need to generate?
Erik Osterman (Cloud Posse)over 2 years ago(edited)
Anyone know what the behavior is of the Terraform Registry when a repo is transferred from one GitHub organization to another? specifically, for modules that have been registered with the registry.
Renesh reddyover 2 years ago
Hi Team,
When doing terraform plan we are Getting below error, does anyone have any idea: π‘
β Error: Unsupported block type
on .terraform/modules/codebuild-build/aws-modules/aws-codebuild/main.tf line 321, in resource "aws_codebuild_project" "default":
321: dynamic "auth" {
Blocks of type "auth" are not expected here.
β
When doing terraform plan we are Getting below error, does anyone have any idea: π‘
β Error: Unsupported block type
on .terraform/modules/codebuild-build/aws-modules/aws-codebuild/main.tf line 321, in resource "aws_codebuild_project" "default":
321: dynamic "auth" {
Blocks of type "auth" are not expected here.
β
Michael Dizonover 2 years ago
sorry for posting twice, not sure if people are still using the #refarch channel
rssover 2 years ago(edited)
v1.7.0-alpha20231108
1.7.0-alpha20231108 (November 8, 2023)
UPGRADE NOTES:
Input validations are being restored to the state file in this version of Terraform. Due to a state interoperability issue (#33770) in earlier versions, users that require interaction between different minor series should ensure they have upgraded to the following patches:
Users...
1.7.0-alpha20231108 (November 8, 2023)
UPGRADE NOTES:
Input validations are being restored to the state file in this version of Terraform. Due to a state interoperability issue (#33770) in earlier versions, users that require interaction between different minor series should ensure they have upgraded to the following patches:
Users...
muhahaover 2 years ago(edited)
How can I configure
aws-auth config map in cloudposse/terraform-aws-eks-cluster or cloudposse/terraform-aws-eks-node-group modules to allow Karpener Node role (https://karpenter.sh/docs/getting-started/migrating-from-cas/#update-aws-auth-configmap) ? Thanks
setheryopsover 2 years ago
I think I know the answer to this but ill ask anywaysβ¦.Theres not a way to sort resources in
terraform state list by creation date is there?
Juniorover 2 years ago
Hi all , running into an issue where windows is detecting terrraform changes to our aws infrastructure, but mac is not detecting the changes (which is what I expect). All the TF files were created on a mac machine. Has anyone experience this behavior before, how can I resolved it.
Joe Perezover 2 years ago
Hello all, I've been trying to get this IAM policy to render with a single statement and a list of ARNs that need to include a line item for just the ARN and the ARN with the wildcard (arn+"/*") When I try to do this with a loop, it looks like the loop can only return a single string or a map object. I was hoping the two ARN line items could be added during the same loop iteration. This is similar to what I have so far which only adds the single ARN each time:
variable "bucket_arns" {
default = ["arn:aws:s3:::bucket1","arn:aws:s3:::bucket2","arn:aws:s3:::bucket3"]
}
data "aws_iam_policy_document" "example" {
statement {
actions = ["s3:*"]
effect = "Allow"
resources = [for bucket in var.bucket_arns : bucket]
}
}
output "policy" { value = data.aws_iam_policy_document.example.json}Erik Osterman (Cloud Posse)over 2 years ago
Hey everyone! Big favor to task....
Cloud Posse is very close to becoming an AWS Advanced Partner, but we need your help!
If you've found any of our Terraform modules helpful, including this Slack community or office hours, please let AWS know by leaving a review. We need these reviews to level up in their partner ecosystem.
https://cloudposse.com/apn-review
π
Cloud Posse is very close to becoming an AWS Advanced Partner, but we need your help!
If you've found any of our Terraform modules helpful, including this Slack community or office hours, please let AWS know by leaving a review. We need these reviews to level up in their partner ecosystem.
https://cloudposse.com/apn-review
π
rssover 2 years ago(edited)
v1.6.4
1.6.4 (November 15, 2023)
ENHANCEMENTS:
backend/s3: Add the parameter endpoints.sso to allow overriding the AWS SSO API endpoint. (#34195)
BUG FIXES:
terraform test: Fix bug preventing passing sensitive output values from previous run blocks as inputs to future run blocks. (<a...
1.6.4 (November 15, 2023)
ENHANCEMENTS:
backend/s3: Add the parameter endpoints.sso to allow overriding the AWS SSO API endpoint. (#34195)
BUG FIXES:
terraform test: Fix bug preventing passing sensitive output values from previous run blocks as inputs to future run blocks. (<a...
RBover 2 years ago
Does anyone know of any corporate terraform classes that do remote instructor-lead trainings?
tamskyover 2 years ago
https://github.com/hashicorp/terraform/issues/19932#issuecomment-1817043906 - I hope someday to be in a conversation where I can use Eric's word
terralythic. π
PePe Amengualover 2 years ago
I was looking at the
aws-sso and aws-ssosync since I will be using google and I read the docs of the aws-sso component and I was surprise to see you guys deploy it on the root account but then a question came up, do you deploy all the assume roles on the root account too or you do that in the identity account?
Elad Leviover 2 years ago
Anyone know if Github organization repo's rulesets can be managed with terraform ?
Martin Helfertabout 2 years ago
Is there some way to prevent local-exec from showing sensitive values in case of an error? It suppresses the value if the commands are running without issues showing
module.test.null_resource.this (local-exec): (output suppressed due to sensitive value in config) in the logs, but if the resource fails with local-exec provisioner error , all the commands are shown in plain text including the sensitive values
Frankabout 2 years ago
I am trying to create users and databases in my RDS instance. This needs to be done via a Bastion instance, which is only reachable over Systems Manager. I came across terraform-ssh-tunnel which seems to support SSM but in our case it needs to assume a role within the target account first before getting the instance and tunneling through it.
Has anyone ever attempted to do something like this?
Has anyone ever attempted to do something like this?
Ola Belloabout 2 years ago
Hi, I have been getting this error when trying to use the eks_workers module, anyone knows a way around this β Error: Unsupported argument
β
β on .terraform/modules/eks_workers.autoscale_group/main.tf line 244, in resource "aws_autoscaling_group" "default":
β 244: tags = flatten([
β
β An argument named "tags" is not expected here.
β
β on .terraform/modules/eks_workers.autoscale_group/main.tf line 244, in resource "aws_autoscaling_group" "default":
β 244: tags = flatten([
β
β An argument named "tags" is not expected here.
muhahaabout 2 years ago(edited)
Hiπ Is there any option to NOT lowercase the role name in
cloudposse/iam-role/aws module ? Thanks
Juan Pablo Lorierabout 2 years ago
Hi, I've started using cloudposse modules to manage the ECS clusters and I'm having a hard time with them. After several days moving forward error by error, I'm stucked with this new error.
Error: creating ECS Service (XXXXXXXX): InvalidParameterException: Classic Load Balancers are not supported with Fargate.
The load balancer block:
ecs_load_balancers = [
{
target_group_arn = null
elb_name = module.alb.alb_name,
container_name = module.container_definition["${var.environment}-${each.value.service_name}"].json_map_object.name # lookup(each.value, "container_name", each.key),
container_port = module.container_definition["${var.environment}-${each.value.service_name}"].json_map_object.portMappings[0].containerPort #lookup(each.value, "container_port", 5000)
}
The elb_name is from an ALB (confirmed) so no clue why this is complaining for the ELB type.
Any hints?
Error: creating ECS Service (XXXXXXXX): InvalidParameterException: Classic Load Balancers are not supported with Fargate.
The load balancer block:
ecs_load_balancers = [
{
target_group_arn = null
elb_name = module.alb.alb_name,
container_name = module.container_definition["${var.environment}-${each.value.service_name}"].json_map_object.name # lookup(each.value, "container_name", each.key),
container_port = module.container_definition["${var.environment}-${each.value.service_name}"].json_map_object.portMappings[0].containerPort #lookup(each.value, "container_port", 5000)
}
The elb_name is from an ALB (confirmed) so no clue why this is complaining for the ELB type.
Any hints?
Doug Berghabout 2 years ago
i created a role using
cloudposse/iam-role/aws and the role's ARN has the name lower-cased...i.e. my name is blahBlahBlah and the ARN is arn:iam:role/blahblahblah.My CloudFormation resources that use it can't find it!rssabout 2 years ago(edited)
v1.6.5
1.6.5 (November 29, 2023)
BUG FIXES:
backend/s3: Fixes parsing errors in shared config and credentials files. (#34313)
backend/s3: Fixes error with AWS SSO when using FIPS endpoints. (<a href="https://github.com/hashicorp/terraform/pull/34313" data-hovercard-type="pull_request"...
1.6.5 (November 29, 2023)
BUG FIXES:
backend/s3: Fixes parsing errors in shared config and credentials files. (#34313)
backend/s3: Fixes error with AWS SSO when using FIPS endpoints. (<a href="https://github.com/hashicorp/terraform/pull/34313" data-hovercard-type="pull_request"...
Hao Wangabout 2 years ago
Anyone run into this issue recently? https://github.com/hashicorp/terraform-provider-helm/issues/1302
TechHippieabout 2 years ago
Hello Team - I am using the fully-private-cluster terraform blueprint to create a private EKS cluster with 2 managed node groups. I am trying to restrict the ECR repositories EKS cluster can pull images from by modifying the AmazonEC2ContainerRegistryReadOnly policy(custom policy) to contain specific repositories instead of all. This setup works for the first node group. But for the second node group it fails saying policy with the same name exists. How can I make it use the existing IAM policy if it exists? I tried to use aws_iam_policy data source but now it fails on node group 1 execution itself as the IAM policy doesnβt exist with that name yet. Any guidance on troubleshooting it will be of great help.
Josh B.about 2 years ago
This might be very premature and maybe just announced at ReInvent, but I noticed redis has a serverless option now and was wondering if Terraform updated the resource for it (couldn't find it) if so I would be willing to put in a pr in the cloudposse module.
rssabout 2 years ago(edited)
v1.7.0-alpha20231130
1.7.0-alpha20231130 (November 30, 2023)
UPGRADE NOTES:
Input validations are being restored to the state file in this version of Terraform. Due to a state interoperability issue (#33770) in earlier versions, users that require interaction between different minor series should ensure they have upgraded to the following patches:
Users...
1.7.0-alpha20231130 (November 30, 2023)
UPGRADE NOTES:
Input validations are being restored to the state file in this version of Terraform. Due to a state interoperability issue (#33770) in earlier versions, users that require interaction between different minor series should ensure they have upgraded to the following patches:
Users...