#terraform - April 2024

stupid question but are you guys terraforming your github configs?

v1.8.0-rc2
1.8.0-rc2 (April 4, 2024)
If you are upgrading from Terraform v1.7 or earlier, please refer to
the Terraform v1.8 Upgrade Guide.
NEW FEATURES:


Providers can now offer functions which can be used from within the Terraform configuration language.
The syntax for calling a provider-contributed function is provider::provider_name::function_name(). (<a...

I'm trying to setup a pipe in EventBridge, it mostly works. The problem is the logging config isn't applied. Terraform isn't giving any errors, but when you look at the web console you see configure logging instead of the below logging config. Anyone who got an idea of why that could be? The role got the right logging permissions.

resource "aws_cloudwatch_log_group" "pipes_log_group_raw_data_stream_transformer" {
  name = "/aws/pipes/RawDataStreamTransformer"
  retention_in_days = 365
  tags = local.tags
}

resource "awscc_pipes_pipe" "raw_data_stream_transformer" {
  name       = "raw-data-stream-transformer"
  role_arn   = aws_iam_role.pipes_raw_data_transformer_role.arn
  source     = aws_kinesis_stream.raw_data_stream.arn
  target     = aws_kinesis_stream.transformed_data_stream.arn
  enrichment = aws_lambda_function.data_transformer.arn

  source_parameters = {
    kinesis_stream_parameters = {
      starting_position      = "LATEST"
      maximum_retry_attempts = 3
      dead_letter_config = {
        arn = aws_sqs_queue.raw_data_stream_deadletter.arn
      }
    }
  }

  target_parameters = {
    kinesis_stream_parameters = {
      partition_key = "$.partition_key"
    }
  }

  log_configuration = {
    enabled        = true
    log_level      = "ERROR"
    log_group_name = aws_cloudwatch_log_group.pipes_log_group_raw_data_stream_transformer.name
  }
}

v1.9.0-alpha20240404
1.9.0-alpha20240404 (April 4, 2024)
ENHANCEMENTS:


terraform console: Now has basic support for multi-line input in interactive mode. (#34822)
If an entered line contains opening paretheses/etc that are not closed, Terraform will await another line of input to complete the expression. This initial implementation is primarily...

from the v1.9 alpha release notes!!!

• The experimental "deferred actions" feature, enabled by passing the -allow-deferral option to terraform plan, permits count and for_each arguments in module, resource, and data blocks to have unknown values and allows providers to react more flexibly to unknown values. This experiment is under active development, and so it's not yet useful to participate in this experiment.

Anyone have any info on Terraform Stacks? Anyone used in private beta? Know when/what functionality maybe coming to OSS?

Hello everyone
Can we spin up two dms instances from this module? I am facing one issue regarding name , i have copied the same folder structure from this module. Please help me and let me know if this is possible to do or not
Thanks
Here is the module

https://github.com/cloudposse/terraform-aws-dms/blob/main/examples/complete/main.tf

hey guys, I am trying to setup vpc peering with the module and I am receiving an error that The "count" value depends on resource attributes that cannot be determined until apply. My module definition is simple but relies on the vpc module which should be created in the same terraform run.
Question - can vpc peering module be applied alongside the module which created vpc for which peering should be configured once created?

Hello everyone. We are using your great datadog wrapper for terraform but when I try to use the latest version I dont see the new properties added in 1.4.1 like on_missing_data. Was that released to terraform registry? I see it is in the release zip and in the main branch but when I init the module I dont see it in the code

Ah I think i get it. These were all migrated to options: ... but for backwards compatibility the old values still work

@Jeremy G (Cloud Posse) can add context, if necessary ☝️

Right, we moved the old top-level setting, and only the old settings, to their API location under options, where they belong. (Side note: priority actually belongs at the top level, not under options, and designating it as legacy was a mistake). You can see the on_missing_data setting being set here.

v1.8.0
1.8.0 (April 10, 2024)
If you are upgrading from Terraform v1.7 or earlier, please refer to
the Terraform v1.8 Upgrade Guide.
NEW FEATURES:


Providers can now offer functions which can be used from within the Terraform configuration language.
The syntax for calling a provider-contributed function is provider::provider_name::function_name(). (<a...

Hello All - I want to deploy few resources in all the accounts in an AWS organization. Is there a way to do it in terraform? I know i can use different providers to do it multiple accounts, but what if I want to create in all accounts in the organization?

I am trying to use terraform-aws-eks-node-group module to create EKS nodes, once created I am installing cluster-autoscaler. At this moment autoscaler is missing proper IAM permissions. I see, that at some point proper policy has been added but I do not see it in the current module code.
Question: what is the proper approach to enable/create IAM permissions required by the autoscaler?

👋 What schema does the DDB table used by https://github.com/cloudposse/github-action-terraform-plan-storage/tree/main need to have? cc @Erik Osterman (Cloud Posse)

Does anyone know of or has built a custom VSCode automation for refactoring a resource or module argument out into a variable?

As in I want to select an argument value like in the below screenshot and be able to right click or hit a keyboard shortcut and it'll create a new variable block in variables.tf with the argument's name and that value as the default value?

Closed - Manage to make it work by switching to a different region that supports the API Gateway that I'm trying to create

Hey guys, I'm experiencing something weird, I have a very simple AWS API Gateway definition and for some reason it's not being created--it's stuck in creation state:

Hi,

i'm currently using terragrunt and want to migrate to atmos. One very convenient thing about terragrunt is that i can simply overwrite the terraform module git repo urls with a local path (https://terragrunt.gruntwork.io/docs/reference/cli-options/#terragrunt-source-map). This allows me to develop tf modules using terragrunt in a efficient way.

Is there anything like it in atmos? If not, what is the best way to develop tf modules while using atmos?

Hey all,

(Edit: got the initial module working, now have questions about whether I've set it up optimally, and how to configure other ses features)

~~~~~~
I'm attempting to get the cloudposse/ses/aws terraform module working but am not having much luck. I've only really done small tweaks to terraform scripts so it's probably just a skill issue, but hopefully someone here can point me in the right direction.

The project is using terragrunt and I've attempted to copy over '/examples/complete' code.

To my amateur eye everything looks ok, but I'm getting this error:

│ Error: invalid value for name (must only contain alphanumeric characters, hyphens, underscores, commas, periods, @ symbols, plus and equals signs)
│ 
│   with module.ses.module.ses_user.aws_iam_user.default[0],
│   on .terraform/modules/ses.ses_user/main.tf line 11, in resource "aws_iam_user" "default":
│   11:   name                 = module.this.id

Hello,
Have you had a chance to test the new Terraform 1.8.0 version? In my experience, the new version appears to be approximately three times slower compared to version 1.7.5. I've created a new GitHub Issue regarding this performance problem, but we need to reproduce the issue (we need more cases). If you upgrade to 1.8, could you gauge the performance and memory usage before and after, then share the results here: https://github.com/hashicorp/terraform/issues/34984

v1.8.1
1.8.1 (April 17, 2024)
BUG FIXES:

Fix crash in terraform plan when referencing a module output that does not exist within the try(...) function. (#34985)
Fix crash in terraform apply when referencing a module with no planned changes. (<a href="https://github.com/hashicorp/terraform/pull/34985" data-hovercard-type="pull_request"...

how powerful are the provider functions? trying to understand the use cases

this is freggin awesome!

Using provider functions, it will be possible to run Lua along side terraform / opentofu.

function main_a( input )
    local animal_sounds = {
        cat = 'meow',
        dog = 'woof',
        cow = 'moo'
    }
    return animal_sounds
end

Then call that from terraform.

terraform {
  required_providers {
    tester = {
      source  = "terraform.local/local/testfunctions"
      version = "0.0.1"
    }
  }
}

provider "tester" {
        lua = file("./main.lua")
}

output "test" {
        value = provider::tester::main_a(tomap({"foo": {"bar": 190}}))
}

See example: https://github.com/opentofu/opentofu/pull/1491

Granted, I don't love the way this looks: provider::tester::main_a(tomap({"foo": {"bar": 190}}))
https://sweetops.slack.com/archives/CB6GHNLG0/p1713454132172149?thread_ts=1713440027.477669&cid=CB6GHNLG0

Getting this error while changing the version from helm chart, please suggest

Looks like a potential Hashicorp buyout by IBM: https://www.reuters.com/markets/deals/ibm-nearing-buyout-deal-hashicorp-wsj-reports-2024-04-23/

Am I just missing it, or is there no data source to return the available EKS Access Policies? I opened a ticket to request a new data source, please 👍️ if it would help you also!
https://github.com/hashicorp/terraform-provider-aws/issues/37065

@Jeremy G (Cloud Posse)

v1.8.2
1.8.2 (April 24, 2024)
BUG FIXES:

terraform apply: Prevent panic when a provider erroneously provides unknown values. (#35048)
terraform plan: Replace panic with error message when self-referencing resources and data sources from the count and for_each meta attributes. (<a href="https://github.com/hashicorp/terraform/pull/35047"...

It’s official

Yes it is.

Happy? is it seen as possitive in hashicorp @Jake Lundberg (HashiCorp)?

I’m leaving this channel, bye bye

Dont mind the XXXX I removed my account ID

Hey all Im trying to use the cloudposse SSM patch manager module located here: https://registry.terraform.io/modules/cloudposse/ssm-patch-manager/aws/latest However there is an issue that I cant seem to resolve. I am trying to get it to patch a windows machine with the key of PatchGroup and value of Windows but cant seem to figure out the correct syntax for it. Im also having trouble with it setting the patch baseline to Windows. By default its Amazon Linux 2 however when I change it to Windows it gives me an error message. Here is my code snippet and the error message I get.

Hi! As some of you know, I’m one of the Atlantis(runatlantis.io) maintainers, and we are seeking input from our users.
The Core Atlantis Team has created an anonymous survey for Atlantis users to help us understand the community needs and prioritize our roadmap. If you have the time, please take 5 minutes to fill it out https://docs.google.com/forms/d/1fOGWkdinDV2_46CZvzQRdz8401ypZR8Z-iwkNNt3EX0

I have a repo and in the root I have three directories for qa, stage and prod for each environment to create infrastructure in respective environment.
And I want to keep the code DRY (Don't repeat yourself).

NOTE: In each directory qa, stage and prod we are calling the child modules which are in the remote and not placing the child module configuration at the root of the module.
I have a providers.tf file which is a globally common where all the providers are defined and each have alias. But, I want to place the provideres.tf file in the root of the repo instead of placing the SAME file in all the three qa, stage and prod directories.

Is it possible to place the common globally defined Providers.tf file in the root of the repo and build the infrastructure in all the environments?

This additional tflint ruleset looks handy for additional terraform stylistic guides such as terraform_variable_order

Recommend proper order for variable blocks The variables without default value are placed prior to those with default value set Then the variables are sorted based on their names (alphabetic order)

Hi Team,

Need your help on the provider development using the plugin framework. I'm trying to set up a schema in the resource.go file. I set up an attribute which is required only during create as it is a sensitive attribute and it won't be present in the response which is causing the below error. I tried multiple ways to accommodate like keeping the required:true ; optional:true and computed:true ; sensitive:true etc..nothing worked. I got below error

2024-04-27T15:09:36.989+0530 [ERROR] vertex "xxxx.cred" error: Provider produced inconsistent result after apply ╷ │ Error: Provider produced inconsistent result after apply │ │ When applying changes to xxxx.cred, provider │ "provider["<http://hashicorp.com/edu/xxxx|hashicorp.com/edu/xxxx>"]" produced an unexpected new value: │ .secret_key: inconsistent values for sensitive attribute. 

Basically I need to handle an attribute required only during create but shouldn't be present in the response which needs to be solved.

Hey, OpenTofu 1.7.0 is out with state encryption, provider-defined functions, and a lot more: https://opentofu.org/blog/opentofu-1-7-0/!