#terraform - July 2024

I have created an EC2 instance in terrafrom with a userdata template. In the template I install and setup WireGuard, and defined a few users. But adding/removing users from the user data doesn't redeploy the instance?! Terraform apply shows 1 change to make and the server is shutdown, AWS shows the updated userdata, but when the server is back up I don't see any change in users. I have tried to add a step in the user data to delete the config file. Still no change. Is there a way I can force terraform to completely destroy the EC2 instance on every apply?

v1.9.1
1.9.1 (Unreleased)
UPGRADE NOTES:

Library used by Terraform (hashicorp/go-getter) for installing/updating modules was upgraded from v1.7.5 to v1.7.6. This addresses CVE-2024-6257. This change may have a negative effect on performance of terraform init or terraform get in case of larger git repositories. Please do file an issue if you find the performance difference noticable. (<a...

v1.9.1
1.9.1 (July 3, 2024)
UPGRADE NOTES:

Library used by Terraform (hashicorp/go-getter) for installing/updating modules was upgraded from v1.7.5 to v1.7.6. This addresses CVE-2024-6257. This change may have a negative effect on performance of terraform init or terraform get in case of larger git repositories. Please do file an issue if you find the performance difference noticable. (<a...

anyone here used TerraMaid before? https://github.com/RoseSecurity/Terramaid

👋 I am wondering if it'd make sense to add support for configuring lambda permissions (i.e. who can invoke the function) directly in the aws-lambda-function module? This is the resource we could add, with a variable (presumably a list) for configuring at least the principal and source_arn attributes for each permission entry. It kinda feels natural to be able to declare the permissions in the lambda config, but I am not sure if we could run into some circular dependency issues this way. In my use case, it's an S3-triggered function, so the bucket source ARN would be known in advance and this pattern would work. What do you think?

Hello
I've recently become interested in Atmos and am doing a PoC on a small project within my company with Atmos.
While using it, I am satisfied with most of the features and it is well documented so I had no problem learning it, however, I have a question about using Template Functions in the data sharing between stacks.
Instead of using the terraform native module of cloudposse, I created the necessary root modules myself, so I don't use the RemoteState method.
If the output is a list of strings rather than a simple string, when referenced from another stack, it will be converted to a string and referenced as [item1 item2 item3] or something like that.
How do I get it to reference like a list normally?

Hi everyone,
Is there a provider function available for the equivalent of this module, by any chance?
https://github.com/cloudposse/terraform-null-label
I think a provider function might be easier/cleaner to use, than a module.

Is Atlantis the best free / foss TACOS?

Hi All, I want to deploy a cloudformation stackset in parallel over multiple accounts in one region.

Currently I use:

resource "aws_cloudformation_stack_set_instance" "this" { operation_preferences { max_concurrent_percentage = 50 region_concurrency_type = "PARALLEL" }

but it does not scale over 1 deployment

anyone knows how to do this ?

v1.9.2
1.9.2 (July 10, 2024)
BUG FIXES:

core: Fix panic when self-referencing direct instances from count and for_each meta attributes. (#35432)

v1.9.1
1.9.1 (July 3, 2024)
UPGRADE NOTES:

Library used by Terraform (hashicorp/go-getter) for installing/updating modules was upgraded from v1.7.4 to v1.7.5. This addresses CVE-2024-6257. This change may have a negative effect on performance of terraform init or terraform get in case of larger git repositories. Please do file an issue if you find the performance difference noticable. (<a...

Anyone utilizing Hashicorp Sentinel for Policy-as-Code in your pipelines? We’ve been thinking about different ways to incorporate policies into pipelines to make approval processes smoother for infra provisioning and curious if anyone had any recommendations

v1.10.0-alpha20240717
1.10.0-alpha20240717 (July 17, 2024)
EXPERIMENTS:
Experiments are only enabled in alpha releases of Terraform CLI. The following features are not yet available in stable releases.

ephemeral_values: This language experiment introduces a new special kind of value which Terraform allows to change between the plan phase and the apply phase, and between plan/apply rounds....

Hello, can anybody please point out to a simple workable solution of implemanting a maintanance page for Beanstalk application behind ALB. Thank you

Heyoo, It's me again 😄 I just published this comparing 5 LLMs on a specific Terraform code generation tasks (and ofcourse included ourselves at the end 😅)

We're trying to figure out how to improve IaC workflows in general, code generation alone is not enough, as you all know writing terraform is not the worst part.

I really appreciate your feedback, or if you'd like to share more edge-cases where an LLM screwed up so we could add to the benchmark we're working on

https://youtu.be/9lQftToWifk?si=4WzEYjscenf_rIfq

Hi Everyone,
Any idea what is the api rate limit for terrasnek cancel run or discard run APIs?

Hello,

I created a PR on terraform-aws-waf module.
Can you review my PR and validate it if you have time ?

Currently i have idempotency problem and this feature will fixed that.

Don't hesitate if you have question.

PR: https://github.com/cloudposse/terraform-aws-waf/pull/91

Thank you 🙂

@Erik Osterman (Cloud Posse)

v1.9.3
1.9.3 (July 24, 2024)
ENHANCEMENTS:

Terraform now returns a more specific error message in the awkward situation where an input variable validation rule is known to have failed (condition returned false) but the error message is derived from an unknown value. (#35400)

BUG FIXES:

core: Terraform no longer performs an unnecessary...

How to run atmos terraform <stuff> and capture the output without ANSI codes? atmos terraform <stuff> -no-color seems to eliminate ANSI output from terraform , but Atmos adds its own ANSI. Did quick code search without joy. Is there a CLI option, or will I need to post-process ANSI out of the captured output?

Hello,

Currently we have the following structure in Terraform

Terraform
  | main.tf
  | vars
    | dev
      | default.tfvars
      | cluster1.tfvars
      | cluster2.tfvars

Currently what we do in order to deploy is run the following command per cluster:

terraform apply -var-file vars/<env>/default.tfvars -var-file vars/<env>/<cluster_name>.tfvars

Can Atmos help in making that into a single command that will deploy to all the cluster in a given environment?

We tested a technique called grammar prompting (e.g. https://arxiv.org/abs/2305.19234) for different open weight models on TF code generation, and this is the preliminary results

We're still ironing out some details, adding Llama 3.1 and closed source models to the mix then will publish a more comprehensive writeup

I personally think there's still a lot of room for improvement, and a big opportunity for new GenAI-assisted IAC tooling

v1.10.0-alpha20240730
1.10.0-alpha20240730 (July 30, 2024)
BUG FIXES:

The error message for an invalid default value for an input variable now indicates when the problem is with a nested value in a complex data type. [<a class="issue-link js-issue-link" data-error-text="Failed to load title" data-id="2412199978" data-permission-text="Title is private" data-url="https://github.com/hashicorp/terraform/issues/35465" data-hovercard-type="pull_request" data-hovercard-url="/hashicorp/terraform/pull/35465/hovercard"...