#atmos (2022-05)

2022-05-01

Michael Dizon avatar
Michael Dizon

what account should tfstate-backend be set up in?

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

We typically put it in the root, since there is no other account yet when cold starting

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Also , we have started taking a hierarchical approach to state backends

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Provision the root state backend and then provision the additional buckets using the root state backend as the backend for the other buckets

Michael Dizon avatar
Michael Dizon

what tenant would that go into since atmos requires the tenant-environment-stage formatting

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

That is configurable

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

You could do one bucket per account

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Or based on OU

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Or some other convention

Michael Dizon avatar
Michael Dizon

i set the tenants up to match the ou, and the environment to match the account names

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

I think we still provision the buckets in the root account for simplicity sake

Michael Dizon avatar
Michael Dizon

i put the root account under mgmt in an env called gbl

Michael Dizon avatar
Michael Dizon

yeah

RB (Ronak) (Cloud Posse) avatar
RB (Ronak) (Cloud Posse)

also just want to point out that tenants are optional. the only hard requirement is environment and stage.

1
Michael Dizon avatar
Michael Dizon

i’ve been having issues getting the account-map data when using my sso user signed in with the identity role. when i log the outputs, i see some access denied errors for dynamodb/PutItem and s3/listobjects

Michael Dizon avatar
Michael Dizon

tfstate-backend is set up in the root account and, i’ve created the delegated roles in the root account as well

Michael Dizon avatar
Michael Dizon

^^ looks like I needed to modify the iam_role_arn_template_template to use tenants!

2022-05-02

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

vendoring coming soon to atmos: https://github.com/cloudposse/atmos/pull/145

what

• Add atmos vendor commands • Add atmos vendor pull command • Improve error messages • Cleanup code

why

atmos vendor commands are used to manage vendoring for components and stacks • atmos vendor pull -c <component> command pulls sources and mixins for the specified component • Support k8s-style YAML config (file component.yaml) to describe component vendoring configuration. The file is placed into the component folder and then the atmos command atmos vendor pull -c <component> is executed to pull the sources and mixins for the component

component.yaml

apiVersion: atmos/v1
kind: ComponentVendorConfig
metadata:
  name: vpc-flow-logs-bucket-vendor-config
  description: Source and mixins config for vendoring of 'vpc-flow-logs-bucket' component
spec:
  source:
    # 'uri' supports all protocols (local files, Git, Mercurial, HTTP, HTTPS, Amazon S3, Google GCP),
    # and all URL and archive formats as described in <https://github.com/hashicorp/go-getter>
    # In 'uri', Golang templates are supported  <https://pkg.go.dev/text/template>
    # If 'version' is provided, '{{.Version}}' will be replaced with the 'version' value before pulling the files from 'uri'
    uri: github.com/cloudposse/terraform-aws-components.git//modules/vpc-flow-logs-bucket?ref={{.Version}}
    version: 0.194.0
    # Only include the files that match the 'included_paths' patterns
    # If 'included_paths' is not specified, all files will be matched except those that match the patterns from 'excluded_paths'
    # 'included_paths' support POSIX-style Globs for file names/paths (double-star `**` is supported)
    # <https://en.wikipedia.org/wiki/Glob_(programming)>
    # <https://github.com/bmatcuk/doublestar#patterns>
    included_paths:
      - "**/*.tf"
      - "**/*.tfvars"
      - "**/*.md"
    # Exclude the files that match any of the 'excluded_paths' patterns
    # Note that we are excluding 'context.tf' since a newer version of it will be downloaded using 'mixins'
    # 'excluded_paths' support POSIX-style Globs for file names/paths (double-star `**` is supported)
    excluded_paths:
      - "**/context.tf"

  # mixins override files from 'source' with the same 'filename' (e.g. 'context.tf' will override 'context.tf' from the 'source')
  # mixins are processed in the order they are declared in the list
  mixins:
    # <https://github.com/hashicorp/go-getter/issues/98>
    - uri: <https://raw.githubusercontent.com/cloudposse/terraform-null-label/0.25.0/exports/context.tf>
      filename: context.tf
    - uri: <https://raw.githubusercontent.com/cloudposse/terraform-aws-components/{{.Version}}/modules/datadog-agent/introspection.mixin.tf>
      version: 0.194.0
      filename: introspection.mixin.tf

• The URIs (uri) in the vendoring config support all protocols (local files, Git, Mercurial, HTTP, HTTPS, Amazon S3, Google GCP), and all URL and archive formats as described in https://github.com/hashicorp/go-getterincluded_paths and excluded_paths support POSIX-style Globs for file names/paths (double-star ** is supported as well)

test

atmos vendor pull -c infra/vpc-flow-logs-bucket

Pulling sources for the component 'infra/vpc-flow-logs-bucket' 
from 'github.com/cloudposse/terraform-aws-components.git//modules/vpc-flow-logs-bucket?ref=0.194.0' 
and writing to 'examples/complete/components/terraform/infra/vpc-flow-logs-bucket'

Including the file 'README.md' since it matches the '**/*.md' pattern from 'included_paths'
Excluding the file 'context.tf' since it matches the '**/context.tf' pattern from 'excluded_paths'
Including the file 'default.auto.tfvars' since it matches the '**/*.tfvars' pattern from 'included_paths'
Including the file 'main.tf' since it matches the '**/*.tf' pattern from 'included_paths'
Including the file 'outputs.tf' since it matches the '**/*.tf' pattern from 'included_paths'
Including the file 'providers.tf' since it matches the '**/*.tf' pattern from 'included_paths'
Including the file 'variables.tf' since it matches the '**/*.tf' pattern from 'included_paths'
Including the file 'versions.tf' since it matches the '**/*.tf' pattern from 'included_paths'

Pulling the mixin '<https://raw.githubusercontent.com/cloudposse/terraform-null-label/0.25.0/exports/context.tf>' 
for the component 'infra/vpc-flow-logs-bucket' 
and writing to 'examples/complete/components/terraform/infra/vpc-flow-logs-bucket'

Pulling the mixin '<https://raw.githubusercontent.com/cloudposse/terraform-aws-components/0.194.0/modules/datadog-agent/introspection.mixin.tf>' 
for the component 'infra/vpc-flow-logs-bucket' 
and writing to 'examples/complete/components/terraform/infra/vpc-flow-logs-bucket'

1
2
1
Release notes from atmos avatar
Release notes from atmos
07:04:17 PM

v1.4.12 what Add atmos vendor commands Add atmos vendor pull command Improve error messages Cleanup code why atmos vendor commands are used to manage vendoring for components and stacks atmos vendor pull -c command pulls sources and mixins for the specified component Support k8s-style YAML config (file component.yaml) to describe component vendoring configuration. The file is placed into the component folder and then the atmos command atmos vendor pull -c is executed to pull the sources and mixins…

Release v1.4.12 · cloudposse/atmosattachment image

what Add atmos vendor commands Add atmos vendor pull command Improve error messages Cleanup code why atmos vendor commands are used to manage vendoring for components and stacks atmos vendor pul…

2022-05-03

2022-05-05

Release notes from atmos avatar
Release notes from atmos
06:04:15 PM

v1.4.13 what Improve error handling and error messages Add atmos validate stacks command why Check and validate all YAML files in the stacks folder Detect invalid YAML and print the file names and the line numbers test atmos validate stacks

Invalid YAML file ‘catalog/invalid-yaml/invalid-yaml-1.yaml’ yaml: line 15: found unknown directive name

Invalid YAML file ‘catalog/invalid-yaml/invalid-yaml-2.yaml’ yaml: line 16: could not find expected ‘:’

Invalid YAML file…

Release v1.4.13 · cloudposse/atmosattachment image

what Improve error handling and error messages Add atmos validate stacks command why Check and validate all YAML files in the stacks folder Detect invalid YAML and print the file names and the l…

    keyboard_arrow_up