SweetOps #pr-reviews for August, 2022

Pull Request Reviews for Cloud Posse Projects

2022-08-01

Cody Moore

Hey crew, a buddy and I are working on some EKS changes, would love a review on this whenever someone gets a chance: https://github.com/cloudposse/terraform-aws-eks-node-group/pull/126 (needs another reviewer besides me )

What did I do

• Add detailed monitoring flag to the launch template of EC2 nodes

Why did I do this

• Some compliance tools will flag nodes used by this module because they don’t have detailed monitoring. This also allows metrics to be reported every minute as opposed to five minute intervals

Helpful references

• More AWS Documentation

Cody Moore

05:19:51 PM

If I can get a team member approval from @cloudposse-team that would be appreciated

What did I do

• Add detailed monitoring flag to the launch template of EC2 nodes

Why did I do this

• Some compliance tools will flag nodes used by this module because they don’t have detailed monitoring. This also allows metrics to be reported every minute as opposed to five minute intervals

Helpful references

• More AWS Documentation

Jeremy G (Cloud Posse)

06:27:28 PM

Approved, merged, released as v2.6.0.

2022-08-02

roth.andy

11:38:56 PM

https://github.com/cloudposse/terraform-aws-eks-workers/pull/93 pretty please

Useful for deploying to GovCloud since their partition there is “aws-us-gov” instead of just “aws”

what

Support other AWS partitions by templatizing ARNs that are currently hard coded

why

So the module can be used in other AWS partitions like GovCloud

references

Closes #92

2022-08-04

Sam Skynner

09:09:38 AM

https://github.com/cloudposse/terraform-aws-ssm-tls-self-signed-cert/pull/14 If possible This breaks a number of other modules right now which are dependent on this

what

• Remove key_algorithm from tls_cert_request

why

• Deprecated

references

• Closes #13 • https://registry.terraform.io/providers/hashicorp/tls/latest/docs • https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/cert_request#key_algorithm

RB (Ronak) (Cloud Posse)

12:21:12 PM

Cc @Andriy Knysh (Cloud Posse) @Jeremy G (Cloud Posse)

what

• Remove key_algorithm from tls_cert_request

why

• Deprecated

references

• Closes #13 • https://registry.terraform.io/providers/hashicorp/tls/latest/docs • https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/cert_request#key_algorithm

Jeremy G (Cloud Posse)

06:49:45 PM

Released as v1.0.0

Sam Skynner

06:51:12 PM

thank you so much for the quick reply

SergeiV

08:20:59 PM

I think vpn module will still fail because version for ssm-tls module is pinned to 0.5 : https://github.com/cloudposse/terraform-aws-ec2-client-vpn/blob/master/main.tf#L25

  version = "0.5.0"

RB (Ronak) (Cloud Posse)

08:30:37 PM

https://github.com/cloudposse/terraform-aws-ec2-client-vpn/pull/50#pullrequestreview-1062552564

RB (Ronak) (Cloud Posse)

08:30:48 PM

https://github.com/cloudposse/terraform-aws-ec2-client-vpn/releases/tag/0.12.6

RB (Ronak) (Cloud Posse)

08:31:04 PM

this release may take about 20 min or so to be added to the registry

SergeiV

08:32:13 PM

excellent, thank you very much !

2022-08-08

Oscar Jara

05:51:05 PM

Hi all. I think I found a bug in the terraform-aws-ecs-web-app module. EFS volumes are not being correctly set in the resulting task definition by the the terraform-aws-ecs-alb-service-task Draft PR here. Who can I discuss this with? Thanks!

what

Creates a separated variable for EFS volumes.

why

• The way terraform-aws-ecs-web-app defines and uses the EFS volumes with the terraform-aws-ecs-alb-service-task module is not working correctly and the EFS volume is not being set in the resulting task definition. • By separating EFS volumes and Docker volumes they can be assigned to the docker_volumes and efs_volumes as expected by the module.

mihai

02:48:07 PM

looking forward to this

what

Creates a separated variable for EFS volumes.

why

Oscar Jara

04:07:07 PM

This PR is ready for review now

Mo Omer

03:14:46 AM

I joined this slack to mention that I also encountered this issue, and the PR would be helpful!

mihai

04:28:29 PM

could we get another test run on this please @jose.amengual?

mihai

03:10:21 PM

thanks for that. and for review?

2022-08-09

2022-08-10

2022-08-16

matharoo

06:44:50 PM

Hi, can i please get this merged https://github.com/cloudposse/terraform-aws-rds-cluster/pull/149, the required changes have been made and tests have passed. Thanks

what

• For a multi a-z rds cluster skip creating aws_rds_cluster_instance resource when engine type is NOT aurora, aurora-mysql, aurora-postgresql • AWS provider has a bug that is causing the terraform apply to fail due to a missing rebooting state. I have a PR merged with terraform-aws-provider that fixes it and will be included in the next release 4.23.0. • hashicorp/terraform-provider-aws#25718

why

• Prevent terraform from crashing when creating a non-aurora multi a-z cluster. • aws provider update for fixing rebooting state when creating multi a-z cluster.

references

• closes #148 • hashicorp/terraform-provider-aws#25718

Isaac Campbell

07:52:47 PM

pr review: https://github.com/cloudposse/terraform-aws-eks-cluster/pull/162

what

• Added list of objects, which are Security Rule Ingress Definitions.

why

• Sometimes I need to add security groups to access my EKS workers, such as other EC2 instances on a variety of ports. Same with RDS instances.

references

• Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow). • Use closes #123, if this PR closes a GitHub issue #123

2022-08-18

Tommy

01:37:38 PM

pr review: https://github.com/cloudposse/terraform-aws-acm-request-certificate/pull/59

what

• added acm_certificate_validation.certification_arn output

why

• to avoid alb module can’t create listener because of not validated cert • use this output as certification arn in alb module

references

• #58 • closes #58

Tommy

12:28:52 PM

Did I something wrong? I forgot to squash the PR, it’s just added an output…

what

• added acm_certificate_validation.certification_arn output

why

• to avoid alb module can’t create listener because of not validated cert • use this output as certification arn in alb module

references

• #58 • closes #58

Tommy

03:16:24 PM

another PR needs some progress, someone can help? https://github.com/cloudposse/terraform-aws-ec2-instance/pull/117

what

• Added support for io2 and gp3 volumes

why

• io2 and gp3 are new more performant volumes therefore they should be supported

references

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#ebs-ephemeral-and-root-block-devices • Closes #114

Jeremy (UnderGrid Network Services)

03:19:09 PM

I can say I see the iops issue with using gp3 and this module all the time in our environment… presents a constant change whenever applied because of it

what

• Added support for io2 and gp3 volumes

why

• io2 and gp3 are new more performant volumes therefore they should be supported

references

• https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#ebs-ephemeral-and-root-block-devices • Closes #114

Tommy

03:43:14 PM

yes same here, and the suggestions for the pr are not really important, because it will work like this aswell

Tommy

07:14:39 PM

I fixed the conflicts: https://github.com/cloudposse/terraform-aws-ec2-instance/pull/136

what

• Added support for io2 and gp3 volumes

why

• original PR had conflicts, this will work hopefully • io2 and gp3 are new more performant volumes therefore they should be supported

references

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#ebs-ephemeral-and-root-block-devices
Closes #114

references

• Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow). • Use closes #123, if this PR closes a GitHub issue #123

2022-08-19

Mikhail Naletov

01:12:11 PM

Could somebody take a look? Cloudflare removed two fields from healthcheck in 3.20. I already commented about bump supported version in required providers

https://github.com/cloudposse/terraform-cloudflare-zone/pull/7

what

Remove deprecated fields from resource cloudflare_healthcheck

why

Cloudflare provider just released this change

references

https://github.com/cloudflare/terraform-provider-cloudflare/pull/1789/files
https://github.com/cloudflare/terraform-provider-cloudflare/blob/master/CHANGELOG.md

RB (Ronak) (Cloud Posse)

02:06:49 PM

I added a comment, same as yours

what

Remove deprecated fields from resource cloudflare_healthcheck

why

Cloudflare provider just released this change

references

https://github.com/cloudflare/terraform-provider-cloudflare/pull/1789/files
https://github.com/cloudflare/terraform-provider-cloudflare/blob/master/CHANGELOG.md

Mikhail Naletov

02:07:21 PM

Nice cat, btw

kevcube

03:40:19 PM

https://github.com/cloudposse/terraform-aws-ecs-web-app/pull/207

what

• Allow user to set runtime_platform in ECS task definition

why

• We are testing a mixed cluster of some ARM64 instances, some AMD64. We want to force certain containers to run in ARM64.

RB (Ronak) (Cloud Posse)

03:47:04 PM

I don’t believe this will work

what

• Allow user to set runtime_platform in ECS task definition

why

• We are testing a mixed cluster of some ARM64 instances, some AMD64. We want to force certain containers to run in ARM64.

RB (Ronak) (Cloud Posse)

03:47:20 PM

this is the example from

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition#runtime_platform

  runtime_platform {
    operating_system_family = "WINDOWS_SERVER_2019_CORE"
    cpu_architecture        = "X86_64"
  }

RB (Ronak) (Cloud Posse)

03:47:28 PM

but you added it as a straight input.

RB (Ronak) (Cloud Posse)

03:47:40 PM

it would require a dynamic iirc

RB (Ronak) (Cloud Posse)

03:48:03 PM

and I do not believe you can add multiple runtime platforms, can you ?

kevcube

03:50:43 PM

@RB (Ronak) (Cloud Posse) see my comment on PR

2022-08-22

Tommy

07:14:19 PM

copy of PR with fixed conflicts: https://github.com/cloudposse/terraform-aws-ec2-instance/pull/136

what

• Added support for io2 and gp3 volumes

why

• original PR had conflicts, this will work hopefully • io2 and gp3 are new more performant volumes therefore they should be supported

references

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#ebs-ephemeral-and-root-block-devices
Closes #114

references

• Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow). • Use closes #123, if this PR closes a GitHub issue #123

2022-08-26

kevcube

08:19:56 PM

https://github.com/cloudposse/terraform-aws-cloudfront-cdn/pull/90

what

• Enable HTTP/3 support in CloudFront

why

• It’s faster, and shinier than http/2

references

• https://aws.amazon.com/blogs/aws/new-http-3-support-for-amazon-cloudfront/ • https://blog.cloudflare.com/http-3-vs-http-2/

kevcube

08:20:20 PM

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#http_version

what

• Enable HTTP/3 support in CloudFront

why

• It’s faster, and shinier than http/2

references

• https://aws.amazon.com/blogs/aws/new-http-3-support-for-amazon-cloudfront/ • https://blog.cloudflare.com/http-3-vs-http-2/

RB (Ronak) (Cloud Posse)

08:32:52 PM

This does revert the < 4 pin in versions.tf from https://github.com/cloudposse/terraform-aws-cloudfront-cdn/pull/71

thoughts @Jeremy G (Cloud Posse)?

kevcube

08:35:18 PM

Yeah, I assumed that was because of the breaking changes in hashicorp/aws v4 that have since been undone

Jeremy G (Cloud Posse)

09:03:52 PM

@RB (Ronak) (Cloud Posse) @Andriy Knysh (Cloud Posse) This PR also removes support for provider version 2.x, 3.x, and < 4.27.0. I would like us to be more conservative about dropping support for older version, particularly older 4.x versions. We shall see who complains about this, but I would have allowed the old version 3.x versions and >= 4.9.0 and made a note that http3 support requires >= 4.27.0

RB (Ronak) (Cloud Posse)

09:11:26 PM

@kevcube do you mind making the changes Jeremy is suggesting ?

Jeremy G (Cloud Posse)

09:12:15 PM

The PR has already been merged, let’s just wait and see what the community reaction is to it.

2022-08-30

2022-08-31

matharoo

04:12:24 PM

Hello guys, i have a PR for terraform aws rds cluster @ https://github.com/cloudposse/terraform-aws-rds-cluster/pull/149 .. its approved. Can i please get a ETA when this can be merged? Its a blocker for us. Thank you :)

what

why

• Prevent terraform from crashing when creating a non-aurora multi a-z cluster. • aws provider update for fixing rebooting state when creating multi a-z cluster.

references

• closes #148 • hashicorp/terraform-provider-aws#25718

RB (Ronak) (Cloud Posse)

04:20:20 PM

I can merge this in now @matharoo but this PR isn’t really changing anything other than improving the tests and raising the pin in [versions.tf](http://versions.tf)

what

why

• Prevent terraform from crashing when creating a non-aurora multi a-z cluster. • aws provider update for fixing rebooting state when creating multi a-z cluster.

references

• closes #148 • hashicorp/terraform-provider-aws#25718

RB (Ronak) (Cloud Posse)

04:20:39 PM

Are you sure the PR contains all the changes you expect it to?

matharoo

04:34:09 PM

yes the main one we are concerned with is the AWS provider, because i fixed the provider to have a rebooting state

RB (Ronak) (Cloud Posse)

04:34:55 PM

You mean the raising of the aws provider version pin in versions.tf ?

matharoo

04:35:43 PM

yes thats correct

matharoo

04:36:01 PM

thanks man! much appreciated

Vladimir S.

06:39:27 PM

Could someone take a look pr pls

what

• add CloudWatch event rules • add missed CloudWatch log outputs • remove variable sns_subscriptions

why

• CloudWatch event rules are useful for invoking lambda by cron expressions • CloudWatch log outputs are useful for external usage • sns_subscriptions is unused variable

references

• Closes #27