#pr-reviews (2022-08)

Pull Request Reviews for Cloud Posse Projects

2022-08-01

Cody Moore avatar
Cody Moore
12:53:26 AM

Hey crew, a buddy and I are working on some EKS changes, would love a review on this whenever someone gets a chance: https://github.com/cloudposse/terraform-aws-eks-node-group/pull/126 (needs another reviewer besides me )

What did I do

• Add detailed monitoring flag to the launch template of EC2 nodes

Why did I do this

• Some compliance tools will flag nodes used by this module because they don’t have detailed monitoring. This also allows metrics to be reported every minute as opposed to five minute intervals

Helpful references

More AWS Documentation

1
Cody Moore avatar
Cody Moore
05:19:51 PM

If I can get a team member approval from @cloudposse-team that would be appreciated

What did I do

• Add detailed monitoring flag to the launch template of EC2 nodes

Why did I do this

• Some compliance tools will flag nodes used by this module because they don’t have detailed monitoring. This also allows metrics to be reported every minute as opposed to five minute intervals

Helpful references

More AWS Documentation

Jeremy G (Cloud Posse) avatar
Jeremy G (Cloud Posse)
06:27:28 PM

Approved, merged, released as v2.6.0.

1

2022-08-02

roth.andy avatar
roth.andy
11:38:56 PM

https://github.com/cloudposse/terraform-aws-eks-workers/pull/93 pretty please

Useful for deploying to GovCloud since their partition there is “aws-us-gov” instead of just “aws”

what

Support other AWS partitions by templatizing ARNs that are currently hard coded

why

So the module can be used in other AWS partitions like GovCloud

references

Closes #92

1

2022-08-04

Sam Skynner avatar
Sam Skynner
09:09:38 AM

https://github.com/cloudposse/terraform-aws-ssm-tls-self-signed-cert/pull/14 If possible This breaks a number of other modules right now which are dependent on this

what

• Remove key_algorithm from tls_cert_request

why

• Deprecated

references

• Closes #13https://registry.terraform.io/providers/hashicorp/tls/latest/docshttps://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/cert_request#key_algorithm

1
RB avatar
RB
12:21:12 PM

Cc @Andriy Knysh (Cloud Posse) @Jeremy G (Cloud Posse)

what

• Remove key_algorithm from tls_cert_request

why

• Deprecated

references

• Closes #13https://registry.terraform.io/providers/hashicorp/tls/latest/docshttps://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/cert_request#key_algorithm

1
Jeremy G (Cloud Posse) avatar
Jeremy G (Cloud Posse)
06:49:45 PM

Released as v1.0.0

Sam Skynner avatar
Sam Skynner
06:51:12 PM

thank you so much for the quick reply

SergeiV avatar
SergeiV
08:20:59 PM

I think vpn module will still fail because version for ssm-tls module is pinned to 0.5 : https://github.com/cloudposse/terraform-aws-ec2-client-vpn/blob/master/main.tf#L25

  version = "0.5.0"
RB avatar
RB
08:30:37 PM

https://github.com/cloudposse/terraform-aws-ec2-client-vpn/pull/50#pullrequestreview-1062552564

RB avatar
RB
08:30:48 PM

https://github.com/cloudposse/terraform-aws-ec2-client-vpn/releases/tag/0.12.6

RB avatar
RB
08:31:04 PM

this release may take about 20 min or so to be added to the registry

SergeiV avatar
SergeiV
08:32:13 PM

excellent, thank you very much !

2022-08-08

Oscar Jara avatar
Oscar Jara
05:51:05 PM

Hi all. I think I found a bug in the terraform-aws-ecs-web-app module. EFS volumes are not being correctly set in the resulting task definition by the the terraform-aws-ecs-alb-service-task Draft PR here. Who can I discuss this with? Thanks!

what

Creates a separated variable for EFS volumes.

why

• The way terraform-aws-ecs-web-app defines and uses the EFS volumes with the terraform-aws-ecs-alb-service-task module is not working correctly and the EFS volume is not being set in the resulting task definition. • By separating EFS volumes and Docker volumes they can be assigned to the docker_volumes and efs_volumes as expected by the module.

mihai.plesa avatar
mihai.plesa
02:48:07 PM

looking forward to this

what

Creates a separated variable for EFS volumes.

why

• The way terraform-aws-ecs-web-app defines and uses the EFS volumes with the terraform-aws-ecs-alb-service-task module is not working correctly and the EFS volume is not being set in the resulting task definition. • By separating EFS volumes and Docker volumes they can be assigned to the docker_volumes and efs_volumes as expected by the module.

Oscar Jara avatar
Oscar Jara
04:07:07 PM

This PR is ready for review now

Mo Omer avatar
Mo Omer
03:14:46 AM

I joined this slack to mention that I also encountered this issue, and the PR would be helpful!

mihai.plesa avatar
mihai.plesa
04:28:29 PM

could we get another test run on this please @jose.amengual?

1
mihai.plesa avatar
mihai.plesa
03:10:21 PM

thanks for that. and for review?

2022-08-09

2022-08-10

2022-08-16

matharoo avatar
matharoo
06:44:50 PM

Hi, can i please get this merged https://github.com/cloudposse/terraform-aws-rds-cluster/pull/149, the required changes have been made and tests have passed. Thanks

what

• For a multi a-z rds cluster skip creating aws_rds_cluster_instance resource when engine type is NOT aurora, aurora-mysql, aurora-postgresql • AWS provider has a bug that is causing the terraform apply to fail due to a missing rebooting state. I have a PR merged with terraform-aws-provider that fixes it and will be included in the next release 4.23.0. • hashicorp/terraform-provider-aws#25718

why

• Prevent terraform from crashing when creating a non-aurora multi a-z cluster. • aws provider update for fixing rebooting state when creating multi a-z cluster.

references

• closes #148hashicorp/terraform-provider-aws#25718

Isaac Campbell avatar
Isaac Campbell
07:52:47 PM

pr review: https://github.com/cloudposse/terraform-aws-eks-cluster/pull/162

what

• Added list of objects, which are Security Rule Ingress Definitions.

why

• Sometimes I need to add security groups to access my EKS workers, such as other EC2 instances on a variety of ports. Same with RDS instances.

references

• Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow). • Use closes #123, if this PR closes a GitHub issue #123

2022-08-18

Tommy avatar
Tommy
01:37:38 PM

pr review: https://github.com/cloudposse/terraform-aws-acm-request-certificate/pull/59

what

• added acm_certificate_validation.certification_arn output

why

• to avoid alb module can’t create listener because of not validated cert • use this output as certification arn in alb module

references

#58 • closes #58

Tommy avatar
Tommy
12:28:52 PM

Did I something wrong? I forgot to squash the PR, it’s just added an output…

what

• added acm_certificate_validation.certification_arn output

why

• to avoid alb module can’t create listener because of not validated cert • use this output as certification arn in alb module

references

#58 • closes #58

Tommy avatar
Tommy
03:16:24 PM

another PR needs some progress, someone can help? https://github.com/cloudposse/terraform-aws-ec2-instance/pull/117

what

• Added support for io2 and gp3 volumes

why

• io2 and gp3 are new more performant volumes therefore they should be supported

references

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#ebs-ephemeral-and-root-block-devices • Closes #114

Jeremy (UnderGrid Network Services) avatar
Jeremy (UnderGrid Network Services)
03:19:09 PM

I can say I see the iops issue with using gp3 and this module all the time in our environment… presents a constant change whenever applied because of it

what

• Added support for io2 and gp3 volumes

why

• io2 and gp3 are new more performant volumes therefore they should be supported

references

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#ebs-ephemeral-and-root-block-devices • Closes #114

Tommy avatar
Tommy
03:43:14 PM

yes same here, and the suggestions for the pr are not really important, because it will work like this aswell

Tommy avatar
Tommy
07:14:39 PM

I fixed the conflicts: https://github.com/cloudposse/terraform-aws-ec2-instance/pull/136

what

• Added support for io2 and gp3 volumes

why

• original PR had conflicts, this will work hopefully • io2 and gp3 are new more performant volumes therefore they should be supported

references

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#ebs-ephemeral-and-root-block-devices
Closes #114

references

• Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow). • Use closes #123, if this PR closes a GitHub issue #123

2022-08-19

Mikhail Naletov avatar
Mikhail Naletov
01:12:11 PM

Could somebody take a look? Cloudflare removed two fields from healthcheck in 3.20. I already commented about bump supported version in required providers

https://github.com/cloudposse/terraform-cloudflare-zone/pull/7

what

Remove deprecated fields from resource cloudflare_healthcheck

why

Cloudflare provider just released this change

references

https://github.com/cloudflare/terraform-provider-cloudflare/pull/1789/files
https://github.com/cloudflare/terraform-provider-cloudflare/blob/master/CHANGELOG.md

RB avatar
RB
02:06:49 PM

I added a comment, same as yours

what

Remove deprecated fields from resource cloudflare_healthcheck

why

Cloudflare provider just released this change

references

https://github.com/cloudflare/terraform-provider-cloudflare/pull/1789/files
https://github.com/cloudflare/terraform-provider-cloudflare/blob/master/CHANGELOG.md

1
Mikhail Naletov avatar
Mikhail Naletov
02:07:21 PM

Nice cat, btw

1
kevcube avatar
kevcube
03:40:19 PM

https://github.com/cloudposse/terraform-aws-ecs-web-app/pull/207

what

• Allow user to set runtime_platform in ECS task definition

why

• We are testing a mixed cluster of some ARM64 instances, some AMD64. We want to force certain containers to run in ARM64.

1
1
RB avatar
RB
03:47:04 PM

I don’t believe this will work

what

• Allow user to set runtime_platform in ECS task definition

why

• We are testing a mixed cluster of some ARM64 instances, some AMD64. We want to force certain containers to run in ARM64.

RB avatar
RB
03:47:20 PM

this is the example from

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/ecs_task_definition#runtime_platform

  runtime_platform {
    operating_system_family = "WINDOWS_SERVER_2019_CORE"
    cpu_architecture        = "X86_64"
  }
RB avatar
RB
03:47:28 PM

but you added it as a straight input.

RB avatar
RB
03:47:40 PM

it would require a dynamic iirc

RB avatar
RB
03:48:03 PM

and I do not believe you can add multiple runtime platforms, can you ?

kevcube avatar
kevcube
03:50:43 PM

@RB see my comment on PR

1

2022-08-22

Tommy avatar
Tommy
07:14:19 PM

copy of PR with fixed conflicts: https://github.com/cloudposse/terraform-aws-ec2-instance/pull/136

what

• Added support for io2 and gp3 volumes

why

• original PR had conflicts, this will work hopefully • io2 and gp3 are new more performant volumes therefore they should be supported

references

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#ebs-ephemeral-and-root-block-devices
Closes #114

references

• Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow). • Use closes #123, if this PR closes a GitHub issue #123

2022-08-26

kevcube avatar
kevcube
08:19:56 PM

https://github.com/cloudposse/terraform-aws-cloudfront-cdn/pull/90

what

• Enable HTTP/3 support in CloudFront

why

• It’s faster, and shinier than http/2

references

https://aws.amazon.com/blogs/aws/new-http-3-support-for-amazon-cloudfront/https://blog.cloudflare.com/http-3-vs-http-2/

1
1
kevcube avatar
kevcube
08:20:20 PM

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudfront_distribution#http_version

what

• Enable HTTP/3 support in CloudFront

why

• It’s faster, and shinier than http/2

references

https://aws.amazon.com/blogs/aws/new-http-3-support-for-amazon-cloudfront/https://blog.cloudflare.com/http-3-vs-http-2/

RB avatar
RB
08:32:52 PM

This does revert the < 4 pin in versions.tf from https://github.com/cloudposse/terraform-aws-cloudfront-cdn/pull/71

thoughts @Jeremy G (Cloud Posse)?

kevcube avatar
kevcube
08:35:18 PM

Yeah, I assumed that was because of the breaking changes in hashicorp/aws v4 that have since been undone

Jeremy G (Cloud Posse) avatar
Jeremy G (Cloud Posse)
09:03:52 PM

@RB @Andriy Knysh (Cloud Posse) This PR also removes support for provider version 2.x, 3.x, and < 4.27.0. I would like us to be more conservative about dropping support for older version, particularly older 4.x versions. We shall see who complains about this, but I would have allowed the old version 3.x versions and >= 4.9.0 and made a note that http3 support requires >= 4.27.0

1
RB avatar
RB
09:11:26 PM

@kevcube do you mind making the changes Jeremy is suggesting ?

Jeremy G (Cloud Posse) avatar
Jeremy G (Cloud Posse)
09:12:15 PM

The PR has already been merged, let’s just wait and see what the community reaction is to it.

1
1

2022-08-30

2022-08-31

matharoo avatar
matharoo
04:12:24 PM

Hello guys, i have a PR for terraform aws rds cluster @ https://github.com/cloudposse/terraform-aws-rds-cluster/pull/149 .. its approved. Can i please get a ETA when this can be merged? Its a blocker for us. Thank you :)

what

• For a multi a-z rds cluster skip creating aws_rds_cluster_instance resource when engine type is NOT aurora, aurora-mysql, aurora-postgresql • AWS provider has a bug that is causing the terraform apply to fail due to a missing rebooting state. I have a PR merged with terraform-aws-provider that fixes it and will be included in the next release 4.23.0. • hashicorp/terraform-provider-aws#25718

why

• Prevent terraform from crashing when creating a non-aurora multi a-z cluster. • aws provider update for fixing rebooting state when creating multi a-z cluster.

references

• closes #148hashicorp/terraform-provider-aws#25718

1
1
RB avatar
RB
04:20:20 PM

I can merge this in now @matharoo but this PR isn’t really changing anything other than improving the tests and raising the pin in [versions.tf](http://versions.tf)

what

• For a multi a-z rds cluster skip creating aws_rds_cluster_instance resource when engine type is NOT aurora, aurora-mysql, aurora-postgresql • AWS provider has a bug that is causing the terraform apply to fail due to a missing rebooting state. I have a PR merged with terraform-aws-provider that fixes it and will be included in the next release 4.23.0. • hashicorp/terraform-provider-aws#25718

why

• Prevent terraform from crashing when creating a non-aurora multi a-z cluster. • aws provider update for fixing rebooting state when creating multi a-z cluster.

references

• closes #148hashicorp/terraform-provider-aws#25718

RB avatar
RB
04:20:39 PM

Are you sure the PR contains all the changes you expect it to?

matharoo avatar
matharoo
04:34:09 PM

yes the main one we are concerned with is the AWS provider, because i fixed the provider to have a rebooting state

1
RB avatar
RB
04:34:55 PM

You mean the raising of the aws provider version pin in versions.tf ?

matharoo avatar
matharoo
04:35:43 PM

yes thats correct

1
matharoo avatar
matharoo
04:36:01 PM

thanks man! much appreciated

1
1
Vladimir S. avatar
Vladimir S.
06:39:27 PM

Could someone take a look pr pls

what

• add CloudWatch event rules • add missed CloudWatch log outputs • remove variable sns_subscriptions

why

• CloudWatch event rules are useful for invoking lambda by cron expressions • CloudWatch log outputs are useful for external usage • sns_subscriptions is unused variable

references

• Closes #27

    keyboard_arrow_up