#pr-reviews (2022-09)

Pull Request Reviews for Cloud Posse Projects

2022-09-01

Brent Farand avatar
Brent Farand

Hello! I have a PR for the terraform-aws-transit-gateway module (https://github.com/cloudposse/terraform-aws-transit-gateway/pull/29). It allows the amazon_side_asn to be specified for the purpose of both having multiple transit gateways in the same deployment to have different ASNs (following AWS’s documented best practices), as well as to allow importing an existing transit gateway with a non-default ASN without needing to destroy and recreate it.

what

• The new variable ‘amazon_side_asn’ was added to the module with a default value of 64512 (AWS default, preserving current behaviour). • Variable ‘amazon_side_asn’ is now provided as an argument to the ‘aws_ec2_transit_gateway.default’ resource. • Documentation updated accordingly.

why

• Allows the ASN of a transit gateway to be set, allowing the best practice of having multiple transit gateways used in the same deployment to have different ASNs (https://docs.aws.amazon.com/vpc/latest/tgw/tgw-best-design-practices.html) • In cases where a user is importing their existing infrastructure so it is managed via terraform, specifying the existing ASN means that the existing transit gateway does not need to be destroyed and recreated

references

• closes #27

2022-09-02

Andre Lohmann avatar
Andre Lohmann

Hi there, I found a Bug (or not a bug, but more a missing feature) in the cloudposse/s3-bucket/aws module (https://github.com/cloudposse/terraform-aws-s3-bucket) which I was able to trace down to the cloudposse/iam-s3-user/aws module and the cloudposse/iam-system-user/aws module (the last one introduced the max age for the expirable access token and set that to a default of 30 days, which currently can’t be influenced in the s3 module).

I created two PRs to solve the problem

https://github.com/cloudposse/terraform-aws-iam-s3-user/pull/47 https://github.com/cloudposse/terraform-aws-s3-bucket/pull/155

How can I make sure these two PRs are getting merged and/or how can I align/adjust my changes to fulfil (to me currently unknown) requirements?

Nitin avatar

what

• Remove join splat on module.security_group_arn

why

• Fix conflict with using custom security group in associated_security_group_ids and argument create_security_group is false

references

• N/A

2022-09-08

Chris Dobbyn avatar
Chris Dobbyn

Hi there, simple change. It adds aws_default_route_table that gets create automatically with every aws_vpc resource. https://github.com/cloudposse/terraform-aws-vpc/pull/110

what

• Manages the default route table created alongside aws_vpc resource automatically.

why

• If not managed there are no identifying features about this resource which is confusing. • In our case we establish ownership via tags passed into this module, if no tags are present it is difficult to report on ownership

references

• Closes #109aws_default_route_table

2022-09-11

Nitin avatar

what

• Added support for io2 and gp3 volumes

why

• original PR had conflicts, this will work hopefully • io2 and gp3 are new more performant volumes therefore they should be supported

references

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/instance#ebs-ephemeral-and-root-block-devices
Closes #114

references

• Link to any supporting github issues or helpful documentation to add some context (e.g. stackoverflow). • Use closes #123, if this PR closes a GitHub issue #123

1

2022-09-12

Chris Dobbyn avatar
Chris Dobbyn

what

• Manages the default route table created alongside aws_vpc resource automatically.

why

• If not managed there are no identifying features about this resource which is confusing. • In our case we establish ownership via tags passed into this module, if no tags are present it is difficult to report on ownership

references

• Closes #109aws_default_route_table

Tommy avatar

just added an output to acm module: https://github.com/cloudposse/terraform-aws-acm-request-certificate/pull/59

from terraform aws provider documentation: It deals with requesting certificates and managing their attributes and life-cycle. This resource does not deal with validation of a certificate but can provide inputs for other resources implementing the validation. It does not wait for a certificate to be issued. Use a aws_acm_certificate_validation resource for this.

what

• added acm_certificate_validation.certification_arn output

why

• to avoid alb module can’t create listener because of not validated cert • use this output as certification arn in alb module

references

#58 • closes #58

2022-09-13

2022-09-14

2022-09-15

Amrutha Sunkara avatar
Amrutha Sunkara

what

• This module creates a write endpoint by default. Creating a RDS proxy read endpoint will ensure underlying primary/master instance is excluded from the connections isolating DDLs & DMLs in addition, to providing and additional layer for just read based workload.

why

• Usecase involves a separate read proxy endpoint that isolates reads to the replicas & separate write proxy endpoint to the primary instance.

references

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/db_proxy_endpointcloses #10

praneeth avatar
praneeth
02:24:58 PM

@praneeth has joined the channel

    keyboard_arrow_up