#terraform-0_12 (2019-09)

terraform

Discuss upgrading to terraform 0.12

Archive: https://archive.sweetops.com/terraform-0_12/

2019-09-03

oscar avatar

How do I change this

names = ["ecr-1", "ecr-2", "ecr-3"]

locals {
  name  = tolist([for name in var.names : "${name}"])
}

resource "aws_ecr_repository" "default" {
  for_each = toset(var.names)
  name     = local.name[0]
}

To a sort of splat / wildcard. I don’t want just the first index I want them all e.g. local.names[*] — what am I missing?

oscar avatar

I’ve tried all sorts of combos

oscar avatar

Oh lol got it working now

oscar avatar

each.key is working again, I must have changed something else.

maarten avatar
maarten

@oscarsullivan_old what are you trying to achieve with

name = tolist([for name in var.names : “${name}”])

oscar avatar

I got it now with just a simple for_each and each.key

oscar avatar

I think I tried so many combinations to get it working and made so many changes that I had something overly complex

oscar avatar

ended up being a 3 liner lol

1
1
oscar avatar

Anyone noticed how even with the Makefile below, they still end up with .terraform and .module?

 ✗ . (none) services ⨠ cat Makefile
-include ${TF_MODULE_CACHE}/Makefile

# Makefile used by Geodesic shells to operate Terraform projects

init:
	mkdir -p ${TF_MODULE_CACHE}
	terraform init
oscar avatar

@Andriy Knysh (Cloud Posse) I know you’re familiar with this. In your previous example the Reset target does not remove .terraform — have I missed something or misconfigured and now ending up with both dirs?

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

you can add removing .terraform in the Make target. Our example was for CI/CD so we just removed .modules that was created before

oscar avatar

Great thanks, I wasn’t sure if I had inadvertently caused some duplication. My understanding now though is that: .modules is used purely to clone the repo, and then that is used as the source for terraform init.. at which point it appears in the .terraform/modules as per norm

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

TF 0.12 does not like if a folder has any files in it, even dot-files

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

that’s why we create a completely new folder .modules and call terraform init on it

oscar avatar

Any way to have count and for_each on a resource block? So: Count for is_enabled and for_each to iterate through, say, a list of strings for ‘name’ (for example)

oscar avatar

All I can think of is some local variable that checks if is__enabled is true and if it is the array used in the resource for_each is populated, else it is made empty as though it were ‘disabled’? But no idea if that’d just cause an unset error or make it null.. unless Null is a keyword for that

maarten avatar
maarten

you can use something like this

for_each = { for rule in var.waf_rules : rule.name => rule if rule.enabled }
Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

or something like this (if is_enabled is to enable/disable globally)

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
for_each = var.is_enabled ? toset(var.names) : []
1
Callum Robertson avatar
Callum Robertson

I really like this toset function, I didn’t think of using this before!

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

yea it’s nice. Only needed for list(string). If you use list(object) then list works w/o converting it to set

oscar avatar

Oo both interesting examples. Thanks

jose.amengual avatar
jose.amengual

Anyone knows a way to do in Terraform something like “fire and forget” type of operation ?

jose.amengual avatar
jose.amengual

I’m creating a rds cluster and it checks for the instance to be created and it takes WAY to long

jose.amengual avatar
jose.amengual

I added this :

# Make it faster by skipping some checks
  skip_get_ec2_platforms      = true
  skip_metadata_api_check     = true
  skip_region_validation      = true
  skip_credentials_validation = true
  skip_requesting_account_id  = true
jose.amengual avatar
jose.amengual

but still takes a long time

jose.amengual avatar
jose.amengual

and some times the connection times out

Igor avatar

@jose.amengual I think Terraform needs the output of the API call to update the state file

Igor avatar

You can just run the apply in the background

jose.amengual avatar
jose.amengual

that is what I thought too

jose.amengual avatar
jose.amengual

and it has been

ing... [48m31s elapsed]
jose.amengual avatar
jose.amengual

rds is painfull

2019-09-04

2019-09-05

oscar avatar
Upgrade to terraform 0.12 by addisonj · Pull Request #20 · cloudposse/terraform-aws-eks-cluster

This moves this module to terraform 0.12, the example isn't ported, as some of those modules aren't 0.12 compliant yet, but this is working with our EKS clusters. I notice there are also te…

oscar avatar

We’re looking to use the EKS modules

oscar avatar
Terraform 0.12 upgrade by addisonj · Pull Request #21 · cloudposse/terraform-aws-eks-workers

Note, this depends on cloudposse/terraform-aws-ec2-autoscale-group#14 getting merged and then making a change here to reference that new tag. This does the upgrade and also copies the new arguments…

oscar avatar
Upgrade to terraform 0.12 by addisonj · Pull Request #14 · cloudposse/terraform-aws-ec2-autoscale-group

This moves us to terraform 0.12, it is working with our usages of this module, but it hasn't been tested completely with all options, but does appear valid. note that the examples aren't po…

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

@oscar we’ll get to it soon, sorry for the delay

1
oscar avatar

Dont apologise!

oscar avatar

I’m using the guys forks for now but let me know when I can move back to Cloudposses repos

1
oscar avatar

Didn’t quite work. Some sub-module issues. I’ll just slip in a use terraform0.11

2019-09-09

jose.amengual avatar
jose.amengual

terraform 0.12 still fail if data resources return nothing ?

2019-09-10

sweetops avatar
sweetops

Anyone know if it’s possible to do what amounts to an else if in 0.12?

sweetops avatar
sweetops

I’m doing name = (var.branch == "master" ? "${var.namespace}-${var.stage}-${var.service}" : "${var.namespace}-${var.stage}-${var.service}-${var.branch}")

sweetops avatar
sweetops

but I want to also check for var.branch == “staging” in the middle there

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

name = var.branch == "master" ? .... : (var.branch == "staging" ? ... : ...)

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

or use locals to simplify

sweetops avatar
sweetops

Thanks @Andriy Knysh (Cloud Posse). I’ll check into using locals for this as well, that’s a good idea.

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
cloudposse/terraform-terraform-label

Terraform Module to define a consistent naming convention by (namespace, stage, name, [attributes]) - cloudposse/terraform-terraform-label

2019-09-25

Sharanya avatar
Sharanya

Components for secure UI hosting in S3

• S3 — for storing the static site

• CloudFront — for serving the static site over SSL

• AWS Certificate Manager — for generating the SSL certificates Route53 — for routing the domain name to the correct location Did anyone come across any modules for this in terraform ?

Exequiel Barrirero avatar
Exequiel Barrirero
cloudposse/terraform-aws-cloudfront-s3-cdn

Terraform module to easily provision CloudFront CDN backed by an S3 origin - cloudposse/terraform-aws-cloudfront-s3-cdn

2
Sharanya avatar
Sharanya

@Exequiel Barrirero Thnkq so much

1
AgustínGonzalezNicolini avatar
AgustínGonzalezNicolini

Hi everyone, what module would you recomend I use to store a github access token?

roth.andy avatar
roth.andy

My team is storing stuff like that in SSM using Chamber

roth.andy avatar
roth.andy
segmentio/chamber

CLI for managing secrets. Contribute to segmentio/chamber development by creating an account on GitHub.

roth.andy avatar
roth.andy

or rather, starting to move to that. We are still in SecretsManager for most of our stuff.

AgustínGonzalezNicolini avatar
AgustínGonzalezNicolini

awsome, thanks

AgustínGonzalezNicolini avatar
AgustínGonzalezNicolini

I’m using TF to manage all github

2019-09-26

2019-09-30

ruan.arcega avatar
ruan.arcega

hi guys i’m using cloudposse/terraform-aws-elasticsearch and i got this error

Error: Reference to undeclared resource

  on main.tf line 42, in module "elasticsearch":
  42:     rest.action.multi.allow_explicit_index = "true"

A managed resource "rest" "action" has not been declared in the root module.

[terragrunt] 2019/09/30 19:05:13 Hit multiple errors:
exit status 1
ruan.arcega avatar
ruan.arcega

my code

ruan.arcega avatar
ruan.arcega

any advice ?

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
cloudposse/terraform-aws-elasticsearch

Terraform module to provision an Elasticsearch cluster with built-in integrations with Kibana and Logstash. - cloudposse/terraform-aws-elasticsearch

ruan.arcega avatar
ruan.arcega

ohh, how i didnt see it it works now thnks @Andriy Knysh (Cloud Posse)

1
Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
cloudposse/terraform-aws-ec2-autoscale-group

Terraform module to provision Auto Scaling Group and Launch Template on AWS - cloudposse/terraform-aws-ec2-autoscale-group

cloudposse/terraform-aws-eks-workers

Terraform module to provision an AWS AutoScaling Group, IAM Role, and Security Group for EKS Workers - cloudposse/terraform-aws-eks-workers

cloudposse/terraform-aws-eks-cluster

Terraform module for provisioning an EKS cluster. Contribute to cloudposse/terraform-aws-eks-cluster development by creating an account on GitHub.

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

New features:

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
  1. A complete working example https://github.com/cloudposse/terraform-aws-eks-cluster/tree/master/examples/complete

  2. Automatic tests (bats and terratest) to lint the code and provision the example on AWS https://github.com/cloudposse/terraform-aws-eks-cluster/tree/master/test

  3. Codefresh pipeline to run the tests (it provisions the cluster on AWS test account and then checks all the outputs for validity)

https://github.com/cloudposse/terraform-aws-eks-cluster/blob/master/codefresh/test.yml

  1. You can specify additional IAM Roles, Users and AWS accounts to be added to the Auth ConfigMap to allow authenticating to the EKS cluster

https://github.com/cloudposse/terraform-aws-eks-cluster/blob/master/configmap-auth.yaml.tpl#L9-L19 https://github.com/cloudposse/terraform-aws-eks-cluster/blob/master/variables.tf#L120-L148

  1. The Auth ConfigMap accepts a list of worker node ARNs to allow many different worker groups using diff EC2 instances to join the same EKS cluster

https://github.com/cloudposse/terraform-aws-eks-cluster/blob/master/configmap-auth.yaml.tpl#L8 https://github.com/cloudposse/terraform-aws-eks-cluster/blob/master/variables.tf#L75 https://github.com/cloudposse/terraform-aws-eks-cluster/blob/master/examples/complete/main.tf#L89

  1. To apply the Auth ConfigMap, the module does not construct kubeconfig anymore. Instead it reads kubeconfig from the cluster after it gets provisioned

https://github.com/cloudposse/terraform-aws-eks-cluster/blob/master/auth.tf#L87 (thanks to @oscar for the ideas)

  1. The automatic test now waits for all worker nodes to join the EKS cluster

https://github.com/cloudposse/terraform-aws-eks-cluster/blob/master/test/src/examples_complete_test.go#L81-L122

Waiting for worker nodes to join the EKS cluster                                                                                                                 
Worker Node ip-172-16-119-111.us-east-2.compute.internal has joined the EKS cluster at 2019-10-01 00:47:51 +0000 UTC                                             
Worker Node ip-172-16-155-103.us-east-2.compute.internal has joined the EKS cluster at 2019-10-01 00:48:01 +0000 UTC                                             
All worker nodes have joined the EKS cluster
1
Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

amazing job as usual @Andriy Knysh (Cloud Posse)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

really like the outcome

    keyboard_arrow_up