#terraform-0_12 (2019-09)
Discuss upgrading to terraform 0.12
Archive: https://archive.sweetops.com/terraform-0_12/
2019-09-03
How do I change this
names = ["ecr-1", "ecr-2", "ecr-3"]
locals {
name = tolist([for name in var.names : "${name}"])
}
resource "aws_ecr_repository" "default" {
for_each = toset(var.names)
name = local.name[0]
}
To a sort of splat / wildcard.
I don’t want just the first index I want them all e.g. local.names[*]
— what am I missing?
I’ve tried all sorts of combos
Oh lol got it working now
each.key
is working again, I must have changed something else.
@oscarsullivan_old what are you trying to achieve with
name = tolist([for name in var.names : “${name}”])
I got it now with just a simple for_each and each.key
I think I tried so many combinations to get it working and made so many changes that I had something overly complex
Anyone noticed how even with the Makefile below, they still end up with .terraform and .module?
✗ . (none) services ⨠ cat Makefile
-include ${TF_MODULE_CACHE}/Makefile
# Makefile used by Geodesic shells to operate Terraform projects
init:
mkdir -p ${TF_MODULE_CACHE}
terraform init
@Andriy Knysh (Cloud Posse) I know you’re familiar with this. In your previous example the Reset target does not remove .terraform
— have I missed something or misconfigured and now ending up with both dirs?
you can add removing .terraform
in the Make target. Our example was for CI/CD so we just removed .modules
that was created before
Great thanks, I wasn’t sure if I had inadvertently caused some duplication. My understanding now though is that: .modules is used purely to clone the repo, and then that is used as the source for terraform init.. at which point it appears in the .terraform/modules as per norm
TF 0.12 does not like if a folder has any files in it, even dot-files
that’s why we create a completely new folder .modules
and call terraform init
on it
Any way to have count
and for_each
on a resource block?
So:
Count for is_enabled and for_each to iterate through, say, a list of strings for ‘name’ (for example)
All I can think of is some local variable that checks if is__enabled is true and if it is the array used in the resource for_each is populated, else it is made empty as though it were ‘disabled’? But no idea if that’d just cause an unset error or make it null.. unless Null is a keyword for that
you can use something like this
for_each = { for rule in var.waf_rules : rule.name => rule if rule.enabled }
or something like this (if is_enabled
is to enable/disable globally)
for_each = var.is_enabled ? toset(var.names) : []
I really like this toset function, I didn’t think of using this before!
yea it’s nice. Only needed for list(string)
. If you use list(object)
then list works w/o converting it to set
Oo both interesting examples. Thanks
Anyone knows a way to do in Terraform something like “fire and forget” type of operation ?
I’m creating a rds cluster and it checks for the instance to be created and it takes WAY to long
I added this :
# Make it faster by skipping some checks
skip_get_ec2_platforms = true
skip_metadata_api_check = true
skip_region_validation = true
skip_credentials_validation = true
skip_requesting_account_id = true
but still takes a long time
and some times the connection times out
@jose.amengual I think Terraform needs the output of the API call to update the state file
You can just run the apply in the background
that is what I thought too
and it has been
ing... [48m31s elapsed]
rds is painfull
2019-09-04
2019-09-05
This moves this module to terraform 0.12, the example isn't ported, as some of those modules aren't 0.12 compliant yet, but this is working with our EKS clusters. I notice there are also te…
We’re looking to use the EKS modules
Note, this depends on cloudposse/terraform-aws-ec2-autoscale-group#14 getting merged and then making a change here to reference that new tag. This does the upgrade and also copies the new arguments…
This moves us to terraform 0.12, it is working with our usages of this module, but it hasn't been tested completely with all options, but does appear valid. note that the examples aren't po…
Dont apologise!
I’m using the guys forks for now but let me know when I can move back to Cloudposses repos
Didn’t quite work. Some sub-module issues. I’ll just slip in a use terraform0.11
2019-09-09
terraform 0.12 still fail if data resources return nothing ?
2019-09-10
Anyone know if it’s possible to do what amounts to an else if
in 0.12?
I’m doing name = (var.branch == "master" ? "${var.namespace}-${var.stage}-${var.service}" : "${var.namespace}-${var.stage}-${var.service}-${var.branch}")
but I want to also check for var.branch == “staging” in the middle there
name = var.branch == "master" ? .... : (var.branch == "staging" ? ... : ...)
or use locals
to simplify
Thanks @Andriy Knysh (Cloud Posse). I’ll check into using locals for this as well, that’s a good idea.
Terraform Module to define a consistent naming convention by (namespace, stage, name, [attributes]) - cloudposse/terraform-terraform-label
2019-09-25
Components for secure UI hosting in S3
• S3 — for storing the static site
• CloudFront — for serving the static site over SSL
• AWS Certificate Manager — for generating the SSL certificates Route53 — for routing the domain name to the correct location Did anyone come across any modules for this in terraform ?
• https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn
• https://docs.cloudposse.com/terraform-modules/cdn/terraform-aws-cloudfront-s3-cdn/
Hope this helps @Sharanya
Terraform module to easily provision CloudFront CDN backed by an S3 origin - cloudposse/terraform-aws-cloudfront-s3-cdn
Hi everyone, what module would you recomend I use to store a github access token?
My team is storing stuff like that in SSM using Chamber
CLI for managing secrets. Contribute to segmentio/chamber development by creating an account on GitHub.
or rather, starting to move to that. We are still in SecretsManager for most of our stuff.
awsome, thanks
I’m using TF to manage all github
2019-09-26
2019-09-30
hi guys
i’m using cloudposse/terraform-aws-elasticsearch
and i got this error
Error: Reference to undeclared resource
on main.tf line 42, in module "elasticsearch":
42: rest.action.multi.allow_explicit_index = "true"
A managed resource "rest" "action" has not been declared in the root module.
[terragrunt] 2019/09/30 19:05:13 Hit multiple errors:
exit status 1
my code
any advice ?
need to quote it https://github.com/cloudposse/terraform-aws-elasticsearch/blob/master/examples/complete/main.tf#L46
Terraform module to provision an Elasticsearch cluster with built-in integrations with Kibana and Logstash. - cloudposse/terraform-aws-elasticsearch
For those interested in the EKS modules, we’ve converted them to TF 0.12:
https://github.com/cloudposse/terraform-aws-ec2-autoscale-group https://github.com/cloudposse/terraform-aws-eks-workers https://github.com/cloudposse/terraform-aws-eks-cluster/releases/tag/0.5.0
Terraform module to provision Auto Scaling Group and Launch Template on AWS - cloudposse/terraform-aws-ec2-autoscale-group
Terraform module to provision an AWS AutoScaling Group, IAM Role, and Security Group for EKS Workers - cloudposse/terraform-aws-eks-workers
Terraform module for provisioning an EKS cluster. Contribute to cloudposse/terraform-aws-eks-cluster development by creating an account on GitHub.
New features:
-
A complete working example https://github.com/cloudposse/terraform-aws-eks-cluster/tree/master/examples/complete
-
Automatic tests (
bats
andterratest
) to lint the code and provision the example on AWS https://github.com/cloudposse/terraform-aws-eks-cluster/tree/master/test -
Codefresh pipeline to run the tests (it provisions the cluster on AWS test account and then checks all the outputs for validity)
https://github.com/cloudposse/terraform-aws-eks-cluster/blob/master/codefresh/test.yml
- You can specify additional IAM Roles, Users and AWS accounts to be added to the Auth ConfigMap to allow authenticating to the EKS cluster
https://github.com/cloudposse/terraform-aws-eks-cluster/blob/master/configmap-auth.yaml.tpl#L9-L19 https://github.com/cloudposse/terraform-aws-eks-cluster/blob/master/variables.tf#L120-L148
- The Auth ConfigMap accepts a list of worker node ARNs to allow many different worker groups using diff EC2 instances to join the same EKS cluster
https://github.com/cloudposse/terraform-aws-eks-cluster/blob/master/configmap-auth.yaml.tpl#L8 https://github.com/cloudposse/terraform-aws-eks-cluster/blob/master/variables.tf#L75 https://github.com/cloudposse/terraform-aws-eks-cluster/blob/master/examples/complete/main.tf#L89
- To apply the Auth ConfigMap, the module does not construct
kubeconfig
anymore. Instead it readskubeconfig
from the cluster after it gets provisioned
https://github.com/cloudposse/terraform-aws-eks-cluster/blob/master/auth.tf#L87 (thanks to @oscar for the ideas)
- The automatic test now waits for all worker nodes to join the EKS cluster
Waiting for worker nodes to join the EKS cluster
Worker Node ip-172-16-119-111.us-east-2.compute.internal has joined the EKS cluster at 2019-10-01 00:47:51 +0000 UTC
Worker Node ip-172-16-155-103.us-east-2.compute.internal has joined the EKS cluster at 2019-10-01 00:48:01 +0000 UTC
All worker nodes have joined the EKS cluster
amazing job as usual @Andriy Knysh (Cloud Posse)
really like the outcome