#terraform-0_12 (2019-11)

I’m working with the git::https://github.com/cloudposse/terraform-aws-rds-cluster.git?ref=0.17.0 module and when global databases are used Aurora changes the replication_source_identifier of the secondary cluster so every time we apply is trying to do and update in place, is it possible to add some sort of ignore if global databases are configured?

@Erik Osterman (Cloud Posse) latest terraform-docs.awk fix: https://github.com/cloudposse/build-harness/pull/174

terraform is replacing the instance while enabling ebs encryption after creation of the instance. Is this expected behaviour?

another pull request : https://github.com/cloudposse/terraform-aws-ecs-alb-service-task/pull/40

do you guys know if is possible to extract from a provider alias the region? like aws.secondary.region ?

Would a data source be sufficient? https://www.terraform.io/docs/providers/aws/d/region.html

I have two provides for different regions in the same file

so the resource block have a provider = aws.primary

that is on a specific region

Use the provider in a data resource to fetch the region?

I think I’m just going to add an additional variable

this thing runs in one region but spins up multiple dependent resources in multiple regions

What happens if one of those regions is having availability issues? Could you keep each region a separate state?

this is for Aurora Global DBs

so I might not have access to the state but we do not have to touch the state even if the region is down

I think I will separate it later

Ok, the documentation for dynamic leaves a lot of useful examples out of the equation. How do I do nested dynamic blocks? We have a module for aws_elasticsearch_domain that takes a cluster_config var. This can have a nested block inside.. https://www.terraform.io/docs/providers/aws/r/elasticsearch_domain.html#cluster_config

I need to only sometimes supply zone_awareness_config..

The dynamic/for_each syntax in 0.12 is complete trash, and the documentation is complete trash

This is so non-obvious and poorly explained

I see Cloudposse has eschewed using dynamic blocks here https://github.com/cloudposse/terraform-aws-elasticsearch/blob/master/main.tf#L121-L132

https://github.com/cloudposse/terraform-aws-ec2-autoscale-group/blob/master/main.tf#L17

https://github.com/cloudposse/terraform-aws-ec2-autoscale-group/blob/master/main.tf#L59

@mrwacky examples of nested dynamic blocks ^

ha. I just gave up and passed a bunch of string variables to the module

thanks though

It was confusing at first, but now I use it for everything

Hey all, new here and still new to Terraform - I’m trying to use Terraform to configure an AWS CodePipeline. It will plan and apply just fine, but the pipeline fails in the real world every time at the source stage. It seems to need additional S3 permissions and I haven’t yet figured out how to provide them. The error is Insufficient permissions The provided role does not have permissions to perform this action. Underlying error: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID:... I’ve tried a blanket S3 allow-all permission policy on both the pipeline’s associated role and the codebuild’s associated role (desperation) to no avail. - anyone got any advice?

@Andriy Knysh (Cloud Posse) https://github.com/cloudposse/terraform-aws-ec2-autoscale-group/pull/17 I redid the mixed type scaling based on what was done for 11. There’s a bug filed on there as well regarding the variable type constraint (which tbh is easier fixed by removal / I didn’t remove it from my repo and PR it due to the existing pr )

What’s up with the list/set type differences in TF0.12? Is having both actually beneficial? Seems to cause more grief than good.

Lists can have duplicate items and are ordered, sets cannot have duplicates (and I don’t think are ordered)

I understand how they’re different, but it’s hard to work with both at the same time (mixing for_each and count, or having to convert toset or tolist to use the correct functions)

well, it’s go-based. so it is strongly typed. can’t really have one object type with different properties like that

for_each requires a map or a set. that’s because the value/key is used as the resource id, and the resource id must be unique. so lists are not appropriate, or would result in late failures (during apply, instead of plan)

count works with lists because the index is used as the resource id, rather than the value, so it does not matter if there are duplicate values in the list

personally, i’m abandoning count anywhere i can, and using a map with for_each instead of a set

@loren Thanks, that helps. So I would just use each.key instead of count.index?

Seems odd that it would use the key as the resource id, since the key can be an arbitrary string

yep

one goal with for_each is to address the problem with count where modifying the list items (changing order, removing an item, etc), would cause resources to be deleted and recreated because their index changed

for_each addresses that by mapping the resource to the value instead of the index

Thanks for the explanation. Makes sense.

Hi All,

Is there a best-practice way of create a list of maps to feed into a secrets_manager_secret resource for example? I have a few maps that represent their own respective secret, with each map will keys that detail “name”, “description” and “secret”?

Something like this: [ { name = secret_name description = secret_description value = secret_value }, { name = secret_name description = secret_description value = secret_value } ]

If I was feeding this into a variable, how would I achieve this given the TYPE constraints? I thought of creating an object for this but it seems messy to have a attribute id for each map.

Be keen to understand if anyone else has done something like this in TF 12+

Looks to me like list(map(string))?

Can you do this? Wasn’t aware you could have collection types constructed in this way?

A list of objects would be pretty clean for that example, also… If you definitely wanted every item to require those three keys…

Yeah, sure, lists of maps are great

On my phone, or I’d write out the object code for you

This is great @loren. I’ll give it a go and come back to you on this

You’re an animal

Here’s an example, using objects, https://github.com/plus3it/terraform-aws-tardigrade-iam-principals/blob/master/variables.tf#L63

Hi, is it possible to do

data "aws_vpc" "main_vpc" {
  tags = {
    provisioning = "terraform"
    environment != "prod"
  }
  provider = aws.primary
}

actually what I need is to find a vpc that does not have an specific tag

I have one vpc that have a tag shared = true and I need to find the other vpc that have the same tags except for that one

Why not add the tag shared = false on the other lot and look for that…

I thought about that too

I think that is easier