#terraform-0_12 (2019-11)

terraform

Discuss upgrading to terraform 0.12

Archive: https://archive.sweetops.com/terraform-0_12/

2019-11-01

jose.amengual avatar
jose.amengual

I’m working with the git::https://github.com/cloudposse/terraform-aws-rds-cluster.git?ref=0.17.0 module and when global databases are used Aurora changes the replication_source_identifier of the secondary cluster so every time we apply is trying to do and update in place, is it possible to add some sort of ignore if global databases are configured?

jose.amengual avatar
jose.amengual

just to clarify, Global cluster in aurora do not allow to be created with replication_source_identifier populated the Global engine changes the replication_source_identifier after the secondary cluster joins the global cluster so that is why TF sees a drift in the state

jose.amengual avatar
jose.amengual

the workaround is to add the replication_source_identifier after the global cluster is created and the secondary is active

jose.amengual avatar
jose.amengual

It will be nice if there was some sort of lifestyle event that TF will ignore those changes

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

We haven’t used it in this manner before (awesome that it kind’a works)

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

not sure the best option. i doubt lifecycle blocks support interpolation in 0.12 (they didn’t in 0.11)

jose.amengual avatar
jose.amengual

yes, I’m not sure either

jose.amengual avatar
jose.amengual

I will try to create a new cluster an add the replication_source_identifier and see what happens and if I get the same error ( most probably I will) I will file a bug

2019-11-02

cytopia avatar
cytopia

@Erik Osterman (Cloud Posse) latest terraform-docs.awk fix: https://github.com/cloudposse/build-harness/pull/174

terraform-docs should not fail if complex types contain 'description' keyword by cytopia · Pull Request #174 · cloudposse/build-harness

Fix description key inside type This PR fixes a when a key named description is inside the type block of a variable section: variable "ingress_cidr_blocks" { description = "Bzzzzz&…

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

You rock! Thanks

terraform-docs should not fail if complex types contain 'description' keyword by cytopia · Pull Request #174 · cloudposse/build-harness

Fix description key inside type This PR fixes a when a key named description is inside the type block of a variable section: variable "ingress_cidr_blocks" { description = "Bzzzzz&…

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

@Andriy Knysh (Cloud Posse)

winter avatar

terraform is replacing the instance while enabling ebs encryption after creation of the instance. Is this expected behaviour?

2019-11-04

2019-11-06

jose.amengual avatar
jose.amengual
Adding the option to defina an empty ALB SGs by jamengual · Pull Request #40 · cloudposse/terraform-aws-ecs-alb-service-task

This option is for the cases where ECS launch type is EC2 and the network mode is host and there is no alb fronting the application. One could argue that this module has morf so much that the alb i…

jose.amengual avatar
jose.amengual

left a comment @Andriy Knysh (Cloud Posse)

Adding the option to defina an empty ALB SGs by jamengual · Pull Request #40 · cloudposse/terraform-aws-ecs-alb-service-task

This option is for the cases where ECS launch type is EC2 and the network mode is host and there is no alb fronting the application. One could argue that this module has morf so much that the alb i…

2019-11-07

2019-11-08

jose.amengual avatar
jose.amengual

do you guys know if is possible to extract from a provider alias the region? like aws.secondary.region ?

github140 avatar
github140
AWS: aws_region - Terraform by HashiCorp

Provides details about a specific service region

jose.amengual avatar
jose.amengual

I have two provides for different regions in the same file

jose.amengual avatar
jose.amengual

so the resource block have a provider = aws.primary

jose.amengual avatar
jose.amengual

that is on a specific region

joshmyers avatar
joshmyers

Use the provider in a data resource to fetch the region?

jose.amengual avatar
jose.amengual

I think I’m just going to add an additional variable

jose.amengual avatar
jose.amengual

this thing runs in one region but spins up multiple dependent resources in multiple regions

joshmyers avatar
joshmyers

What happens if one of those regions is having availability issues? Could you keep each region a separate state?

jose.amengual avatar
jose.amengual

this is for Aurora Global DBs

jose.amengual avatar
jose.amengual

so I might not have access to the state but we do not have to touch the state even if the region is down

jose.amengual avatar
jose.amengual

I think I will separate it later

2019-11-12

mrwacky avatar
mrwacky

Ok, the documentation for dynamic leaves a lot of useful examples out of the equation. How do I do nested dynamic blocks? We have a module for aws_elasticsearch_domain that takes a cluster_config var. This can have a nested block inside.. https://www.terraform.io/docs/providers/aws/r/elasticsearch_domain.html#cluster_config

AWS: aws_elasticsearch_domain - Terraform by HashiCorp

Terraform resource for managing an AWS Elasticsearch Domain.

loren avatar

I found some good examples on their user forum… https://discuss.hashicorp.com/c/terraform-core

AWS: aws_elasticsearch_domain - Terraform by HashiCorp

Terraform resource for managing an AWS Elasticsearch Domain.

mrwacky avatar
mrwacky

ty

mrwacky avatar
mrwacky

I need to only sometimes supply zone_awareness_config..

mrwacky avatar
mrwacky

The dynamic/for_each syntax in 0.12 is complete trash, and the documentation is complete trash

mrwacky avatar
mrwacky

This is so non-obvious and poorly explained

mrwacky avatar
mrwacky
cloudposse/terraform-aws-elasticsearch

Terraform module to provision an Elasticsearch cluster with built-in integrations with Kibana and Logstash. - cloudposse/terraform-aws-elasticsearch

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
cloudposse/terraform-aws-ec2-autoscale-group

Terraform module to provision Auto Scaling Group and Launch Template on AWS - cloudposse/terraform-aws-ec2-autoscale-group

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
cloudposse/terraform-aws-ec2-autoscale-group

Terraform module to provision Auto Scaling Group and Launch Template on AWS - cloudposse/terraform-aws-ec2-autoscale-group

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

@mrwacky examples of nested dynamic blocks ^

mrwacky avatar
mrwacky

ha. I just gave up and passed a bunch of string variables to the module

mrwacky avatar
mrwacky

thanks though

loren avatar

It was confusing at first, but now I use it for everything

2019-11-14

gabethexton avatar
gabethexton

Hey all, new here and still new to Terraform - I’m trying to use Terraform to configure an AWS CodePipeline. It will plan and apply just fine, but the pipeline fails in the real world every time at the source stage. It seems to need additional S3 permissions and I haven’t yet figured out how to provide them. The error is Insufficient permissions The provided role does not have permissions to perform this action. Underlying error: Access Denied (Service: Amazon S3; Status Code: 403; Error Code: AccessDenied; Request ID:... I’ve tried a blanket S3 allow-all permission policy on both the pipeline’s associated role and the codebuild’s associated role (desperation) to no avail. - anyone got any advice?

mrwacky avatar
mrwacky

Sounds more like an AWS question. Try the IAM policy simulator? https://policysim.aws.amazon.com/ also you can check the access advisor for the policy you have created

2
Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
cloudposse/terraform-aws-ecs-codepipeline

Terraform Module for CI/CD with AWS Code Pipeline and Code Build for ECS https://cloudposse.com/ - cloudposse/terraform-aws-ecs-codepipeline

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)
cloudposse/terraform-aws-cicd

Terraform Module for CI/CD with AWS Code Pipeline and Code Build - cloudposse/terraform-aws-cicd

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

those pipelines use GitHub as Source (not S3), but they are working so might be of some help

gabethexton avatar
gabethexton

Thanks @Andriy Knysh (Cloud Posse) - it turns out the KMS encryption key was causing the failure, once I disabled that it ran just fine. I’ll keep these handy though! Off to other errors!

2019-11-15

2019-11-18

chrism avatar

@Andriy Knysh (Cloud Posse) https://github.com/cloudposse/terraform-aws-ec2-autoscale-group/pull/17 I redid the mixed type scaling based on what was done for 11. There’s a bug filed on there as well regarding the variable type constraint (which tbh is easier fixed by removal / I didn’t remove it from my repo and PR it due to the existing pr )

Add support for Mixed Instance Spot Policy Autoscaling. by ChrisMcKee · Pull Request #17 · cloudposse/terraform-aws-ec2-autoscale-group

Does as the label says; adds an example using it which I used to test that it works as expected. The "make && make init" keeps trying to install and setup terraform 0.11 which is …

Andriy Knysh (Cloud Posse) avatar
Andriy Knysh (Cloud Posse)

thanks @chrism, will review

Add support for Mixed Instance Spot Policy Autoscaling. by ChrisMcKee · Pull Request #17 · cloudposse/terraform-aws-ec2-autoscale-group

Does as the label says; adds an example using it which I used to test that it works as expected. The "make && make init" keeps trying to install and setup terraform 0.11 which is …

2019-11-20

Igor avatar

What’s up with the list/set type differences in TF0.12? Is having both actually beneficial? Seems to cause more grief than good.

loren avatar

Lists can have duplicate items and are ordered, sets cannot have duplicates (and I don’t think are ordered)

Igor avatar

I understand how they’re different, but it’s hard to work with both at the same time (mixing for_each and count, or having to convert toset or tolist to use the correct functions)

2019-11-21

loren avatar

well, it’s go-based. so it is strongly typed. can’t really have one object type with different properties like that

loren avatar

for_each requires a map or a set. that’s because the value/key is used as the resource id, and the resource id must be unique. so lists are not appropriate, or would result in late failures (during apply, instead of plan)

loren avatar

count works with lists because the index is used as the resource id, rather than the value, so it does not matter if there are duplicate values in the list

1
loren avatar

personally, i’m abandoning count anywhere i can, and using a map with for_each instead of a set

Igor avatar

@loren Thanks, that helps. So I would just use each.key instead of count.index?

Igor avatar

Seems odd that it would use the key as the resource id, since the key can be an arbitrary string

loren avatar

yep

loren avatar

one goal with for_each is to address the problem with count where modifying the list items (changing order, removing an item, etc), would cause resources to be deleted and recreated because their index changed

loren avatar

for_each addresses that by mapping the resource to the value instead of the index

Igor avatar

Thanks for the explanation. Makes sense.

2019-11-24

Callum Robertson avatar
Callum Robertson

Hi All,

Is there a best-practice way of create a list of maps to feed into a secrets_manager_secret resource for example? I have a few maps that represent their own respective secret, with each map will keys that detail “name”, “description” and “secret”?

Something like this: [ { name = secret_name description = secret_description value = secret_value }, { name = secret_name description = secret_description value = secret_value } ]

If I was feeding this into a variable, how would I achieve this given the TYPE constraints? I thought of creating an object for this but it seems messy to have a attribute id for each map.

Be keen to understand if anyone else has done something like this in TF 12+

loren avatar

Looks to me like list(map(string))?

Callum Robertson avatar
Callum Robertson

Can you do this? Wasn’t aware you could have collection types constructed in this way?

loren avatar

A list of objects would be pretty clean for that example, also… If you definitely wanted every item to require those three keys…

loren avatar

Yeah, sure, lists of maps are great

loren avatar

On my phone, or I’d write out the object code for you

Callum Robertson avatar
Callum Robertson

This is great @loren. I’ll give it a go and come back to you on this

Callum Robertson avatar
Callum Robertson

You’re an animal

loren avatar
plus3it/terraform-aws-tardigrade-iam-principals

Terraform module to create IAM users/roles. Contribute to plus3it/terraform-aws-tardigrade-iam-principals development by creating an account on GitHub.

1

2019-11-27

jose.amengual avatar
jose.amengual

Hi, is it possible to do

data "aws_vpc" "main_vpc" {
  tags = {
    provisioning = "terraform"
    environment != "prod"
  }
  provider = aws.primary
}
jose.amengual avatar
jose.amengual

actually what I need is to find a vpc that does not have an specific tag

jose.amengual avatar
jose.amengual

I have one vpc that have a tag shared = true and I need to find the other vpc that have the same tags except for that one

2019-11-28

joshmyers avatar
joshmyers

Why not add the tag shared = false on the other lot and look for that…

jose.amengual avatar
jose.amengual

I thought about that too

jose.amengual avatar
jose.amengual

I think that is easier

    keyboard_arrow_up