#terraform-0_12 (2020-03)
Discuss upgrading to terraform 0.12
Archive: https://archive.sweetops.com/terraform-0_12/
2020-03-13
Hello, I have a multi-account setup wherein my domain (myexampledomain.com)is registered in ACCOUNT A and I need to create a subdomain in ACCOUNT B (I have created a HZ for (myexampledomain.com) . and need to add a subdomain say (sub.myexampledomain.com). I am using DNS Validation for AWS cert and figured that DNS validation needs to add an entry in ACCOUNT A. I setup a cross account role in ACCOUNT A and corresponding permissions in ACCOUNTB. However the terraform (0.12) is unable to assume role. I can atleast assume role via aws cli. What am I missing ?
Use multiple providers
Thanks I did and specified the provider with assume-role in the dns_cert_validation resource. It fails though
Need to see some code to debug more. Have done exactly this using multi provider before and had it working
Running the following code as a user in ACCOUNTB that can assume the role in ACCOUNTA
provider "aws" {
region = "us-east-1"
version = ">= 2.11"
}
provider "aws" {
region = "us-east-1"
alias = "cert"
assume_role {
role_arn = "arn:aws:iam::ACCOUNTA:role/cross-account-role-for-r53"
}
}
resource "aws_route53_record" "cert_validation" {
name = aws_acm_certificate.cert.domain_validation_options.0.resource_record_name
type = aws_acm_certificate.cert.domain_validation_options.0.resource_record_type
zone_id = var.accountA_hostedzone_id
records = [aws_acm_certificate.cert.domain_validation_options.0.resource_record_value]
ttl = 60
allow_overwrite = true
provider = aws.cert
}
Can I ask a dumb question? if I have existing terraform code, is there an easy way to convert it to a module so it can be used over and over again?
any TF code can be a module. For example:
this is TF code to create VPC https://github.com/cloudposse/terraform-aws-vpc/blob/master/main.tf
and this is how it’s used as a module https://github.com/cloudposse/terraform-aws-eks-cluster/blob/master/examples/complete/main.tf#L29
the VPC code has variables.tf, and when you instantiate the module, you provide values for the variables
and you also propagate the outputs so the top-level module could see and use them https://github.com/cloudposse/terraform-aws-eks-cluster/blob/master/examples/complete/outputs.tf#L11
Thank you so very much for the help
2020-03-16
2020-03-17
Any ways to keep the ordering of a map?
map("year", "string", "month", "string", "day", "string", "hour", "string")
{
"day" = "string"
"hour" = "string"
"month" = "string"
"year" = "string"
}
I think you would need to maintain order in a list of key values
Aye, figured so, thanks!
2020-03-19
I’m looking at combining three different things, one enabling cloud-watch cloud-trail, two creating the aws_kms_key, and three pushing those notifications to slack. Best way would be to just combine them all into seperate modules correct?
2020-03-24
anyone getting this when deprovisioning an eks cluster:
Error: Cycle: module.eks_cluster.output.endpoint, kubernetes_cluster_role_binding.auditboard_admin_cluster_admin (destroy), kubernetes_service_account.auditboard_admin (destroy), module.eks_cluster.aws_eks_cluster.default (destroy), module.eks_cluster.local.certificate_authority_data_list, module.eks_cluster.local.certificate_authority_data_list_internal, module.eks_cluster.local.certificate_authority_data_map, module.eks_cluster.local.certificate_authority_data, module.eks_cluster.output.certificate_authority_data, provider.kubernetes, kubernetes_config_map.aws_auth (destroy)
fixed. crazy how often time passes by and some of your terraform configuration code you have can go stale (and the hacky workaround is now broken and fixed with the correct way of doing things :P)
Yup
Btw we have updated our EKS cluster module this week
More improvements coming.
I just updated mine, was able to get rid of some TODO comments explaining workarounds and linking to previously open terraform issues
2020-03-25
I’m trying to implement the aws cloudtrail cloudwatch alarms terraform and when I run it, I receive the following error
Error: Creating/Updating CloudWatch Log Metric Filter failed: ResourceNotFoundException: The specified log group does not exist.
on alarms.tf line 76, in resource "aws_cloudwatch_log_metric_filter" "default":
76: resource "aws_cloudwatch_log_metric_filter" "default" {
2020-03-26
Anyone know if there’s a cleaner way to do this var.branch == "master" ? "${var.service}" : (var.branch == "staging" ? "${var.service}" : (var.branch == "compliance" ? "${var.service}" : "${var.service}-${var.branch}"))
something like var.branch == "master||staging||compliance" ? "${var.service}" ?
contains()?
well, I hesitate to use contains in case the word in somewhere in the else name
it matchs a value against a list of values and returns true/false
so it would be an exact match?
Oh I see that now
determines whether a given list or set contains a given single value as one of its elements.
yeah this would work
contains(["master", "staging", "compliance"], var.branch) ? var.service : "${var.service}-${var.branch}"
I could probably clean it up even more keep the list outside of that yeah?
not sure i wholly got your branching right, but something like that
yeah you’ve got the idea
absolutely, yes, can keep the list in a separate local/var
locals {
default_branch_mapping = var.service
branch_mapping = {
"foobar" = var.service + "-" + var.branch
"compliance" = var.service + "-" + var.branch
}
my_name = lookup(local.branch_mapping, var.branch, local.default_branch_mapping)
}
@sweetops wouldn’t something like this work?
2020-03-27
Adding @discourse_forum bot
@discourse_forum has joined the channel
Hrm….
Maybe it’s time we archive this channel as terraform 0.12 is more or less the norm now?
2020-03-30
Can you rename it for v0.13 release?
haha, ya maybe that’s the right thing to do
though I think better to start a clean channel with no history for 0.13
any eta’s on when 0.13 is actual?
2020-03-31
Alright, gonna archive this channel to reduce confusion. When 0.13 is eminent and if it comes with tons of breaking changes like 0.12 (hoping not!) we’ll create a new one.
archived the channel