#terraform-0_12 (2020-03)

terraform

Discuss upgrading to terraform 0.12

Archive: https://archive.sweetops.com/terraform-0_12/

2020-03-31

Joe Presley avatar
Joe Presley

My magic Google 8-ball comes up empty.

1
Erik Osterman avatar
Erik Osterman

Alright, gonna archive this channel to reduce confusion. When 0.13 is eminent and if it comes with tons of breaking changes like 0.12 (hoping not!) we’ll create a new one.

:--1:1
Erik Osterman avatar
Erik Osterman
08:55:24 PM

@Erik Osterman archived the channel

2020-03-30

Joe Presley avatar
Joe Presley

Can you rename it for v0.13 release?

Erik Osterman avatar
Erik Osterman

haha, ya maybe that’s the right thing to do

Erik Osterman avatar
Erik Osterman

though I think better to start a clean channel with no history for 0.13

:--1:1
Erik Osterman avatar
Erik Osterman

any eta’s on when 0.13 is actual?

2020-03-27

Erik Osterman avatar
Erik Osterman

Adding @ bot

discourse_forum avatar
discourse_forum
10:06:41 PM

@ has joined the channel

Erik Osterman avatar
Erik Osterman

Hrm….

Erik Osterman avatar
Erik Osterman

Maybe it’s time we archive this channel as terraform 0.12 is more or less the norm now?

5
:--1:4

2020-03-26

sweetops avatar
sweetops

Anyone know if there’s a cleaner way to do this var.branch == "master" ? "${var.service}" : (var.branch == "staging" ? "${var.service}" : (var.branch == "compliance" ? "${var.service}" : "${var.service}-${var.branch}"))

sweetops avatar
sweetops

something like var.branch == "master||staging||compliance" ? "${var.service}" ?

loren avatar
loren

contains()?

sweetops avatar
sweetops

well, I hesitate to use contains in case the word in somewhere in the else name

loren avatar
loren

it matchs a value against a list of values and returns true/false

sweetops avatar
sweetops

so it would be an exact match?

sweetops avatar
sweetops

Oh I see that now

sweetops avatar
sweetops

determines whether a given list or set contains a given single value as one of its elements.

sweetops avatar
sweetops

yeah this would work

loren avatar
loren

contains(["master", "staging", "compliance"], var.branch) ? var.service : "${var.service}-${var.branch}"

sweetops avatar
sweetops

I could probably clean it up even more keep the list outside of that yeah?

loren avatar
loren

not sure i wholly got your branching right, but something like that

sweetops avatar
sweetops

yeah you’ve got the idea

loren avatar
loren

absolutely, yes, can keep the list in a separate local/var

sweetops avatar
sweetops

I think I’ll do that. Thanks @loren

:--1:1
Erik Osterman avatar
Erik Osterman
locals {
  default_branch_mapping = var.service
  branch_mapping = {
    "foobar" = var.service + "-" + var.branch
    "compliance" = var.service + "-" + var.branch
  } 

  my_name = lookup(local.branch_mapping, var.branch, local.default_branch_mapping)
}
Erik Osterman avatar
Erik Osterman

@sweetops wouldn’t something like this work?

2020-03-25

matthew.king avatar
matthew.king

I’m trying to implement the aws cloudtrail cloudwatch alarms terraform and when I run it, I receive the following error

matthew.king avatar
matthew.king
Error: Creating/Updating CloudWatch Log Metric Filter failed: ResourceNotFoundException: The specified log group does not exist.

  on [alarms.tf](http://alarms.tf) line 76, in resource "aws_cloudwatch_log_metric_filter" "default":
  76: resource "aws_cloudwatch_log_metric_filter" "default" {

2020-03-24

btai avatar

anyone getting this when deprovisioning an eks cluster:

Error: Cycle: module.eks_cluster.output.endpoint, kubernetes_cluster_role_binding.auditboard_admin_cluster_admin (destroy), kubernetes_service_account.auditboard_admin (destroy), module.eks_cluster.aws_eks_cluster.default (destroy), module.eks_cluster.local.certificate_authority_data_list, module.eks_cluster.local.certificate_authority_data_list_internal, module.eks_cluster.local.certificate_authority_data_map, module.eks_cluster.local.certificate_authority_data, module.eks_cluster.output.certificate_authority_data, provider.kubernetes, kubernetes_config_map.aws_auth (destroy)
btai avatar

fixed. crazy how often time passes by and some of your terraform configuration code you have can go stale (and the hacky workaround is now broken and fixed with the correct way of doing things :P)

Erik Osterman avatar
Erik Osterman

Yup

Erik Osterman avatar
Erik Osterman

Btw we have updated our EKS cluster module this week

Erik Osterman avatar
Erik Osterman

More improvements coming.

btai avatar

I just updated mine, was able to get rid of some TODO comments explaining workarounds and linking to previously open terraform issues

1

2020-03-19

matthew.king avatar
matthew.king

I’m looking at combining three different things, one enabling cloud-watch cloud-trail, two creating the aws_kms_key, and three pushing those notifications to slack. Best way would be to just combine them all into seperate modules correct?

2020-03-17

joshmyers avatar
joshmyers

Any ways to keep the ordering of a map?

joshmyers avatar
joshmyers
map("year", "string", "month", "string", "day", "string", "hour", "string")
{
  "day" = "string"
  "hour" = "string"
  "month" = "string"
  "year" = "string"
}
loren avatar
loren

I think you would need to maintain order in a list of key values

joshmyers avatar
joshmyers

Aye, figured so, thanks!

joshmyers avatar
joshmyers

2 lists and zipmap together I guess is another option

:--1:1

2020-03-16

2020-03-13

curious deviant avatar
curious deviant

Hello, I have a multi-account setup wherein my domain (myexampledomain.com>)is registered in ACCOUNT A and I need to create a subdomain in ACCOUNT B (I have created a HZ for ([myexampledomain.com](http://myexampledomain.com)) . and need to add a subdomain say (<http://sub.myexampledomain.com|sub.myexampledomain.com). I am using DNS Validation for AWS cert and figured that DNS validation needs to add an entry in ACCOUNT A. I setup a cross account role in ACCOUNT A and corresponding permissions in ACCOUNTB. However the terraform (0.12) is unable to assume role. I can atleast assume role via aws cli. What am I missing ?

joshmyers avatar
joshmyers

Use multiple providers

curious deviant avatar
curious deviant

Thanks I did and specified the provider with assume-role in the dns_cert_validation resource. It fails though

joshmyers avatar
joshmyers

Need to see some code to debug more. Have done exactly this using multi provider before and had it working

curious deviant avatar
curious deviant

Running the following code as a user in ACCOUNTB that can assume the role in ACCOUNTA

provider "aws" {
  region  = "us-east-1"
  version = ">= 2.11"
}

provider "aws" {
  region  = "us-east-1"
  alias   = "cert"
  assume_role {
    role_arn  = "arn:aws:iam::ACCOUNTA:role/cross-account-role-for-r53"
  }
}
 
 
resource "aws_route53_record" "cert_validation" {
  name            = aws_acm_certificate.cert.domain_validation_options.0.resource_record_name
  type            = aws_acm_certificate.cert.domain_validation_options.0.resource_record_type
  zone_id         = var.accountA_hostedzone_id
  records         = [aws_acm_certificate.cert.domain_validation_options.0.resource_record_value]
  ttl             = 60
  allow_overwrite = true
 provider = aws.cert
}
 
matthew.king avatar
matthew.king

Can I ask a dumb question? if I have existing terraform code, is there an easy way to convert it to a module so it can be used over and over again?

aknysh avatar
aknysh

any TF code can be a module. For example:

aknysh avatar
aknysh
cloudposse/terraform-aws-vpc

Terraform Module that defines a VPC with public/private subnets across multiple AZs with Internet Gateways - cloudposse/terraform-aws-vpc

aknysh avatar
aknysh
cloudposse/terraform-aws-eks-cluster

Terraform module for provisioning an EKS cluster. Contribute to cloudposse/terraform-aws-eks-cluster development by creating an account on GitHub.

aknysh avatar
aknysh

the VPC code has variables.tf, and when you instantiate the module, you provide values for the variables

aknysh avatar
aknysh

and you also propagate the outputs so the top-level module could see and use them https://github.com/cloudposse/terraform-aws-eks-cluster/blob/master/examples/complete/outputs.tf#L11

cloudposse/terraform-aws-eks-cluster

Terraform module for provisioning an EKS cluster. Contribute to cloudposse/terraform-aws-eks-cluster development by creating an account on GitHub.

matthew.king avatar
matthew.king

Thank you so very much for the help

    keyboard_arrow_up