#terraform-aws-modules
Discussions related to https://github.com/terraform-aws-modules Archive: https://archive.sweetops.com/terraform-aws-modules/
2019-10-15
Not sure if the claranet guys are in here, but I’m having some issues with this lambda module: https://github.com/claranet/terraform-aws-lambda/issues/33
I can’t really figure out where the terraform module expects the zip or the binary to be when it calculates it’s hash.
2019-10-08
Lookin for a terraform Module For - RDS- Instance Configuration : SQL Server Standard 2017, 2017 v14
2019-10-01
@Rajesh Babu Gangula it’s from a submodule, i told them they can try to use a fork
2019-09-30
“statement” ==> statement – remove the quotes
@Alex Co
2019-09-29
hi i’m using the terraform iam role module
while init the module with release 0.4.0, i got this error
Error: Invalid argument name
on .terraform/modules/role.aggregated_policy/main.tf line 24, in data "aws_iam_policy_document" "zero":
24: "statement" = []
Argument names must not be quoted.
Can you please share the link of module you are using?
Looks like this module git://github.com/cloudposse/terraform-aws-iam-policy-document-aggregator.git?ref=tags/0.1.2> can be used with terraform version 0.11v.
you can refer this commit from this fork: https://github.com/techfishio/terraform-aws-iam-policy-document-aggregator/commit/ca820699baca5a1345f5e4a0d73762f8ce212982
omit version in module and pass source = "<http://github.com/techfishio/terraform-aws-iam-policy-document-aggregator.git?ref=ca820699baca5a1345f5e4a0d73762f8ce212982\|github.com/techfishio/terraform-aws-iam-policy-document-aggregator.git?ref=ca820699baca5a1345f5e4a0d73762f8ce212982>"
ofc. i’m not responsible for any consequences of using someone’s fork, as well as losing eyesight from reading this message
thanks, let me check
anyone know how to fix this ?
thanks
i’m using terraform 0.12.9
2019-09-27
@here I am trying to upgrade from v.11.14 to v.12 and after going through the upgrade steps and fixing some code changes … now I am seeing following issue
Error: Missing resource instance key
on .terraform/modules/public_subnets.public_label/outputs.tf line 29, in output "tags":
29: "Stage", "${null_resource.default.triggers.stage}"
Because null_resource.default has "count" set, its attributes must be accessed
on specific instances.
For example, to correlate with indices of a referring resource, use:
null_resource.default[count.index]
did anyone faced similar issue and was able to fix it
Downloading git:<i class="em em-<https"></i>//github.com/cloudposse/terraform-aws-vpc.git?ref=0.8.0> for base_vpc...
- base_vpc in .terraform/modules/base_vpc
Downloading git:<i class="em em-<https"></i>//github.com/cloudposse/terraform-null-label.git?ref=tags/0.14.0> for base_vpc.label...
- base_vpc.label in .terraform/modules/base_vpc.label
Downloading git:<i class="em em-<https"></i>//github.com/cloudposse/terraform-aws-multi-az-subnets.git?ref=master> for private_subnets...
- private_subnets in .terraform/modules/private_subnets
Downloading git:<i class="em em-<https"></i>//github.com/cloudposse/terraform-null-label.git?ref=tags/0.3.0> for private_subnets.private_label...
- private_subnets.private_label in .terraform/modules/private_subnets.private_label
Downloading git:<i class="em em-<https"></i>//github.com/cloudposse/terraform-null-label.git?ref=tags/0.3.0> for private_subnets.public_label...
- private_subnets.public_label in .terraform/modules/private_subnets.public_label
Downloading git:<i class="em em-<https"></i>//github.com/cloudposse/terraform-aws-multi-az-subnets.git?ref=master> for public_subnets...
- public_subnets in .terraform/modules/public_subnets
Downloading git:<i class="em em-<https"></i>//github.com/cloudposse/terraform-null-label.git?ref=tags/0.3.0> for public_subnets.private_label...
- public_subnets.private_label in .terraform/modules/public_subnets.private_label
Downloading git:<i class="em em-<https"></i>//github.com/cloudposse/terraform-null-label.git?ref=tags/0.3.0> for public_subnets.public_label...
- public_subnets.public_label in .terraform/modules/public_subnets.public_label
Did you do what the error said? It is correct
2019-09-26
@aknysh thanks for updating the EC2 autoscaling module
no problem
all EKS modules should be done for TF 0.12 today
The hero we need, but not the hero we deserve.
Big thanks @aknysh
22019-09-25
Components for secure UI hosting in S3 • S3 — for storing the static site • CloudFront — for serving the static site over SSL • AWS Certificate Manager — for generating the SSL certificates Route53 — for routing the domain name to the correct location Did anyone come across any modules for this in terraform ?
2019-09-24
Can you use terraform_remote_state data source as an input attribute for subnet in the cloudposse aws ec2 module?
oh wait, I apologize this channel is not for cloudposse modules
2019-09-23
2019-09-21
@Sharanya $sourceNugetExe = “https://dist.nuget.org/win-x86-commandline/latest/nuget.exe” $targetNugetExe = “$rootPath\nuget.exe” Invoke-WebRequest $sourceNugetExe -OutFile $targetNugetExe Set-Alias nuget $targetNugetExe -Scope Global -Verbose
not sure if that’s what you need specifically but that will installed nuget
If you want to install nuget in powershell as a provider Install-PackageProvider -Name NuGet
2019-09-20
Powershell script to - install nuget server ? did anyone write this script
2019-09-18
Hi all
I’m quite new to terraform for aws
I’m currently trying to clean our existing AWS ressources, and I want to use the terraform-aws-iam-s3-user
I’m trying to add a single iam user, and his access to a bucket, for staging and production env
The problem is that the “aws_iam_user_policy.default[0]” created by the staging user will be replaced by the prod user
What am I doing wrong
?
Terraform will perform the following actions:
# aws_iam_user_policy.default[0] must be replaced
-/+ resource "aws_iam_user_policy" "default" {
~ id = "redacted-staging-bunny-audio:redacted-staging-bunny-audio" -> (known after apply)
~ name = "redacted-staging-bunny-audio" -> "redacted-production-bunny-audio" # forces replacement
I’ve created a tfvars file for each user
Could you share your tf files?
I warn you
It’s a mess
I have this in the http://main.tf
module "s3_user" {
source = "git:<i class="em em-<https"></i>//github.com/cloudposse/terraform-aws-iam-system-user.git?ref=tags/0.6.0>"
namespace = var.namespace
stage = var.stage
name = var.name
attributes = var.attributes
tags = var.tags
enabled = var.enabled
force_destroy = var.force_destroy
path = var.path
}
data "aws_iam_policy_document" "default" {
count = var.enabled ? 1 : 0
statement {
actions = var.s3_actions
resources = var.s3_resources
effect = "Allow"
}
}
resource "aws_iam_user_policy" "default" {
count = var.enabled ? 1 : 0
name = module.s3_user.user_name
user = module.s3_user.user_name
policy = join("", data.aws_iam_policy_document.default.*.json)
}
provider "aws" {
region = "eu-west-1"
}
This in the http://stgbacuket.tf
resource "aws_s3_bucket" "redacted" {
bucket = "redacted"
acl = "private"
tags = {
nature = "audio"
projet = "redacted"
}
}
resource "aws_s3_bucket_public_access_block" "redacted" {
bucket = "${aws_s3_bucket.redacted.id}"
block_public_acls = true
block_public_policy = true
}
this in the stgbucket.tfvars
#region = "eu-west-1"
namespace = "redacted"
stage = "staging"
name = "bunny-audio"
s3_actions = ["s3:GetObject"]
s3_resources = ["arn<img src="/assets/images/custom_emojis/aws.png" class="em em-aws">s3:::redacted/*"]
And the same for the production one
Are both <http://main.tf> and stgbucket.* in the same directory?
Yes
When you say “And the same for the production one” are you saying there is an additional stgbucket.tfvars for production?
There’s a prdbucket.tfvars
Are they both in the directory when you are running terraform plan/apply?
Yes
Did you figure this out. My real job got me distracted. I can’t see everything, but you shouldn’t have both var files in the same directory since terraform will read all of them. I have not had a chance to experiment with this.
2019-09-16
2019-09-14
Anyone know why I’m getting this error trying to add my ASG instances to an ALB target group:
Please ensure all provided Target Groups have target type of instance
Not sure if it’s how I have my ASG configured or what… the terraform-aws-alb module hard codes the target group type to ip, but the aws_autoscaling_group resource doesn’t specify anything about target group type. Assuming I’m doing something wrong because this seems like the modules for ALB/ASG would never interoperate correctly.
Changing target_type to instance resolves this error in 0.12
2019-09-13
@Khun Open a PR
Why would you not want versioning on a thing?
so it’s not possible at the current state
2019-09-12
Hi, https://github.com/cloudposse/terraform-aws-kops-chart-repo/blob/master/main.tf#L24 - is this possible to override this so that this bucket won’t have versioning?
2019-09-09
2019-09-08
2019-09-07
2019-09-06
Hi guys! Since we are #terraform-aws-modules channel Shameless plug, https://github.com/terraform-aws-modules/terraform-aws-s3-bucket - this module supports ALL (all I can imagine at least) features provided by Terraform AWS provider. See complete example code - https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/blob/master/examples/complete/main.tf
@antonbabenko Excellent module. Is there any way/workaround to have the storage class be non standard by default and/or have a shorter than 30 day transition period?
Yes, I believe so if it is supported by the AWS provider
I need to look into it, but last I checked, I didn’t think that was possible
I think I saw something like 30 days minimum, so you are probably right. It is a limit of AWS, not Terraform.
Does anyone know if the terraform-aws-rds module supports serverless mode for postgresql?
@rohit what module/repo?
it should support it I guess since those are just settings
take a look for example at a similar CloudPosse module which was deployed for serverless https://github.com/cloudposse/terraform-root-modules/blob/master/aws/grafana-backing-services/aurora-mysql.tf#L139
@aknysh thanks
@antonbabenko terraform-aws-rds-aurora module still requires database instance type when using serverless mode. Am i missing anything ?
I do not see instance type option in RDS console when serverless mode is selected
@aknysh any ideas on my above question ?
for serverless you don’t specify instance type (that’s why it’s serverless). You specify Capacity settings
correct, but when using the terraform-aws-rds it does ask for instance type
so i am wondering if it is a bug
instance_class has to be specified, but it is more like a bug in the module, because it was created before serveless became a thing
PR is welcome
@antonbabenko thanks. I will submit a PR shortly
would the team accept PRs enabling some of these modules workable in AWS govcloud?
specifically around hardcoded arn formats
@Shannon Dunn I think it was your open issue for the EMR module on GitHub
Yes, PRs are welcome
2019-09-04
Does this s3 bucket module support CORS rules? https://github.com/cloudposse/terraform-aws-s3-bucket/tree/0.3.1
I see there is a value for “var.policy” but I’m not sure if I can pass cors rules in there
It does not:
But I am sure that you could put in a PR to make it so that it does.
@cabrinha
You might have to do some count magic though with two bucket resources in the module since that is a resource block and not a map.
@cabrinha you might prefer our s3 website module if you want to work with websites
The bucket module we have now is more for private buckets
Ah thanks
2019-08-29
@Robert has joined the channel
2019-08-28
Ah, realized the issue was the source for terraform-null-label needed to be updated. I’m not sure if CP is planning to maintain backwards compatibility with 0.11 but I upgraded the module to 0.12 and opened a PR. If backwards compatibility is needed, feel free to point out (or to a reference upgrade) how that might be accomplished and I’d be happy to revise the PR. I am implementing a green field project so I’m starting with 0.12.
https://github.com/cloudposse/terraform-aws-named-subnets/pull/15
Did anyone Come across NPM memory Issues ?
2019-08-27
hi, i want to create an aws_iam_role and aws_iam_policy resources and link them with an aws_iam_role_policy_attachment, which module would be best suited for this? does terraform-aws-iam-role do the job, looks like the policies are defined as json docs using data, does this create the aws_iam_policy? or does it achieve the same result?
sorry, just looked at <http://main.tf> yes
Using the terraform-aws-named-subnets (tag 0.3.4) module, I get errors with Terraform 0.12. Anyone know off the top if this is a bug or if it’s a 0.12 incompatibility? I’m creating private subnets for resources that don’t need a public subnet or NAT’ing.
Error: Missing resource instance key
on .terraform/modules/data_private_subnets_us_west-2b.public_label/outputs.tf line 29, in output "tags":
29: "Stage", "${null_resource.default.triggers.stage}"
Because null_resource.default has "count" set, its attributes must be accessed
on specific instances.
For example, to correlate with indices of a referring resource, use:
null_resource.default[count.index]
the module is not converted to 0.12 yet, but 0.12 is very complaining about accessing resources with count as a single value
try this
"Stage", "${join("", null_resource.default.triggers.*.stage)}"
Thanks Aknysh. I’ll fork it and play around, see if I can resolve it and open a PR. Completely new to Terraform so the interpolation mechanics + 0.11/0.12 changes are pretty much Greek to me
2019-08-23
The variable “lambda_settings” is required, so Terraform cannot proceed without a defined value for it.
[10:50 PM] anyone came across this issues
2019-08-16
There’s an import option, but I think that also depends on the resource https://www.terraform.io/docs/import/ .
2019-08-15
I have an existing aws ecs cluster (made by hand) and would like to update it by using terraform. Is there any documentation for updating existing aws services (alb, ecr, ecs)?
2019-08-14
The hashicorp registry is a free for all. Anyone can publish modules there working or not. =/
However, the registry has been awesome at bringing awareness to modules!
we attribute a lot of our growth to this.
2019-08-13
Does anyone else find it strange that https://registry.terraform.io/ rarely work without having to debug intermediate files? I never have them work the first time and sometimes find examples that could have never run at all.
(AWS and GCP, that is. I have not worked with the other platforms.)
Kudos to this guy for at least thinking about testing: https://github.com/npalm/terraform-aws-gitlab-runner/issues/81
@antonbabenko’s stuff is a notable exception also. Why can’t more people be like him?
@Blaise Pabon we at CloudPosse are trying to be like him as well
for each module we convert to TF 0.12, we are adding tests with bats and terratests
and we actually deploy it to the test AWS account on each PR using Codefresh pipelines
Yes, I wasn’t trying to fault the community as much as expect that Hashi could do something to have a quality gate of some sort.
and I know from talking to @Erik Osterman that you guys try to use bats and terratest where possible.
in all modules
deploying the examples to real account https://github.com/cloudposse/terraform-aws-rds-cluster/tree/master/examples/complete
OK. well, I think we can all agree that the Cloud Posse is Awesome … I was just wondering why does Hashicorp registry code quality control suck so badly? when they have sooo much money and they own most of the stack. It’s not like they are hosting legacy NetBSD drivers….
2019-08-12
Hello! I want to share with you resource:for_each and dynamicfor_each construction for terraform 12.6 and AWS S3. Hope this helps you work with large arrays of resources. https://github.com/devops-best-practices/terraform-best-practice/blob/master/s3.tf
Hey people, looking for terraform template on vpc peering ( syntax 0.12) any help plz
2019-08-06
@Erik Osterman cloudposse module. trying https://github.com/cloudposse/terraform-aws-ecr.git?ref=0.6.1 with a basic configuration
module "ecr" {
source = "git:<i class="em em-<https"></i>//github.com/cloudposse/terraform-aws-ecr.git?ref=0.6.1>"
name = "${var.app_name}"
namespace = "${var.app_name}"
stage = "prod"
}
but it keeps coming up with that policy error. i thought the policy was optional from the module description?
@mmarseglia let’s move to #terraform
sure!
@Erik Osterman set the channel topic: 
https://github.com/terraform-aws-modules/ (not cloudposse modules)
2019-08-05
@mmarseglia cloudposse module or https://github.com/terraform-aws-modules/ module?
2019-08-02
i’m using v0.6.1. of the ecr module and get the following error aws_ecr_repository_policy.default: InvalidParameterException: Invalid parameter at 'PolicyText' failed to satisfy constraint: 'Invalid repository policy provided' i did some searching and it looks like there was a condition where the IAM policy state wasn’t consistent but I thought that was fixed in the terraform aws provider.
2019-08-01
2019-07-31
2019-07-30
So I’m thinking of installing a private gitlab …. and before I cobble together these modules to reproduce their reference config (see diag below), I wanted to check here to make sure there wasn’t a better way:
hmmm, it looks like this tutorial may do the trick, thanks https://medium.com/@aloisbarreras_18569/architecture-overview-of-gitlab-on-aws-d260c16a2ad7
Would need export for old gitlab installation and import for such a new environment.
In this case, I have no existing gitllab, so the whole installation would be new.
2019-07-29
does anyone know what the aws elasticbeanstalk config option CONFIG_SOURCE is for? I can’t find any aws documentation on it. https://github.com/cloudposse/terraform-aws-elastic-beanstalk-environment/blob/01d405201c192ee1948ea97bff6742140b1cfbba/main.tf#L707
Hey Folks, Trying to find some Terraform Modules related to AWS - app stream service ( for creating fleets and stacks) any help appreciated
2019-07-22
2019-07-20
2019-07-19
what’s the recommended pattern for dealing with security groups for ec2 instances? should i create them in their own plan?
Why not create them along with the instance(s)? There is a good module on the registry for security groups
hey, thanks, i found it and used it. very good module indeed, aims to implement all features… nice!
question and it may be because i’m new to tf, but using https://github.com/cloudposse/terraform-aws-rds/releases 0.9.0 - copying and pasting the example as-is i’d expect tf plan to more or less work as-is knowing i obviously need to assign the sg’s and subnets. but i’m getting more than that (attached in thread).
$ tf version
Terraform v0.12.5
any pointers accepted while i continue to debug here.
seems bound to tf version: https://github.com/terraform-aws-modules/terraform-aws-rds/issues/111
We are converting the module to TF 0.12 now
Should be done in 1-2 days
The current module doesn’t work with 0.11
0.12 sorry
thanks for the response! will hold tight - thank-you
2019-07-16
Anyone had https://github.com/cloudposse/terraform-aws-tfstate-backend/blob/master/main.tf#L104 not set versioning correctly?
Looks like it should do the right thing….but I noticed no versioning on the state bucket
from statefile ^^
Manually flipped the versioning flag on the bucket, re ran a plan, no-op
0.12 or 0.11?
0.11, using the 0.11 release of the module (0.7.0)
https://github.com/terraform-providers/terraform-provider-aws/issues/8051 sounds like what I’m seeing, in terms of TF not wanting to change it back at least
Not sure why it was never set though..
While I remember, can we get a new release of https://github.com/cloudposse/terraform-aws-iam-account-settings/releases cut?
2019-07-15
any ideas about my above question ?
2019-07-14
Is there a way i can set a flag to enable/disable cross region replication using terraform-aws-modules/rds/aws moudle ? I do not want to enable replication in non production region but want it in production
Is anyone aware of how to do this ?
2019-07-10
Another one, I got module terraform-aws-cloudfront-s3-cdn working by creating the acm and parent zone prior to using the module. Just a quick question. Do I need to create an Alias record to now point to the created CDN?
CDN itself uses http://cloudfront.net domain
To access the site from your domain, you need to create an alias record
Thanks @aknysh so I need to create an alias record http://X.mycompany.com to point to the cf_domain_name output (http://xxx.cloudfront.net).
Thanks for the help
Also is there a good fargate module?
Is it best to create an ECS Fargate resource then use the modules for terraform-aws-ecs-container-definitionand terraform-aws-ecs-alb-service-task? or is there a simpler way to provision an Fargate cluster for a simple app?
@Bruce Dominguez we have a complete working example here https://github.com/cloudposse/terraform-root-modules/tree/master/aws/ecs
we use it to deploy atlantis on ECS Fargate
Thanks @aknysh
2019-07-09
Hi guys I am running into an issue with the module terraform-aws-cloudfront-s3-cdn. I am looking to create a S3 website backed by Cloudfront. As part of the same code I am creating:
- Route53 public hosted domain
- Cloudflare NS records
- ACM cert validated by dns
All of the above works perfectly but when I add the terraform-aws-cloudfront-s3-cdn I get
Error: Reference to undeclared resource on .terraform/modules/cloudfront_s3_cdn.dns/main.tf line 5, in data "aws_route53_zone" "default": 5: depends_on = [aws_route53_zone.this]
Any ideas? Do I need to create the Route53 resources first before running this module?
@Bruce Dominguez if terraform says undeclared resources, then check if you have those resources in the code
to create an S3 website with CloudFront CDN, this might help https://sweetops.slack.com/archives/CB6GHNLG0/p1562177967452800
Guys do you have idea whats wrong with subnet module which calls label?
Error: Missing resource instance key
on .terraform/modules/private_subnets.private_label/outputs.tf line 2, in output "id":
2: value = "${null_resource.default.triggers.id}"
Because null_resource.default has "count" set, its attributes must be accessed
on specific instances.
For example, to correlate with indices of a referring resource, use:
null_resource.default[count.index]
i see what the error is but is it updated to work with 12>?
@aknysh
@Milos Backonja what module are you using? (and what terraform version?)
if you are using https://github.com/cloudposse/terraform-aws-dynamic-subnets, it’s updated to TF 0.12
Thanks @aknysh. I tried before I post message with dynamic sub-nets module and that one is working. I have issue with named subnets and multi-az subnets modules. I set terraform-null-label to version 0.14.0 (which is used in dynamic subnets module) and was able to eliminate errors regarding count , but I started to see new errors. I use terraform 0.12.x
Those are not converted to 0.12 yet
Only dynamic subnets
Thanks @aknysh I will check out the example.
2019-07-08
2019-07-03
@cabrinha yes, sorta. https://github.com/bitflight-public/terraform-aws-ecs-cluster
thanks @, I think this might actually be more useful to me than the Airship module!
Haha. It deviates a little from @ version to fit a project requirement I had. But I still use it since I like having spot instances built in
oh, where it says:
variable "key_name" {}
do you mean the name of the .pem file on my station?
@Blaise Pabon it means the name of the aws key you want to use. You either type in an existing one. Or generate a new key and provide that name.
2019-07-02
In the cloudposse repos, how is the terraform.md file generated in the docs folder on the repos? Some Automated script that pulls from the http://variables.tf?
@ hi
this channel is not for Cloud Posse repos, it’s for https://github.com/terraform-aws-modules/
but to answer your question, we run the following commands:
make init
make readme/deps
make readme
Ah ok, sorry about that. Thanks I’ll take a look at that.
build-harness gets included in the repo’s Makefile, e.g. https://github.com/cloudposse/terraform-aws-key-pair/blob/master/Makefile#L6
is there a module for an ASG with a mixed instances policy?
2019-06-24
Hi guys, I’m having trouble accessing the kibana web interface via a browser after running the terraform module.
I’m connect to a VPN and allowed the VPN cidr block to access the es cluster yet when I hit the kibana link, I get {"Message"<i class="em em-"User"></i> anonymous is not authorized to perform: es:ESHttpGet"}.
I tried adding the cidr block to the access policy but I get UpdateElasticsearchDomainConfig: {"message":"You can’t attach an IP-based policy to a domain that has a VPC endpoint. Instead, use a security group to control IP-based access."}
I can use the domain template to not require signing request with iam credential, which does allow me to access kibana but this is not my ideal way to set it up.
2019-06-21
Looks like I’m having some issue with the EKS module https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/4.0.2
kubectl get svc
NAME TYPE CLUSTER-IP EXTERNAL-IP PORT(S) AGE
exiled-marmot-mysql ClusterIP 172.20.29.176 <none> 3306/TCP 2d
kubernetes ClusterIP 172.20.0.1 <none> 443/TCP 3d
is there no way to get VPC IPs now?
hm, maybe its just the subnet tagging that I was missing
@cabrinha the latest version of the dynamic subnet module handles the public private subnet tagging correctly.
nice thanks
are there tags needed?
never saw any docs on that
It depends. Many of the kubernetes services that need to access and discover aws resources require that those resources are tagged in a way that relates to the kubernetes cluster
Such as http://Spinnaker.io and http://cpco.io
The dynamic subnets module allows you to specify a tag and a value
i preferred the dynamic sinners module myself
Ha
https://github.com/cloudposse/terraform-aws-dynamic-subnets was converted to TF 0.12, real tests added (using bats and terratest), the tests create real resources in AWS and check them
@cabrinha regarding what @ said, there are two variables https://github.com/cloudposse/terraform-aws-dynamic-subnets/blob/master/variables.tf#L1 and https://github.com/cloudposse/terraform-aws-dynamic-subnets/blob/master/variables.tf#L7 which you can use to implement any type of tagging for the subnets
yeah we’re just starting to get into EKS now, most of our AppMesh stack is for use in ECS
2019-06-19
@Callum Robertson this channel will help you.
yes @Callum Robertson, the light side of the force is strong in this channel.
@Callum Robertson has joined the channel
2019-06-18
@cabrinha this app mesh module’s example is getting bigger than the actual module
haha
lel
yeah thats expected when you’re making on ECS cluster, VPC and all that
I have a few things still to do today:
- Complete the codepipeline build and deploy to ecr from s3 source
- Complete the task wrapper
- Complete the IAM roles required for running the tasks
- Complete the ECS Service Update pipeline
2019-06-14
@ not sure if this affects your module approach: https://aws.amazon.com/about-aws/whats-new/2019/06/aws-app-mesh-service-discovery-with-aws-cloud-map-generally-available/
(I think I will need to watch a video or adjust my meds, because I didn’t understand that announcement…)
(oh, boy, I just noticed the video is from AWS Summit Anaheim and I was at that show …I guess I must not have been paying attention.
2019-06-12
Looks like someone started already 
https://github.com/bitflight-public/terraform-aws-app-mesh
@
@ has joined the channel
@cabrinha meet @
hi
hello
let me know if you need any help on the app mesh module, it looks great so far
@cabrinha when did you need it by? I am starting by making an mvp using terraform 0.12, and I’m not going to include all of the node features like logging and health checks at the start
i’d like to use terraform 0.11
and need? well the sooner the better
So once the mvp is done, you can do pr’s to add in other features and such
Error downloading modules: Error loading modules: module virtual_router_label: duplicated. module names must be unique
this is the error I get as it sits now
Lol. Yeah it’s not ready yet I’ve only been writing it for about 3.5 hours
(that means Jamie will have a few PRs open in ~30m)
Ha.
It’s 7pm for me and I was about to have a beer. I am gonna keep going tomorrow:)
Btw @cabrinha are you using an existing module to create your services and ecs cluster?
nope, we use our own in-house module
Ok. So to make app mesh work the task definitions have to have an extra two sidecar containers running in them
sure, envoy and xray
Yeah.
thats easy, i’ve got my task-definition sorted out already
So what I’ll do it create a template wrapper for generating the task def
That adds the sidecars as well
So you can pass in your container def, and ports, and app mesh name, and it outputs the full task def
With the ports, proxy, and labels in place
hm ok that sounds cool
I’ll need to make it for when I do the example anyway
Anyway, I’ll update it further tomorrow
2019-06-11
anyone have an AWS AppMesh terraform module they’re working on?
Not yet. Will probably be on my project list next month
2019-06-06
Has anyone tested provisioner during terraform destroy? Destroy-Time Provisioners
<https://www.terraform.io/docs/provisioners/index.html>
We are currently testing it and destroy handle doesn’t seem to pick up…. If someone has tested, please advise?
Hey guys, using this module: https://github.com/cloudposse/terraform-aws-s3-log-storage?ref=master and running into an issue where the ALBs I’m creating don’t have access to the bucket. Is that an attribute input I need to set?
this channel is for https://github.com/terraform-aws-modules/
Ah my apologies. I’ll use terraform channel
thx!
2019-06-05
That’s a pretty nice module. Is there a way to output the ALB DNS name for R53 records?
Woah! just hit my first v0.12 compatibility gotcha. We have extensive use of the null-label module and are running v.11. So this hit us… https://github.com/cloudposse/terraform-null-label/commit/e2b880b2bad3cd8ceaa87c56176c15d92e28775d Anyway - a quick sed -i "s/.../.../" solved it.
@David Latham please make sure you never pin to master in any of your infrastructure code
(it’s not possible to maintain backwards compatibility between releases and pinning to a release is the only way to ensure stability in a global ecosystem of terraform modules)
I like the minimalistic usage of terratest there.
use 0.11.1 or earlier
yup - I guess I would need to thank our consultant for that. Luckily it’s not pinned to master everywhere - just this one project and a simple enough PR to fix.
really really stupid question but I’m so lost: i’m trying to provision a cross-region rds replica but I can’t figure out how to create KMS keys for two different regions (us-east-2 for the source db and us-west-2 for the replica db). Do I resource two aws_kms_key and specify the region somehow?
@ian are you using one of these modules: https://github.com/terraform-aws-modules/
no a senior dev has rolled his own setup but it’s similar to those modules and I can use them as a reference
2019-06-04
2019-06-02
Hey all, does anyone have some recommendations on a terraform module setup for an ecs fargate cluster setup? It needs to support 4 services per cluster, alb, possible nginx side car container integration. Thoughts? I had one working for a while, but the tags broke.
I’m in the process of upgrading mine for fargate support. Need to finish it this week. Have too many things that need it
There was an awesome module by azavea but the tags broke on it for TFE, so I gotta find a new module. The last one was perfect, created the ALB, the ECS cluster, multiple services.
autoscaling policies, etc. Preferably I could find another one like it, but if I have to use multiple, oh well. What are you using in your setup?
Mine handles ECS service on ECS2, alb, , tags, and things. It is for a service. So, you can create as many services as needed. Both container and task definitions can be overridden for more complex setups (like sidecars, proxies). Partial fargate support is there. But not awsvpc networking yet
Also, this conversation should be in #terraform
2019-04-24
Hi, is there any option on terraform-aws-cloudtrail to configure a trail for an organization?
For all member accounts of that organization, the option is_organization_trail on the aws_cloudtrail
@Roger Gomez https://github.com/cloudposse/terraform-aws-cloudtrail was created before AWS added CloudTrail for organizations
you can open a PR to add is_organization_trail
ok, I will do that, thanks, working on it now
let’s move to #terraform , this channel is for https://github.com/terraform-aws-modules/
2019-04-10
BUT
I still would like complete control over the DNS name that gets created. Why not offer that to users of the module and if nothing is set, it’ll use the defaults currently in place?
I feel like there should just be simple way to override the naming of these things.
From looking at the code, it’s kind of hard to tell how the DNS CNAME is going to come out the other end.
@Erik Osterman @aknysh what do you think? https://github.com/cloudposse/terraform-aws-efs/pull/25
If you guys want me to update the docs and stuff like that just lmk if we can move this forward.
@cabrinha thanks, reviewed the PR
SO nice to be able to get an option added to this module within the cours of a couple hours!
next time, let’s do it in #terraform
this channel is for https://github.com/terraform-aws-modules/
will do
2019-04-09
I feel like we should be able to override certain tags/names
like namespace – this means nothing to me or my org
but it turns out the name of the DNS record created is affected by this and I have no control over that DNS name
in the end, the cloudposse modules are designed to be internally consistent
due to limitations of the HCL language, we cannot easily accommodate the differences in naming conventions
(for example, environment vs stage)
this is quite opinionated, but is the only way we’ve been able to manage writing 140+ terraform modules that work relatively well together
why not use the established convention namespace-stage-name? what’s wrong with using `namespace? It could be your org name or abbreviation, or just something else specific to your use-case
i feel like it could be easy to override the tags or leave them out
(nothing is easy when the change means percolating it out to 140 repositories = 140+ pull requests)
so the main reason of doing that is to have consistent and globally unique names for ALL AWS resources
especially for global resources like S3 buckets
where you can easily have naming conflicts
so by using everything consistently, we usually eliminate the possibilities of conflicts (on global resources as well)
when you automate everything, naming global AWS resources is difficult
thats fine and makes sense
i guess i can still add my own additional tags
so why not use the same patterns to name ALL resources? it’s easy to automate w/o thinking about it
i just dont like that this EFS module created a DNS record prefixed with eg-
eg-$my_env-$my_name-efs.$my_domain
so that’s a great name however, a CNAME to your service discovery domain would be even nicer
the e.g. is for “Example given”
we default to that ugly prefix so users change it
i’d love to have service discovery here, we’re working on that
yeah so … changing it…
why can i change but not omit?
i just want $my_env-$my_name-efs.$my_domain as the cname
I think in current versions of terraform-null-label we don’t enforce the namespace, however, it’s not been percolated out
perhaps i could open a PR
that said, from a consistency perspective, i don’t like it since it leads to inconsistency and while that works in smaller infrastructures it falls apart at scale.
a naming convention is a naming convention … as long as it’s consistent, it can be xyz-efs.$my_domain – users should be able to create their own conventions
not sure if this is where i’m supposed to be looking
Ah, perhaps the real fix is here: https://github.com/cloudposse/terraform-aws-route53-cluster-hostname
I’m not sure I’m understanding how all these modules are chained together, but I think it’s understood what I’m trying to do.
actually, by setting namespace to an empty string, it works!
2019-04-08
anyone ever use this module? https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/v2.16.0
in the readme example, they’re passing in a VPC ID as a CIDR block for a security group rule
module "db_computed_merged_sg" {
# omitted for brevity
computed_ingress_cidr_blocks = ["10.10.0.0/16", "${data.aws_security_group.default.id}", "${module.vpc.vpc_id}"]
number_of_computed_ingress_cidr_blocks = 3
}
but I’m having some issue doing the same
@cabrinha just briefly looking at the code above (I did not use the module), looks like both "${data.aws_security_group.default.id}", "${module.vpc.vpc_id}" do not return CIDR blocks - they return IDs
exactly, so im wondering if its supposed to be possible to pass in a VPC ID into the module
maybe i should just open an issue asking that question
Hi all, I have a question about this module (let me know if I am asking in the wrong channel!) https://github.com/cloudposse/terraform-aws-ecs-web-app?ref=tags/0.5.0 . Is there a way to create a task definition with multiple images defined? It seems possible via this module - https://github.com/cloudposse/terraform-aws-ecs-container-definition/blob/master/examples/multiple_definitions/main.tf - but this is being used by the terraform-aws-ecs-web-app and I believe I can’t pass directly to it. Thank you for any and all help?
hi @Noah Kernis let’s move to #terraform
@aknysh moving there
2019-04-07
Hey @Edd this channel is for https://github.com/terraform-aws-modules/
maybe try #terraform
2019-04-04
Hey folks, I’m trying to use this module - https://registry.terraform.io/modules/cloudposse/cloudfront-s3-cdn/aws/0.7.0 - and am encountering a CORS error when Terraform is setting up the S3 bucket
* module.cloudfront-s3-cdn.aws_s3_bucket.origin: 1 error(s) occurred:
* aws_s3_bucket.origin: Error putting S3 CORS: MalformedXML: The XML you provided was not well-formed or did not validate against our published schema
status code: 400, request id: B49313C1B360E967, host id: 9CNDQqYA3/F0FAXlsFPIYVhAAJZoYiYQrBo/sZ1K8ZohYGgSNNJVYL3FOCDUB0fCs+wq4JftevE=
2019-04-03
@antonbabenko Is there a way to add custom providers to terraform-aws-atlantis without making a new atlantis image?
Do you mean terraform providers which you can use in your terraform configs?
Yes
You can call custom command/script (https://www.runatlantis.io/docs/custom-workflows.html#custom-init-plan-apply-commands) which will download providers before running terraform plan
but I think embedding them into an image is good option if you are not going to change them very often.
I thought of that, but concluded it’s too hacky.. haha
agree
2019-04-02
Open an issue in that repo and maybe someone will be able to help with EKS module.
Try to update the aws provider: “terraform init -upgrade” because endpoint private access is a recent feature
2019-04-01
Morning all. Sorry if this is the wrong channel but: Would anyone happen to know if this module can be used to dynamically create 255 /24 subnets? https://github.com/cloudposse/terraform-aws-dynamic-subnets/
better to use #terraform since this channel is for https://github.com/terraform-aws-modules/
Ah, gotcha. Thanks Erik!
Hello terraformers, I am using this eks module https://github.com/terraform-aws-modules/terraform-aws-vpc and recieving this error
Error: module.eks_cluster.aws_eks_cluster.this: vpc_config.0: invalid or unknown key: endpoint_private_access
Can anyone help?
@Vidhi Virmani i think you are using https://github.com/terraform-aws-modules/terraform-aws-eks, ping @antonbabenko for help with the module
Thanks @aknysh. I have messaged him.
2019-03-18
This channel is for https://github.com/terraform-aws-modules
Ah, sorry. Moving it.
I think you are asking about the cloudposse Atlantis module? Or the one in terraform-aws-modules?
Yes, the cloudposse one. I moved it to #terraform or would another channel be better?
2019-02-22
still having problem with the above issue so if anyone has any ideas what could be wrong I gladly take your input! Have updated with comments to the issue. @aknysh @Erik Osterman
@ glad you found the issue with the image_id
not sure why it’s not working for you, maybe some permissions
here https://github.com/cloudposse/terraform-aws-eks-workers/blob/master/main.tf#L124, if you set image_id to some ID, it will not be looked up in the data source (you don’t need to comment out anything)
2019-02-21
having some initial issues getting started with the EKS cluster and workers modules
2019-02-14
@Erik Osterman set the channel purpose: Discussions related to https://github.com/terraform-aws-modules Archive: https://archive.sweetops.com/terraform-aws-modules/
2019-02-06
@joshmyers Please take a look at https://github.com/bamaralf/terraform-aws-s3-bucket/tree/tf_0.12
2019-01-30
@Erik Osterman I liked that we can use null as a variable value. There are the dynamic blocks and for_each loops that I can use to create optional and nested configuration blocks, but this is not straight forward in module that use resources with nested blocks with several levels.
I created the modules from scratch
@bamaral Got anything to look at? Am sure lots of folks would be interested
I’ll just move the modules from a private repository (not in github) to github and I’ll share the links here
2019-01-29
I created Terraform 0.12 modules for several AWS resources.
I’ll create some forks hehe
@bamaral how was the overall experience?
Did you port existing modules or start from scratch?
2019-01-17
Hey guys, I was taking a look at: https://github.com/terraform-aws-modules/terraform-aws-redshift
seems it does not support snapshot_copy feature
how are you handling that? we are using a count to check if we require snapshot copy, but feels a bit hacky
@ I don’t use redshift myself, can’t help much. In any case count is probably the best solution.
yeah that is what we do with some other, but as RS was so big, I was trying to avoid doing it
@Max This channel is for questions related to modules under https://github.com/terraform-aws-modules/ org. Consider asking in #terraform which is a better fit.
@Max hi, let’s move to #terraform
2019-01-14
Thank you guys !!
2019-01-11
@Pablo Costa Hi! This channel is for modules inside https://github.com/terraform-aws-modules/ . You can try to copy your question to #terraform , but I will answer you question anyway - no, it is not possible.
S3 websites are always public, have public URLs
Wouldn’t this work? https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html#example-bucket-policies-use-case-3 I think I tested it in the past and it did (not with a TF module though)
for the bucket itself yes (you can host the bucket behind a CloudFront CDN), but I think not when it’s a website (need to check that) (plain bucket and S3 website are diff things)
Yup, pretty sure I tested with website as I had a similar use case (without CloudFront)
2019-01-10
Hello, I was planning to use terraform-aws-s3-website module for hosting a private website intended to be accessed only through VPN as a kind of intranet site, but I couldn’t find a way to filter the access. Would It be possible ?
2019-01-04
Is there a limitation that prevented BitBucket support for terraform-aws-atlantis?
I just think it’s b/c anton didn’t have time to implement it
also because Bitbucket just sucks @ I’ve implemented it with bitbucket, but with a modified version of the module some time ago already.
let me know if you need help
@ Would love to see your modified version. I am also trying to figure out how to work with Fargate - how would I configure AWS credentials, for example?
The Fargate service has an IAM role, you can configure the role to have the Administrator policy, or better, to give it a policy to allow assuming roles into something Terraform works with
I agree to both of you guys - I didn’t have time and desire (aka “use case”) AND bitbucket sucks. Happy week-ends!
Really, it should be very easy to do, if there is a proper support in Terraform.
2018-12-12
Hello there, is this the right place to ask about this module? https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn
since the topic of the channel is different, not sure whether this is the same group of people
sorry, I get that
read few messages above
thanks, sorry for spam
ok, sorry sorry
NP, as @Steven said, lets move to the #terraform channel
for sure, maybe greetbot could direct me right from the start? haven’t used that one…
Oh interesting… you should be receiving a DM from the greetbot with a list of channels and what they do
Let me know if you didn’t get that and I’ll look into it
nope, no DM from greetbot, it just welcomed me in the #general channel:
oh he did, sorry:
so that’s just me being stupid. I just didn’t read that … my fault
greetbot has not idea what question you are about to ask
i meant something like: welcome here, this channel is about $topic and not about anything else
that’s a good point. I want to make sure we’re doing that.
Stupid question by me: when you joined, you didn’t see a message about this:
@
hrm… yea, i left and rejoined, didn’t see anything.
don’t know if that’s b/c I was already in the channel
I noticed the topic, but my question was about https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn and I wasn’t sure whether this is about the same or if that’s a different company. #terraform is a place for whole community around terraform including other companies as well then? This is just for “pure” terraform company modules then? I’m quite sure I’ll get there with some questions later
2018-11-30
@Erik Osterman set the channel topic: https://github.com/terraform-aws-modules/
2018-11-14
hey
- aws_elasticsearch_domain_policy.default: InvalidTypeException: Error setting policy: [{
“Version”: “2012-10-17”,
“Statement”: [
{
“Sid”: “”,
“Effect”: “Allow”,
“Action”: [
“es:ESHttpPut”,
“es:ESHttpPost”,
“es:ESHttpGet”
],
“Resource”: [
“arn
esXXXXX:domain/new-test-es/*”,
“arnesXXXXX:domain/new-test-es”
],
“Principal”: {
“AWS”: “arniam:XXXXXXinstance-profile/kasun-role”
}
}
]
}]
status code: 409, request id: b46c5087-e7ee-11e8-8ec7-21744bcecad8
after running terraform
Hey Kasun, maybe explain what the problem is and with which Module of terraform-aws-modules and then maybe someone can help you out.
ecs already created
but i could access it publicly
seems that dns resolve the vpc ip address .. anyway to access kibana in publicly
Ah ok, move it to #terraform , this channel was specifically made for modules of https://github.com/terraform-aws-modules/
2018-11-12
@antonbabenko Hi Anton, I’ve always used this as egress with your modules, since updating last terraform I’m getting continuous updates. Just to check with you.. this is alright correct ?
egress_with_cidr_blocks = [
{
rule = "all-all"
cidr_blocks = "0.0.0.0/0"
},
]
@jonboulle has joined the channel
Maybe AWS changed something ? This is how it’s defined in the module and has always been working: all-all = [-1, -1, “-1”, “All protocols”]
Now it seems that with -1 protocol aws still wants from_port and to_port to be both 0
oops
@ yeah I ran into something similar last week with a different API
99.9% sure it’s an AWS change
looks like it does require ports be set to 0 if protocol=-1
Hi guys. I can’t verify this now, but I saw very recently a PR in terraform aws provider which is very much related to this. Maybe there is a breaking change.
doh
@Gabe has joined the channel
2018-11-10
@antonbabenko has joined the channel
I should join this channel, though don’t expect a lot of attention from me unless you mention my username
Hi @antonbabenko , nice to have you here :)
2018-11-09
@ has joined the channel
@ has joined the channel
2018-11-08
@endofcake has joined the channel
I’m in the middle of a TF module for a serverless AWS photo gallery driven by dumping images into S3 :D
Related but not related, came across this the other day: https://github.com/awslabs/serverless-image-handler
Run Thunbor on lambda
Oh, thumbor looks nice
@Andy has joined the channel
@Steven has joined the channel
@aknysh has joined the channel
@nian has joined the channel
@Yoann has joined the channel
@mmarseglia has joined the channel
@davidvasandani has joined the channel
@Pablo Costa has joined the channel
2018-11-07
@Erik Osterman has joined the channel
@Erik Osterman set the channel purpose: Discussions related to https://github.com/terraform-aws-modules
@joshmyers has joined the channel
@solairerove has joined the channel
@ has joined the channel
@Nikola Velkovski has joined the channel
I know we’ve been pretty focused on CloudPosse modules, but I want to see if we could enable some a group collaboration for other projects
@ has joined the channel