#terraform-aws-modules

Discussions related to https://github.com/terraform-aws-modules Archive: https://archive.sweetops.com/terraform-aws-modules/

2019-10-15

cabrinha

Not sure if the claranet guys are in here, but I’m having some issues with this lambda module: https://github.com/claranet/terraform-aws-lambda/issues/33

Support golang · Issue #33 · claranet/terraform-aws-lambda

Hi, Is there a version of this that supports go workflow? Cheers!

cabrinha

I can’t really figure out where the terraform module expects the zip or the binary to be when it calculates it’s hash.

2019-10-08

Sharanya

Lookin for a terraform Module For - RDS- Instance Configuration : SQL Server Standard 2017, 2017 v14

2019-10-01

Karoline Pauls

@Rajesh Babu Gangula it’s from a submodule, i told them they can try to use a fork

2019-09-30

Rajesh Babu Gangula

“statement” ==> statement – remove the quotes

Rajesh Babu Gangula

@Alex Co

2019-09-29

Alex Co

hi i’m using the terraform iam role module

Alex Co

while init the module with release 0.4.0, i got this error

Alex Co
Error: Invalid argument name

  on .terraform/modules/role.aggregated_policy/main.tf line 24, in data "aws_iam_policy_document" "zero":
  24:   "statement"   = []

Argument names must not be quoted.
Vidhi Virmani

Can you please share the link of module you are using?

Vidhi Virmani

Looks like this module git://github.com/cloudposse/terraform-aws-iam-policy-document-aggregator.git?ref=tags/0.1.2> can be used with terraform version 0.11v.

cloudposse/terraform-aws-iam-policy-document-aggregator

Terraform module to aggregate multiple IAM policy documents into single policy document. - cloudposse/terraform-aws-iam-policy-document-aggregator

Karoline Pauls

you can refer this commit from this fork: https://github.com/techfishio/terraform-aws-iam-policy-document-aggregator/commit/ca820699baca5a1345f5e4a0d73762f8ce212982

omit version in module and pass source = "<http://github.com/techfishio/terraform-aws-iam-policy-document-aggregator.git?ref=ca820699baca5a1345f5e4a0d73762f8ce212982\|github.com/techfishio/terraform-aws-iam-policy-document-aggregator.git?ref=ca820699baca5a1345f5e4a0d73762f8ce212982>"

ofc. i’m not responsible for any consequences of using someone’s fork, as well as losing eyesight from reading this message

Fix empty policy (#7) · techfishio/[email protected]
  • Fix empty policies * Fix empty policies * Fix formatting * Fix formatting
Alex Co

thanks, let me check

Alex Co

anyone know how to fix this ?

Alex Co

thanks

Alex Co

i’m using terraform 0.12.9

2019-09-27

Rajesh Babu Gangula

@here I am trying to upgrade from v.11.14 to v.12 and after going through the upgrade steps and fixing some code changes … now I am seeing following issue

Error: Missing resource instance key

  on .terraform/modules/public_subnets.public_label/outputs.tf line 29, in output "tags":
  29:         "Stage", "${null_resource.default.triggers.stage}"

Because null_resource.default has "count" set, its attributes must be accessed
on specific instances.

For example, to correlate with indices of a referring resource, use:
    null_resource.default[count.index]

did anyone faced similar issue and was able to fix it

Rajesh Babu Gangula
Downloading git:<i class="em em-<https"></i>//github.com/cloudposse/terraform-aws-vpc.git?ref=0.8.0> for base_vpc...
- base_vpc in .terraform/modules/base_vpc
Downloading git:<i class="em em-<https"></i>//github.com/cloudposse/terraform-null-label.git?ref=tags/0.14.0> for base_vpc.label...
- base_vpc.label in .terraform/modules/base_vpc.label
Downloading git:<i class="em em-<https"></i>//github.com/cloudposse/terraform-aws-multi-az-subnets.git?ref=master> for private_subnets...
- private_subnets in .terraform/modules/private_subnets
Downloading git:<i class="em em-<https"></i>//github.com/cloudposse/terraform-null-label.git?ref=tags/0.3.0> for private_subnets.private_label...
- private_subnets.private_label in .terraform/modules/private_subnets.private_label
Downloading git:<i class="em em-<https"></i>//github.com/cloudposse/terraform-null-label.git?ref=tags/0.3.0> for private_subnets.public_label...
- private_subnets.public_label in .terraform/modules/private_subnets.public_label
Downloading git:<i class="em em-<https"></i>//github.com/cloudposse/terraform-aws-multi-az-subnets.git?ref=master> for public_subnets...
- public_subnets in .terraform/modules/public_subnets
Downloading git:<i class="em em-<https"></i>//github.com/cloudposse/terraform-null-label.git?ref=tags/0.3.0> for public_subnets.private_label...
- public_subnets.private_label in .terraform/modules/public_subnets.private_label
Downloading git:<i class="em em-<https"></i>//github.com/cloudposse/terraform-null-label.git?ref=tags/0.3.0> for public_subnets.public_label...
- public_subnets.public_label in .terraform/modules/public_subnets.public_label
oscar

Did you do what the error said? It is correct

2019-09-26

guigo2k

@aknysh thanks for updating the EC2 autoscaling module

aknysh

no problem

aknysh

all EKS modules should be done for TF 0.12 today

oscar
03:55:26 PM

The hero we need, but not the hero we deserve.

Big thanks @aknysh

all EKS modules should be done for TF 0.12 today

2
2
1

2019-09-25

Sharanya

Components for secure UI hosting in S3 • S3 — for storing the static site • CloudFront — for serving the static site over SSL • AWS Certificate Manager — for generating the SSL certificates Route53 — for routing the domain name to the correct location Did anyone come across any modules for this in terraform ?

2019-09-24

leonawood

Can you use terraform_remote_state data source as an input attribute for subnet in the cloudposse aws ec2 module?

leonawood

oh wait, I apologize this channel is not for cloudposse modules

2019-09-23

Sharanya

@jetstreamin Thank you so much

1

2019-09-21

jetstreamin

@Sharanya $sourceNugetExe = “https://dist.nuget.org/win-x86-commandline/latest/nuget.exe” $targetNugetExe = “$rootPath\nuget.exe” Invoke-WebRequest $sourceNugetExe -OutFile $targetNugetExe Set-Alias nuget $targetNugetExe -Scope Global -Verbose

jetstreamin

not sure if that’s what you need specifically but that will installed nuget

jetstreamin

If you want to install nuget in powershell as a provider Install-PackageProvider -Name NuGet

1

2019-09-20

Sharanya

Powershell script to - install nuget server ? did anyone write this script

2019-09-18

Alain Deleglise

Hi all

Alain Deleglise

I’m quite new to terraform for aws

Alain Deleglise

I’m currently trying to clean our existing AWS ressources, and I want to use the terraform-aws-iam-s3-user

Alain Deleglise

I’m trying to add a single iam user, and his access to a bucket, for staging and production env

Alain Deleglise

The problem is that the “aws_iam_user_policy.default[0]” created by the staging user will be replaced by the prod user

Alain Deleglise

What am I doing wrong

Alain Deleglise

?

Alain Deleglise
Terraform will perform the following actions:

  # aws_iam_user_policy.default[0] must be replaced
-/+ resource "aws_iam_user_policy" "default" {
      ~ id     = "redacted-staging-bunny-audio:redacted-staging-bunny-audio" -> (known after apply)
      ~ name   = "redacted-staging-bunny-audio" -> "redacted-production-bunny-audio" # forces replacement
Alain Deleglise

I’ve created a tfvars file for each user

Van Johnson

Could you share your tf files?

Alain Deleglise

I warn you

Alain Deleglise

It’s a mess

Alain Deleglise

I have this in the http://main.tf

Alain Deleglise
module "s3_user" {
  source        = "git:<i class="em em-<https"></i>//github.com/cloudposse/terraform-aws-iam-system-user.git?ref=tags/0.6.0>"
  namespace     = var.namespace
  stage         = var.stage
  name          = var.name
  attributes    = var.attributes
  tags          = var.tags
  enabled       = var.enabled
  force_destroy = var.force_destroy
  path          = var.path
}

data "aws_iam_policy_document" "default" {
  count = var.enabled ? 1 : 0

  statement {
    actions   = var.s3_actions
    resources = var.s3_resources
    effect    = "Allow"
  }
}

resource "aws_iam_user_policy" "default" {
  count  = var.enabled ? 1 : 0
  name   = module.s3_user.user_name
  user   = module.s3_user.user_name
  policy = join("", data.aws_iam_policy_document.default.*.json)
}

provider "aws" {
	region = "eu-west-1"
}
Alain Deleglise
Alain Deleglise
resource "aws_s3_bucket" "redacted" {
    bucket = "redacted"
    acl    = "private"
    tags   = {
        nature = "audio"
        projet = "redacted"
    }
}

resource "aws_s3_bucket_public_access_block" "redacted" {
  bucket = "${aws_s3_bucket.redacted.id}"

  block_public_acls   = true
  block_public_policy = true
}
Alain Deleglise

this in the stgbucket.tfvars

Alain Deleglise
#region = "eu-west-1"
namespace = "redacted"
stage = "staging"
name = "bunny-audio"
s3_actions = ["s3:GetObject"]
s3_resources = ["arn<img src="/assets/images/custom_emojis/aws.png" class="em em-aws">s3:::redacted/*"]
Alain Deleglise

And the same for the production one

Van Johnson

Are both <http://main.tf> and stgbucket.* in the same directory?

Alain Deleglise

Yes

Van Johnson

When you say “And the same for the production one” are you saying there is an additional stgbucket.tfvars for production?

Alain Deleglise

There’s a prdbucket.tfvars

Van Johnson

Are they both in the directory when you are running terraform plan/apply?

Alain Deleglise

Yes

Van Johnson

Did you figure this out. My real job got me distracted. I can’t see everything, but you shouldn’t have both var files in the same directory since terraform will read all of them. I have not had a chance to experiment with this.

2019-09-16

2019-09-14

Anyone know why I’m getting this error trying to add my ASG instances to an ALB target group:
Please ensure all provided Target Groups have target type of instance

Not sure if it’s how I have my ASG configured or what… the terraform-aws-alb module hard codes the target group type to ip, but the aws_autoscaling_group resource doesn’t specify anything about target group type. Assuming I’m doing something wrong because this seems like the modules for ALB/ASG would never interoperate correctly.

Changing target_type to instance resolves this error in 0.12

2019-09-13

joshmyers

@Khun Open a PR

joshmyers

Why would you not want versioning on a thing?

so it’s not possible at the current state

2019-09-12

Hi, https://github.com/cloudposse/terraform-aws-kops-chart-repo/blob/master/main.tf#L24 - is this possible to override this so that this bucket won’t have versioning?

cloudposse/terraform-aws-kops-chart-repo

Terraform module to provision an S3 bucket for Helm chart repository, and an IAM role and policy with permissions for Kops nodes to access the bucket - cloudposse/terraform-aws-kops-chart-repo

2019-09-09

2019-09-08

2019-09-07

2019-09-06

antonbabenko

Hi guys! Since we are #terraform-aws-modules channel Shameless plug, https://github.com/terraform-aws-modules/terraform-aws-s3-bucket - this module supports ALL (all I can imagine at least) features provided by Terraform AWS provider. See complete example code - https://github.com/terraform-aws-modules/terraform-aws-s3-bucket/blob/master/examples/complete/main.tf

terraform-aws-modules/terraform-aws-s3-bucket

Terraform module which creates S3 bucket resources on AWS - terraform-aws-modules/terraform-aws-s3-bucket

1

@antonbabenko Excellent module. Is there any way/workaround to have the storage class be non standard by default and/or have a shorter than 30 day transition period?

antonbabenko

Yes, I believe so if it is supported by the AWS provider

I need to look into it, but last I checked, I didn’t think that was possible

antonbabenko

I think I saw something like 30 days minimum, so you are probably right. It is a limit of AWS, not Terraform.

1
rohit

Does anyone know if the terraform-aws-rds module supports serverless mode for postgresql?

aknysh

@rohit what module/repo?

rohit
terraform-aws-modules/terraform-aws-rds-aurora

Terraform module which creates RDS Aurora resources on AWS - terraform-aws-modules/terraform-aws-rds-aurora

aknysh

it should support it I guess since those are just settings

aknysh

take a look for example at a similar CloudPosse module which was deployed for serverless https://github.com/cloudposse/terraform-root-modules/blob/master/aws/grafana-backing-services/aurora-mysql.tf#L139

cloudposse/terraform-root-modules

Example Terraform service catalog of “root module” blueprints for provisioning reference architectures - cloudposse/terraform-root-modules

rohit

@aknysh thanks

rohit

@antonbabenko terraform-aws-rds-aurora module still requires database instance type when using serverless mode. Am i missing anything ?

rohit

I do not see instance type option in RDS console when serverless mode is selected

rohit

@aknysh any ideas on my above question ?

aknysh

for serverless you don’t specify instance type (that’s why it’s serverless). You specify Capacity settings

aknysh
rohit

correct, but when using the terraform-aws-rds it does ask for instance type

rohit

so i am wondering if it is a bug

antonbabenko

instance_class has to be specified, but it is more like a bug in the module, because it was created before serveless became a thing

antonbabenko

PR is welcome

rohit

@antonbabenko thanks. I will submit a PR shortly

Shannon Dunn

would the team accept PRs enabling some of these modules workable in AWS govcloud?

Shannon Dunn

specifically around hardcoded arn formats

aknysh

@Shannon Dunn I think it was your open issue for the EMR module on GitHub

aknysh

Yes, PRs are welcome

2019-09-04

cabrinha

Does this s3 bucket module support CORS rules? https://github.com/cloudposse/terraform-aws-s3-bucket/tree/0.3.1

cloudposse/terraform-aws-s3-bucket

Terraform module that creates an S3 bucket with an optional IAM user for external CI/CD systems - cloudposse/terraform-aws-s3-bucket

cabrinha

I see there is a value for “var.policy” but I’m not sure if I can pass cors rules in there

Robert

It does not:

Robert
cloudposse/terraform-aws-s3-bucket

Terraform module that creates an S3 bucket with an optional IAM user for external CI/CD systems - cloudposse/terraform-aws-s3-bucket

Robert

But I am sure that you could put in a PR to make it so that it does.

Robert

@cabrinha

Robert

You might have to do some count magic though with two bucket resources in the module since that is a resource block and not a map.

Robert

Erik Osterman

@cabrinha you might prefer our s3 website module if you want to work with websites

Erik Osterman

The bucket module we have now is more for private buckets

cabrinha

Ah thanks

2019-08-29

Robert
07:19:31 PM

@Robert has joined the channel

2019-08-28

Ah, realized the issue was the source for terraform-null-label needed to be updated. I’m not sure if CP is planning to maintain backwards compatibility with 0.11 but I upgraded the module to 0.12 and opened a PR. If backwards compatibility is needed, feel free to point out (or to a reference upgrade) how that might be accomplished and I’d be happy to revise the PR. I am implementing a green field project so I’m starting with 0.12.

https://github.com/cloudposse/terraform-aws-named-subnets/pull/15

Sharanya

Did anyone Come across NPM memory Issues ?

2019-08-27

Bertie

hi, i want to create an aws_iam_role and aws_iam_policy resources and link them with an aws_iam_role_policy_attachment, which module would be best suited for this? does terraform-aws-iam-role do the job, looks like the policies are defined as json docs using data, does this create the aws_iam_policy? or does it achieve the same result?

Bertie

sorry, just looked at <http://main.tf> yes

Using the terraform-aws-named-subnets (tag 0.3.4) module, I get errors with Terraform 0.12. Anyone know off the top if this is a bug or if it’s a 0.12 incompatibility? I’m creating private subnets for resources that don’t need a public subnet or NAT’ing.

Error: Missing resource instance key

  on .terraform/modules/data_private_subnets_us_west-2b.public_label/outputs.tf line 29, in output "tags":
  29:         "Stage", "${null_resource.default.triggers.stage}"

Because null_resource.default has "count" set, its attributes must be accessed
on specific instances.

For example, to correlate with indices of a referring resource, use:
    null_resource.default[count.index]
aknysh

the module is not converted to 0.12 yet, but 0.12 is very complaining about accessing resources with count as a single value

aknysh

try this

aknysh
"Stage", "${join("", null_resource.default.triggers.*.stage)}"

Thanks Aknysh. I’ll fork it and play around, see if I can resolve it and open a PR. Completely new to Terraform so the interpolation mechanics + 0.11/0.12 changes are pretty much Greek to me

2019-08-23

Sharanya

The variable “lambda_settings” is required, so Terraform cannot proceed without a defined value for it.

[10:50 PM] anyone came across this issues

2019-08-16

There’s an import option, but I think that also depends on the resource https://www.terraform.io/docs/import/ .

Import - Terraform by HashiCorp

Terraform is able to import existing infrastructure. This allows you take resources you’ve created by some other means and bring it under Terraform management.

2019-08-15

I have an existing aws ecs cluster (made by hand) and would like to update it by using terraform. Is there any documentation for updating existing aws services (alb, ecr, ecs)?

2019-08-14

Erik Osterman

The hashicorp registry is a free for all. Anyone can publish modules there working or not. =/

Erik Osterman

However, the registry has been awesome at bringing awareness to modules!

Erik Osterman

we attribute a lot of our growth to this.

2019-08-13

Blaise Pabon

Does anyone else find it strange that https://registry.terraform.io/ rarely work without having to debug intermediate files? I never have them work the first time and sometimes find examples that could have never run at all.

Blaise Pabon

(AWS and GCP, that is. I have not worked with the other platforms.)

Blaise Pabon

Kudos to this guy for at least thinking about testing: https://github.com/npalm/terraform-aws-gitlab-runner/issues/81

Creating tests to verify deployment · Issue #81 · npalm/terraform-aws-gitlab-runner

Create a test set for example with Terraform Kitchen sink / terratest to verify a deployment

Blaise Pabon

@antonbabenko’s stuff is a notable exception also. Why can’t more people be like him?

1
aknysh

@Blaise Pabon we at CloudPosse are trying to be like him as well

aknysh

for each module we convert to TF 0.12, we are adding tests with bats and terratests

aknysh

and we actually deploy it to the test AWS account on each PR using Codefresh pipelines

aknysh
cloudposse/terraform-aws-cloudtrail-s3-bucket

S3 bucket with built in IAM policy to allow CloudTrail logs - cloudposse/terraform-aws-cloudtrail-s3-bucket

aknysh
cloudposse/terraform-aws-cloudtrail-s3-bucket

S3 bucket with built in IAM policy to allow CloudTrail logs - cloudposse/terraform-aws-cloudtrail-s3-bucket

Blaise Pabon

Yes, I wasn’t trying to fault the community as much as expect that Hashi could do something to have a quality gate of some sort.

aknysh
cloudposse/terraform-aws-cloudtrail-s3-bucket

S3 bucket with built in IAM policy to allow CloudTrail logs - cloudposse/terraform-aws-cloudtrail-s3-bucket

Blaise Pabon

and I know from talking to @Erik Osterman that you guys try to use bats and terratest where possible.

aknysh

in all modules

aknysh
cloudposse/terraform-aws-rds-cluster

Terraform module to provision an RDS Aurora cluster for MySQL or Postgres - cloudposse/terraform-aws-rds-cluster

aknysh
cloudposse/terraform-aws-rds-cluster

Terraform module to provision an RDS Aurora cluster for MySQL or Postgres - cloudposse/terraform-aws-rds-cluster

aknysh
cloudposse/terraform-aws-rds-cluster

Terraform module to provision an RDS Aurora cluster for MySQL or Postgres - cloudposse/terraform-aws-rds-cluster

Blaise Pabon

OK. well, I think we can all agree that the Cloud Posse is Awesome … I was just wondering why does Hashicorp registry code quality control suck so badly? when they have sooo much money and they own most of the stack. It’s not like they are hosting legacy NetBSD drivers….

2019-08-12

Vitaliy Lobachev

Hello! I want to share with you resource:for_each and dynamicfor_each construction for terraform 12.6 and AWS S3. Hope this helps you work with large arrays of resources. https://github.com/devops-best-practices/terraform-best-practice/blob/master/s3.tf

devops-best-practices/terraform-best-practice

Contribute to devops-best-practices/terraform-best-practice development by creating an account on GitHub.

Sharanya

Hey people, looking for terraform template on vpc peering ( syntax 0.12) any help plz

2019-08-06

mmarseglia

@Erik Osterman cloudposse module. trying https://github.com/cloudposse/terraform-aws-ecr.git?ref=0.6.1 with a basic configuration

module "ecr" {
  source = "git:<i class="em em-<https"></i>//github.com/cloudposse/terraform-aws-ecr.git?ref=0.6.1>"

  name                   = "${var.app_name}"
  namespace              = "${var.app_name}"
  stage                  = "prod"
}

but it keeps coming up with that policy error. i thought the policy was optional from the module description?

cloudposse/terraform-aws-ecr

Terraform Module to manage Docker Container Registries on AWS ECR - cloudposse/terraform-aws-ecr

aknysh

@mmarseglia let’s move to #terraform

mmarseglia

sure!

Erik Osterman
01:23:30 AM

@Erik Osterman set the channel topic: https://github.com/terraform-aws-modules/ (not cloudposse modules)

2019-08-05

Erik Osterman

@mmarseglia cloudposse module or https://github.com/terraform-aws-modules/ module?

Terraform AWS modules

Collection of Terraform AWS modules supported by the community - Terraform AWS modules

2019-08-02

mmarseglia

i’m using v0.6.1. of the ecr module and get the following error aws_ecr_repository_policy.default: InvalidParameterException: Invalid parameter at 'PolicyText' failed to satisfy constraint: 'Invalid repository policy provided' i did some searching and it looks like there was a condition where the IAM policy state wasn’t consistent but I thought that was fixed in the terraform aws provider.

2019-08-01

2019-07-31

2019-07-30

Blaise Pabon

So I’m thinking of installing a private gitlab …. and before I cobble together these modules to reproduce their reference config (see diag below), I wanted to check here to make sure there wasn’t a better way:

Blaise Pabon
Architecture Overview of GitLab on AWS

This is Part 1 of the Comprehensive Guide to Running GitLab on AWS. In the intro post to this series, we discussed why Alchemy uses GitLab…

Would need export for old gitlab installation and import for such a new environment.

Architecture Overview of GitLab on AWS

This is Part 1 of the Comprehensive Guide to Running GitLab on AWS. In the intro post to this series, we discussed why Alchemy uses GitLab…

Blaise Pabon

In this case, I have no existing gitllab, so the whole installation would be new.

2019-07-29

mmarseglia

does anyone know what the aws elasticbeanstalk config option CONFIG_SOURCE is for? I can’t find any aws documentation on it. https://github.com/cloudposse/terraform-aws-elastic-beanstalk-environment/blob/01d405201c192ee1948ea97bff6742140b1cfbba/main.tf#L707

cloudposse/terraform-aws-elastic-beanstalk-environment

Terraform module to provision an AWS Elastic Beanstalk Environment - cloudposse/terraform-aws-elastic-beanstalk-environment

Sharanya

Hey Folks, Trying to find some Terraform Modules related to AWS - app stream service ( for creating fleets and stacks) any help appreciated

2019-07-22

2019-07-20

2019-07-19

Bertie

what’s the recommended pattern for dealing with security groups for ec2 instances? should i create them in their own plan?

cabrinha

Why not create them along with the instance(s)? There is a good module on the registry for security groups

Bertie

hey, thanks, i found it and used it. very good module indeed, aims to implement all features… nice!

Joshua Hansen

question and it may be because i’m new to tf, but using https://github.com/cloudposse/terraform-aws-rds/releases 0.9.0 - copying and pasting the example as-is i’d expect tf plan to more or less work as-is knowing i obviously need to assign the sg’s and subnets. but i’m getting more than that (attached in thread).

cloudposse/terraform-aws-rds

Terraform module to provision AWS RDS instances. Contribute to cloudposse/terraform-aws-rds development by creating an account on GitHub.

Joshua Hansen
cloudposse/terraform-aws-rds

Terraform module to provision AWS RDS instances. Contribute to cloudposse/terraform-aws-rds development by creating an account on GitHub.

Joshua Hansen
$ tf version
Terraform v0.12.5
Joshua Hansen

any pointers accepted while i continue to debug here.

Joshua Hansen
Is there a terraform 0.12 compatible version ? · Issue #111 · terraform-aws-modules/terraform-aws-rds

Hello, The module is not compatible with terraform 0.12-beta-1 Is anyone working on this? If not would you be interested in making a branch ? I think it only needs some minor syntax tweaks. e.g. Er…

aknysh

We are converting the module to TF 0.12 now

aknysh

Should be done in 1-2 days

aknysh

The current module doesn’t work with 0.11

aknysh

0.12 sorry

Joshua Hansen

thanks for the response! will hold tight - thank-you

2019-07-16

joshmyers
cloudposse/terraform-aws-tfstate-backend

Terraform module that provision an S3 bucket to store the terraform.tfstate file and a DynamoDB table to lock the state file to prevent concurrent modifications and state corruption. - cloudposse…

joshmyers

Looks like it should do the right thing….but I noticed no versioning on the state bucket

joshmyers
02:35:47 PM
joshmyers

from statefile ^^

joshmyers

Manually flipped the versioning flag on the bucket, re ran a plan, no-op

Erik Osterman

0.12 or 0.11?

joshmyers

0.11, using the 0.11 release of the module (0.7.0)

joshmyers

https://github.com/terraform-providers/terraform-provider-aws/issues/8051 sounds like what I’m seeing, in terms of TF not wanting to change it back at least

Manual change made to S3 is ignored by terraform · Issue #8051 · terraform-providers/terraform-provider-aws

Terraform Version Terraform v0.11.11 provider.aws v1.59.0 Affected Resource(s) aws_s3_bucket.s3 Expected Behavior When someone makes a manual change to S3 resource by enabling versioning, I expect …

joshmyers

Not sure why it was never set though..

joshmyers

While I remember, can we get a new release of https://github.com/cloudposse/terraform-aws-iam-account-settings/releases cut?

cloudposse/terraform-aws-iam-account-settings

Terraform module to provision general IAM account settings - cloudposse/terraform-aws-iam-account-settings

2019-07-15

rohit

any ideas about my above question ?

2019-07-14

rohit

Is there a way i can set a flag to enable/disable cross region replication using terraform-aws-modules/rds/aws moudle ? I do not want to enable replication in non production region but want it in production

rohit

Is anyone aware of how to do this ?

2019-07-10

Bruce Dominguez

Another one, I got module terraform-aws-cloudfront-s3-cdn working by creating the acm and parent zone prior to using the module. Just a quick question. Do I need to create an Alias record to now point to the created CDN?

aknysh

CDN itself uses http://cloudfront.net domain

aknysh

To access the site from your domain, you need to create an alias record

Bruce Dominguez

Thanks @aknysh so I need to create an alias record http://X.mycompany.com to point to the cf_domain_name output (http://xxx.cloudfront.net).

Bruce Dominguez

Thanks for the help

Bruce Dominguez

Also is there a good fargate module?

Bruce Dominguez

Is it best to create an ECS Fargate resource then use the modules for terraform-aws-ecs-container-definitionand terraform-aws-ecs-alb-service-task? or is there a simpler way to provision an Fargate cluster for a simple app?

aknysh

@Bruce Dominguez we have a complete working example here https://github.com/cloudposse/terraform-root-modules/tree/master/aws/ecs

cloudposse/terraform-root-modules

Example Terraform service catalog of “root module” blueprints for provisioning reference architectures - cloudposse/terraform-root-modules

2
aknysh

we use it to deploy atlantis on ECS Fargate

aknysh
cloudposse/terraform-aws-ecs-atlantis

Terraform module for deploying Atlantis as an ECS Task - cloudposse/terraform-aws-ecs-atlantis

cloudposse/terraform-aws-ecs-web-app

Terraform module that implements a web app on ECS and supports autoscaling, CI/CD, monitoring, ALB integration, and much more. - cloudposse/terraform-aws-ecs-web-app

Bruce Dominguez

Thanks @aknysh

2019-07-09

Bruce Dominguez

Hi guys I am running into an issue with the module terraform-aws-cloudfront-s3-cdn. I am looking to create a S3 website backed by Cloudfront. As part of the same code I am creating:

  • Route53 public hosted domain
  • Cloudflare NS records
  • ACM cert validated by dns All of the above works perfectly but when I add the terraform-aws-cloudfront-s3-cdn I get
    Error: Reference to undeclared resource
    
    on .terraform/modules/cloudfront_s3_cdn.dns/main.tf line 5, in data "aws_route53_zone" "default":
     5:   depends_on = [aws_route53_zone.this] 
    
Bruce Dominguez

Any ideas? Do I need to create the Route53 resources first before running this module?

aknysh

@Bruce Dominguez if terraform says undeclared resources, then check if you have those resources in the code

aknysh

to create an S3 website with CloudFront CDN, this might help https://sweetops.slack.com/archives/CB6GHNLG0/p1562177967452800

Hi guys, what is the best way to have an S3 bucket in website mode backed by a CDN ? It seems like <https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn> does not support website mode and <https://github.com/cloudposse/terraform-aws-cloudfront-cdn> does not handle S3 origins

Milos Backonja

Guys do you have idea whats wrong with subnet module which calls label?

Error: Missing resource instance key

  on .terraform/modules/private_subnets.private_label/outputs.tf line 2, in output "id":
   2:   value = "${null_resource.default.triggers.id}"

Because null_resource.default has "count" set, its attributes must be accessed
on specific instances.

For example, to correlate with indices of a referring resource, use:
    null_resource.default[count.index]

Milos Backonja

i see what the error is but is it updated to work with 12>?

Erik Osterman

@aknysh

aknysh

@Milos Backonja what module are you using? (and what terraform version?)

aknysh

if you are using https://github.com/cloudposse/terraform-aws-dynamic-subnets, it’s updated to TF 0.12

cloudposse/terraform-aws-dynamic-subnets

Terraform module for public and private subnets provisioning in existing VPC - cloudposse/terraform-aws-dynamic-subnets

aknysh
cloudposse/terraform-aws-dynamic-subnets

Terraform module for public and private subnets provisioning in existing VPC - cloudposse/terraform-aws-dynamic-subnets

Milos Backonja

Thanks @aknysh. I tried before I post message with dynamic sub-nets module and that one is working. I have issue with named subnets and multi-az subnets modules. I set terraform-null-label to version 0.14.0 (which is used in dynamic subnets module) and was able to eliminate errors regarding count , but I started to see new errors. I use terraform 0.12.x

aknysh

Those are not converted to 0.12 yet

aknysh

Only dynamic subnets

Bruce Dominguez

Thanks @aknysh I will check out the example.

2019-07-08

2019-07-03

bitflight-public/terraform-aws-ecs-cluster

An autoscaling EC2 cluster that can be a mixture of on demand and spot instances, or fargate - bitflight-public/terraform-aws-ecs-cluster

1
Blaise Pabon

thanks @, I think this might actually be more useful to me than the Airship module!

bitflight-public/terraform-aws-ecs-cluster

An autoscaling EC2 cluster that can be a mixture of on demand and spot instances, or fargate - bitflight-public/terraform-aws-ecs-cluster

1

Haha. It deviates a little from @ version to fit a project requirement I had. But I still use it since I like having spot instances built in

1
Blaise Pabon

oh, where it says: variable "key_name" {} do you mean the name of the .pem file on my station?

1

@Blaise Pabon it means the name of the aws key you want to use. You either type in an existing one. Or generate a new key and provide that name.

1

2019-07-02

In the cloudposse repos, how is the terraform.md file generated in the docs folder on the repos? Some Automated script that pulls from the http://variables.tf?

aknysh

@ hi

aknysh

this channel is not for Cloud Posse repos, it’s for https://github.com/terraform-aws-modules/

Terraform AWS modules

Collection of Terraform AWS modules supported by the community - Terraform AWS modules

aknysh

but to answer your question, we run the following commands:

aknysh
make init
make readme/deps
make readme

Ah ok, sorry about that. Thanks I’ll take a look at that.

aknysh
cloudposse/build-harness

Collection of Makefiles to facilitate building Golang projects, Dockerfiles, Helm charts, and more - cloudposse/build-harness

aknysh

build-harness gets included in the repo’s Makefile, e.g. https://github.com/cloudposse/terraform-aws-key-pair/blob/master/Makefile#L6

cloudposse/terraform-aws-key-pair

Terraform Module to Automatically Generate SSH Key Pairs (Public/Private Keys) - cloudposse/terraform-aws-key-pair

cabrinha

is there a module for an ASG with a mixed instances policy?

2019-06-24

Phu Bar

Hi guys, I’m having trouble accessing the kibana web interface via a browser after running the terraform module.

I’m connect to a VPN and allowed the VPN cidr block to access the es cluster yet when I hit the kibana link, I get {"Message"<i class="em em-"User"></i> anonymous is not authorized to perform: es:ESHttpGet"}.

I tried adding the cidr block to the access policy but I get UpdateElasticsearchDomainConfig: {"message":"You can’t attach an IP-based policy to a domain that has a VPC endpoint. Instead, use a security group to control IP-based access."}

I can use the domain template to not require signing request with iam credential, which does allow me to access kibana but this is not my ideal way to set it up.

2019-06-21

cabrinha

Looks like I’m having some issue with the EKS module https://registry.terraform.io/modules/terraform-aws-modules/eks/aws/4.0.2

cabrinha

kubectl get svc

cabrinha
NAME                  TYPE        CLUSTER-IP      EXTERNAL-IP   PORT(S)    AGE
exiled-marmot-mysql   ClusterIP   172.20.29.176   <none>        3306/TCP   2d
kubernetes            ClusterIP   172.20.0.1      <none>        443/TCP    3d
cabrinha

is there no way to get VPC IPs now?

cabrinha

hm, maybe its just the subnet tagging that I was missing

cabrinha
Tutorial: Creating a VPC with Public and Private Subnets for Your Amazon EKS Cluster - Amazon EKS

This tutorial guides you through creating a VPC with two public subnets and two private subnets, which are provided with internet access through a NAT gateway. You can use this VPC for your Amazon EKS cluster. We recommend a network architecture that uses private subnets for your worker nodes, and public subnets for Kubernetes to create public load balancers within.

@cabrinha the latest version of the dynamic subnet module handles the public private subnet tagging correctly.

cabrinha

nice thanks

cabrinha

are there tags needed?

cabrinha

never saw any docs on that

It depends. Many of the kubernetes services that need to access and discover aws resources require that those resources are tagged in a way that relates to the kubernetes cluster

The dynamic subnets module allows you to specify a tag and a value

Erik Osterman

i preferred the dynamic sinners module myself

aknysh

https://github.com/cloudposse/terraform-aws-dynamic-subnets was converted to TF 0.12, real tests added (using bats and terratest), the tests create real resources in AWS and check them

cloudposse/terraform-aws-dynamic-subnets

Terraform module for public and private subnets provisioning in existing VPC - cloudposse/terraform-aws-dynamic-subnets

aknysh

@cabrinha regarding what @ said, there are two variables https://github.com/cloudposse/terraform-aws-dynamic-subnets/blob/master/variables.tf#L1 and https://github.com/cloudposse/terraform-aws-dynamic-subnets/blob/master/variables.tf#L7 which you can use to implement any type of tagging for the subnets

cloudposse/terraform-aws-dynamic-subnets

Terraform module for public and private subnets provisioning in existing VPC - cloudposse/terraform-aws-dynamic-subnets

cloudposse/terraform-aws-dynamic-subnets

Terraform module for public and private subnets provisioning in existing VPC - cloudposse/terraform-aws-dynamic-subnets

cabrinha

yeah we’re just starting to get into EKS now, most of our AppMesh stack is for use in ECS

2019-06-19

@Callum Robertson this channel will help you.

Blaise Pabon

yes @Callum Robertson, the light side of the force is strong in this channel.

Callum Robertson
02:12:45 PM

@Callum Robertson has joined the channel

2019-06-18

@cabrinha this app mesh module’s example is getting bigger than the actual module

cabrinha

lel

cabrinha

yeah thats expected when you’re making on ECS cluster, VPC and all that

I have a few things still to do today:

  • Complete the codepipeline build and deploy to ecr from s3 source
  • Complete the task wrapper
  • Complete the IAM roles required for running the tasks
  • Complete the ECS Service Update pipeline
1

2019-06-14

Blaise Pabon

(I think I will need to watch a video or adjust my meds, because I didn’t understand that announcement…)

Blaise Pabon

(oh, boy, I just noticed the video is from AWS Summit Anaheim and I was at that show …I guess I must not have been paying attention.

2019-06-12

cabrinha
bitflight-public/terraform-aws-app-mesh

Terraform module for creating the app mesh resources - bitflight-public/terraform-aws-app-mesh

Erik Osterman

@

08:43:31 PM

@ has joined the channel

Erik Osterman

@cabrinha meet @

cabrinha

cabrinha

hello

cabrinha

let me know if you need any help on the app mesh module, it looks great so far

@cabrinha when did you need it by? I am starting by making an mvp using terraform 0.12, and I’m not going to include all of the node features like logging and health checks at the start

cabrinha

i’d like to use terraform 0.11

cabrinha

and need? well the sooner the better

So once the mvp is done, you can do pr’s to add in other features and such

cabrinha

Error downloading modules: Error loading modules: module virtual_router_label: duplicated. module names must be unique

cabrinha

this is the error I get as it sits now

Lol. Yeah it’s not ready yet I’ve only been writing it for about 3.5 hours

Erik Osterman

(that means Jamie will have a few PRs open in ~30m)

It’s 7pm for me and I was about to have a beer. I am gonna keep going tomorrow:)

cabrinha

Erik Osterman

cabrinha

Btw @cabrinha are you using an existing module to create your services and ecs cluster?

Like airship?

Erik Osterman
cabrinha

nope, we use our own in-house module

Ok. So to make app mesh work the task definitions have to have an extra two sidecar containers running in them

cabrinha

sure, envoy and xray

Yeah.

cabrinha

thats easy, i’ve got my task-definition sorted out already

So what I’ll do it create a template wrapper for generating the task def

That adds the sidecars as well

So you can pass in your container def, and ports, and app mesh name, and it outputs the full task def

With the ports, proxy, and labels in place

cabrinha

hm ok that sounds cool

I’ll need to make it for when I do the example anyway

Anyway, I’ll update it further tomorrow

cabrinha

2019-06-11

cabrinha

anyone have an AWS AppMesh terraform module they’re working on?

Steven

Not yet. Will probably be on my project list next month

2019-06-06

Has anyone tested provisioner during terraform destroy? Destroy-Time Provisioners <https://www.terraform.io/docs/provisioners/index.html>

We are currently testing it and destroy handle doesn’t seem to pick up…. If someone has tested, please advise?

Mike Nock

Hey guys, using this module: https://github.com/cloudposse/terraform-aws-s3-log-storage?ref=master and running into an issue where the ALBs I’m creating don’t have access to the bucket. Is that an attribute input I need to set?

cloudposse/terraform-aws-s3-log-storage

This module creates an S3 bucket suitable for receiving logs from other AWS services such as S3, CloudFront, and CloudTrail - cloudposse/terraform-aws-s3-log-storage

Erik Osterman
Terraform AWS modules

Collection of Terraform AWS modules supported by the community - Terraform AWS modules

Mike Nock

Ah my apologies. I’ll use terraform channel

Erik Osterman

thx!

2019-06-05

Mike Nock

That’s a pretty nice module. Is there a way to output the ALB DNS name for R53 records?

David Latham

Woah! just hit my first v0.12 compatibility gotcha. We have extensive use of the null-label module and are running v.11. So this hit us… https://github.com/cloudposse/terraform-null-label/commit/e2b880b2bad3cd8ceaa87c56176c15d92e28775d Anyway - a quick sed -i "s/.../.../" solved it.

Terraform 0.12 support (#63) · cloudposse/[email protected]
  • Terraform 0.12 support * add tests scenario * Update README
Erik Osterman

@David Latham please make sure you never pin to master in any of your infrastructure code

Erik Osterman

(it’s not possible to maintain backwards compatibility between releases and pinning to a release is the only way to ensure stability in a global ecosystem of terraform modules)

1
Erik Osterman
cloudposse/terraform-null-label

Terraform Module to define a consistent naming convention by (namespace, stage, name, [attributes]) - cloudposse/terraform-null-label

antonbabenko

I like the minimalistic usage of terratest there.

cloudposse/terraform-null-label

Terraform Module to define a consistent naming convention by (namespace, stage, name, [attributes]) - cloudposse/terraform-null-label

Erik Osterman

use 0.11.1 or earlier

David Latham

yup - I guess I would need to thank our consultant for that. Luckily it’s not pinned to master everywhere - just this one project and a simple enough PR to fix.

really really stupid question but I’m so lost: i’m trying to provision a cross-region rds replica but I can’t figure out how to create KMS keys for two different regions (us-east-2 for the source db and us-west-2 for the replica db). Do I resource two aws_kms_key and specify the region somehow?

Erik Osterman

@ian are you using one of these modules: https://github.com/terraform-aws-modules/

Terraform AWS modules

Collection of Terraform AWS modules supported by the community - Terraform AWS modules

no a senior dev has rolled his own setup but it’s similar to those modules and I can use them as a reference

2019-06-04

johncblandii
cloudposse/terraform-aws-ecs-alb-service-task

Terraform module which implements an ECS service which exposes a web service via ALB. - cloudposse/terraform-aws-ecs-alb-service-task

1

2019-06-02

Mike Nock

Hey all, does anyone have some recommendations on a terraform module setup for an ecs fargate cluster setup? It needs to support 4 services per cluster, alb, possible nginx side car container integration. Thoughts? I had one working for a while, but the tags broke.

Steven

I’m in the process of upgrading mine for fargate support. Need to finish it this week. Have too many things that need it

Mike Nock

There was an awesome module by azavea but the tags broke on it for TFE, so I gotta find a new module. The last one was perfect, created the ALB, the ECS cluster, multiple services.

Mike Nock

autoscaling policies, etc. Preferably I could find another one like it, but if I have to use multiple, oh well. What are you using in your setup?

Steven

Mine handles ECS service on ECS2, alb, , tags, and things. It is for a service. So, you can create as many services as needed. Both container and task definitions can be overridden for more complex setups (like sidecars, proxies). Partial fargate support is there. But not awsvpc networking yet

Steven
appzen-oss/terraform-aws-ecs-service

Contribute to appzen-oss/terraform-aws-ecs-service development by creating an account on GitHub.

Steven

Also, this conversation should be in #terraform

2019-04-24

Roger Gomez

Hi, is there any option on terraform-aws-cloudtrail to configure a trail for an organization?

Roger Gomez

For all member accounts of that organization, the option is_organization_trail on the aws_cloudtrail

aknysh

@Roger Gomez https://github.com/cloudposse/terraform-aws-cloudtrail was created before AWS added CloudTrail for organizations

cloudposse/terraform-aws-cloudtrail

Terraform module to provision an AWS CloudTrail and an encrypted S3 bucket with versioning to store CloudTrail logs - cloudposse/terraform-aws-cloudtrail

aknysh

you can open a PR to add is_organization_trail

Roger Gomez

ok, I will do that, thanks, working on it now

aknysh

let’s move to #terraform , this channel is for https://github.com/terraform-aws-modules/

Terraform AWS modules

Collection of Terraform AWS modules supported by the community - Terraform AWS modules

2019-04-10

cabrinha

BUT

cabrinha

I still would like complete control over the DNS name that gets created. Why not offer that to users of the module and if nothing is set, it’ll use the defaults currently in place?

cabrinha

I feel like there should just be simple way to override the naming of these things.

cabrinha

From looking at the code, it’s kind of hard to tell how the DNS CNAME is going to come out the other end.

cabrinha

@Erik Osterman @aknysh what do you think? https://github.com/cloudposse/terraform-aws-efs/pull/25

add dns_name variable to allow control of CNAME by cabrinha · Pull Request #25 · cloudposse/terraform-aws-efs

The creation of the EFS volume&#39;s CNAME is currently out of user&#39;s control. This change proposes the option to allow users to set their own DNS name for the volume. If no name is set, fallba…

cabrinha

If you guys want me to update the docs and stuff like that just lmk if we can move this forward.

aknysh

@cabrinha thanks, reviewed the PR

cabrinha

Updated

1
cabrinha

SO nice to be able to get an option added to this module within the cours of a couple hours!

aknysh

next time, let’s do it in #terraform

aknysh
Terraform AWS modules

Collection of Terraform AWS modules supported by the community - Terraform AWS modules

cabrinha

will do

2019-04-09

cabrinha

I feel like we should be able to override certain tags/names

cabrinha

like namespace – this means nothing to me or my org

cabrinha

but it turns out the name of the DNS record created is affected by this and I have no control over that DNS name

Erik Osterman

in the end, the cloudposse modules are designed to be internally consistent

1
Erik Osterman

due to limitations of the HCL language, we cannot easily accommodate the differences in naming conventions

Erik Osterman

(for example, environment vs stage)

Erik Osterman

this is quite opinionated, but is the only way we’ve been able to manage writing 140+ terraform modules that work relatively well together

aknysh

why not use the established convention namespace-stage-name? what’s wrong with using `namespace? It could be your org name or abbreviation, or just something else specific to your use-case

cabrinha

i feel like it could be easy to override the tags or leave them out

Erik Osterman

(nothing is easy when the change means percolating it out to 140 repositories = 140+ pull requests)

aknysh

so the main reason of doing that is to have consistent and globally unique names for ALL AWS resources

aknysh

especially for global resources like S3 buckets

aknysh

where you can easily have naming conflicts

aknysh

so by using everything consistently, we usually eliminate the possibilities of conflicts (on global resources as well)

aknysh

when you automate everything, naming global AWS resources is difficult

cabrinha

cabrinha

thats fine and makes sense

cabrinha

i guess i can still add my own additional tags

aknysh

so why not use the same patterns to name ALL resources? it’s easy to automate w/o thinking about it

cabrinha

i just dont like that this EFS module created a DNS record prefixed with eg-

cabrinha

eg-$my_env-$my_name-efs.$my_domain

Erik Osterman

so that’s a great name however, a CNAME to your service discovery domain would be even nicer

Erik Osterman

the e.g. is for “Example given”

Erik Osterman

we default to that ugly prefix so users change it

cabrinha

i’d love to have service discovery here, we’re working on that

cabrinha

yeah so … changing it…

cabrinha

why can i change but not omit?

cabrinha

i just want $my_env-$my_name-efs.$my_domain as the cname

Erik Osterman

I think in current versions of terraform-null-label we don’t enforce the namespace, however, it’s not been percolated out

cabrinha

perhaps i could open a PR

Erik Osterman

that said, from a consistency perspective, i don’t like it since it leads to inconsistency and while that works in smaller infrastructures it falls apart at scale.

cabrinha

a naming convention is a naming convention … as long as it’s consistent, it can be xyz-efs.$my_domain – users should be able to create their own conventions

cabrinha
cloudposse/terraform-null-label

Terraform Module to define a consistent naming convention by (namespace, stage, name, [attributes]) - cloudposse/terraform-null-label

cabrinha

not sure if this is where i’m supposed to be looking

cabrinha
Update terraform-null-label module to latest by cabrinha · Pull Request #24 · cloudposse/terraform-aws-efs

I’d like to update the terraform-null-label version in order to be able to omit the “namespace” parameter.

cabrinha

I’m not sure I’m understanding how all these modules are chained together, but I think it’s understood what I’m trying to do.

cabrinha

actually, by setting namespace to an empty string, it works!

2019-04-08

cabrinha

anyone ever use this module? https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/v2.16.0

in the readme example, they’re passing in a VPC ID as a CIDR block for a security group rule

module "db_computed_merged_sg" {
  # omitted for brevity

  computed_ingress_cidr_blocks = ["10.10.0.0/16", "${data.aws_security_group.default.id}", "${module.vpc.vpc_id}"]
  number_of_computed_ingress_cidr_blocks = 3
}

but I’m having some issue doing the same

terraform-aws-modules/terraform-aws-security-group

Terraform module which creates EC2-VPC security groups on AWS - terraform-aws-modules/terraform-aws-security-group

aknysh

@cabrinha just briefly looking at the code above (I did not use the module), looks like both "${data.aws_security_group.default.id}", "${module.vpc.vpc_id}" do not return CIDR blocks - they return IDs

cabrinha

exactly, so im wondering if its supposed to be possible to pass in a VPC ID into the module

cabrinha

maybe i should just open an issue asking that question

Noah Kernis

Hi all, I have a question about this module (let me know if I am asking in the wrong channel!) https://github.com/cloudposse/terraform-aws-ecs-web-app?ref=tags/0.5.0 . Is there a way to create a task definition with multiple images defined? It seems possible via this module - https://github.com/cloudposse/terraform-aws-ecs-container-definition/blob/master/examples/multiple_definitions/main.tf - but this is being used by the terraform-aws-ecs-web-app and I believe I can’t pass directly to it. Thank you for any and all help?

cloudposse/terraform-aws-ecs-web-app

Terraform module that implements a web app on ECS and supports autoscaling, CI/CD, monitoring, ALB integration, and much more. - cloudposse/terraform-aws-ecs-web-app

cloudposse/terraform-aws-ecs-container-definition

Terraform module to generate well-formed JSON documents (container definitions) that are passed to the aws_ecs_task_definition Terraform resource - cloudposse/terraform-aws-ecs-container-definition

aknysh

hi @Noah Kernis let’s move to #terraform

Noah Kernis

@aknysh moving there

2019-04-07

Erik Osterman

Hey @Edd this channel is for https://github.com/terraform-aws-modules/

Terraform AWS modules

Collection of Terraform AWS modules supported by the community - Terraform AWS modules

Erik Osterman

maybe try #terraform

2019-04-04

Hey folks, I’m trying to use this module - https://registry.terraform.io/modules/cloudposse/cloudfront-s3-cdn/aws/0.7.0 - and am encountering a CORS error when Terraform is setting up the S3 bucket

* module.cloudfront-s3-cdn.aws_s3_bucket.origin: 1 error(s) occurred:

* aws_s3_bucket.origin: Error putting S3 CORS: MalformedXML: The XML you provided was not well-formed or did not validate against our published schema
        status code: 400, request id: B49313C1B360E967, host id: 9CNDQqYA3/F0FAXlsFPIYVhAAJZoYiYQrBo/sZ1K8ZohYGgSNNJVYL3FOCDUB0fCs+wq4JftevE=

2019-04-03

@antonbabenko Is there a way to add custom providers to terraform-aws-atlantis without making a new atlantis image?

antonbabenko

Do you mean terraform providers which you can use in your terraform configs?

antonbabenko

You can call custom command/script (https://www.runatlantis.io/docs/custom-workflows.html#custom-init-plan-apply-commands) which will download providers before running terraform plan

Custom Workflows | Atlantis

Atlantis: Terraform Pull Request Automation

antonbabenko

but I think embedding them into an image is good option if you are not going to change them very often.

I thought of that, but concluded it’s too hacky.. haha

antonbabenko

agree

Thank you

1

2019-04-02

antonbabenko

Open an issue in that repo and maybe someone will be able to help with EKS module.

1
Pablo Costa

Try to update the aws provider: “terraform init -upgrade” because endpoint private access is a recent feature

2

2019-04-01

Mike Nock

Morning all. Sorry if this is the wrong channel but: Would anyone happen to know if this module can be used to dynamically create 255 /24 subnets? https://github.com/cloudposse/terraform-aws-dynamic-subnets/

cloudposse/terraform-aws-dynamic-subnets

Terraform module for public and private subnets provisioning in existing VPC - cloudposse/terraform-aws-dynamic-subnets

Erik Osterman

better to use #terraform since this channel is for https://github.com/terraform-aws-modules/

Terraform AWS modules

Collection of Terraform AWS modules supported by the community - Terraform AWS modules

Mike Nock

Ah, gotcha. Thanks Erik!

Vidhi Virmani

Hello terraformers, I am using this eks module https://github.com/terraform-aws-modules/terraform-aws-vpc and recieving this error

Error: module.eks_cluster.aws_eks_cluster.this: vpc_config.0: invalid or unknown key: endpoint_private_access
terraform-aws-modules/terraform-aws-vpc

Terraform module which creates VPC resources on AWS - terraform-aws-modules/terraform-aws-vpc

Vidhi Virmani

Can anyone help?

aknysh

@Vidhi Virmani i think you are using https://github.com/terraform-aws-modules/terraform-aws-eks, ping @antonbabenko for help with the module

terraform-aws-modules/terraform-aws-eks

A Terraform module to create an Elastic Kubernetes (EKS) cluster and associated worker instances on AWS. - terraform-aws-modules/terraform-aws-eks

Vidhi Virmani

Thanks @aknysh. I have messaged him.

2019-03-18

Erik Osterman
Terraform AWS modules

Collection of Terraform AWS modules supported by the community - Terraform AWS modules

mmuehlberger

Ah, sorry. Moving it.

Terraform AWS modules

Collection of Terraform AWS modules supported by the community - Terraform AWS modules

Erik Osterman

I think you are asking about the cloudposse Atlantis module? Or the one in terraform-aws-modules?

mmuehlberger

Yes, the cloudposse one. I moved it to #terraform or would another channel be better?

2019-02-22

still having problem with the above issue so if anyone has any ideas what could be wrong I gladly take your input! Have updated with comments to the issue. @aknysh @Erik Osterman

aknysh

@ glad you found the issue with the image_id

aknysh

not sure why it’s not working for you, maybe some permissions

aknysh

here https://github.com/cloudposse/terraform-aws-eks-workers/blob/master/main.tf#L124, if you set image_id to some ID, it will not be looked up in the data source (you don’t need to comment out anything)

cloudposse/terraform-aws-eks-workers

Terraform module to provision an AWS AutoScaling Group, IAM Role, and Security Group for EKS Workers - cloudposse/terraform-aws-eks-workers

2019-02-21

having some initial issues getting started with the EKS cluster and workers modules

Asks for var.cluster_certificate_authority_data when referencing module.cluster as in examples · Issue #9 · cloudposse/terraform-aws-eks-cluster

Hi, I&#39;ve made a setup similar to your example where I have both eks_cluster and eks_workers modules. in eks_cluster we have this: cluster_certificate_authority_data = &quot;${module.eks_cluster…

2019-02-14

Erik Osterman
05:22:55 AM

@Erik Osterman set the channel purpose: Discussions related to https://github.com/terraform-aws-modules Archive: https://archive.sweetops.com/terraform-aws-modules/

2019-02-06

bamaral
bamaralf/terraform-aws-s3-bucket

Terraform module which creates S3 bucket resources on AWS - bamaralf/terraform-aws-s3-bucket

2019-01-30

bamaral

@Erik Osterman I liked that we can use null as a variable value. There are the dynamic blocks and for_each loops that I can use to create optional and nested configuration blocks, but this is not straight forward in module that use resources with nested blocks with several levels.

bamaral

I created the modules from scratch

joshmyers

@bamaral Got anything to look at? Am sure lots of folks would be interested

bamaral

I’ll just move the modules from a private repository (not in github) to github and I’ll share the links here

2019-01-29

bamaral

I created Terraform 0.12 modules for several AWS resources.

bamaral

I’ll create some forks hehe

Erik Osterman

@bamaral how was the overall experience?

Erik Osterman

Did you port existing modules or start from scratch?

2019-01-17

terraform-aws-modules/terraform-aws-redshift

Terraform module which creates Redshift resources on AWS - terraform-aws-modules/terraform-aws-redshift

seems it does not support snapshot_copy feature

how are you handling that? we are using a count to check if we require snapshot copy, but feels a bit hacky

antonbabenko

@ I don’t use redshift myself, can’t help much. In any case count is probably the best solution.

1

yeah that is what we do with some other, but as RS was so big, I was trying to avoid doing it

1
antonbabenko

@Max This channel is for questions related to modules under https://github.com/terraform-aws-modules/ org. Consider asking in #terraform which is a better fit.

Terraform AWS modules

Collection of Terraform AWS modules supported by the community - Terraform AWS modules

aknysh

@Max hi, let’s move to #terraform

2019-01-14

Pablo Costa

Thank you guys !!

joshmyers

I have seen this done by having nginx reverse proxy to an s3 bucket

1

2019-01-11

antonbabenko

@Pablo Costa Hi! This channel is for modules inside https://github.com/terraform-aws-modules/ . You can try to copy your question to #terraform , but I will answer you question anyway - no, it is not possible.

Terraform AWS modules

Collection of Terraform AWS modules supported by the community - Terraform AWS modules

aknysh

S3 websites are always public, have public URLs

Wouldn’t this work? https://docs.aws.amazon.com/AmazonS3/latest/dev/example-bucket-policies.html#example-bucket-policies-use-case-3 I think I tested it in the past and it did (not with a TF module though)

Bucket Policy Examples - Amazon Simple Storage Service

Examples of typical use cases for Amazon S3 bucket policies.

aknysh

for the bucket itself yes (you can host the bucket behind a CloudFront CDN), but I think not when it’s a website (need to check that) (plain bucket and S3 website are diff things)

Yup, pretty sure I tested with website as I had a similar use case (without CloudFront)

2019-01-10

Pablo Costa

Hello, I was planning to use terraform-aws-s3-website module for hosting a private website intended to be accessed only through VPN as a kind of intranet site, but I couldn’t find a way to filter the access. Would It be possible ?

2019-01-04

Is there a limitation that prevented BitBucket support for terraform-aws-atlantis?

Erik Osterman

I just think it’s b/c anton didn’t have time to implement it

also because Bitbucket just sucks @ I’ve implemented it with bitbucket, but with a modified version of the module some time ago already.

let me know if you need help

@ Would love to see your modified version. I am also trying to figure out how to work with Fargate - how would I configure AWS credentials, for example?

The Fargate service has an IAM role, you can configure the role to have the Administrator policy, or better, to give it a policy to allow assuming roles into something Terraform works with

1
antonbabenko

I agree to both of you guys - I didn’t have time and desire (aka “use case”) AND bitbucket sucks. Happy week-ends!

2
antonbabenko

Really, it should be very easy to do, if there is a proper support in Terraform.

2018-12-12

Hello there, is this the right place to ask about this module? https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn

since the topic of the channel is different, not sure whether this is the same group of people

cloudposse/terraform-aws-cloudfront-s3-cdn

Terraform module to easily provision CloudFront CDN backed by an S3 origin - cloudposse/terraform-aws-cloudfront-s3-cdn

sorry, I get that

read few messages above

Steven

No, use terraform channel. This is for modules from terraform-aws-modules

1

thanks, sorry for spam

joshmyers

Please don’t use [at]here if possible

1

ok, sorry sorry

joshmyers

NP, as @Steven said, lets move to the #terraform channel

for sure, maybe greetbot could direct me right from the start? haven’t used that one…

Erik Osterman

Oh interesting… you should be receiving a DM from the greetbot with a list of channels and what they do

Erik Osterman

Let me know if you didn’t get that and I’ll look into it

07:14:20 AM

nope, no DM from greetbot, it just welcomed me in the #general channel:

07:15:10 AM

oh he did, sorry:

so that’s just me being stupid. I just didn’t read that … my fault

joshmyers

greetbot has not idea what question you are about to ask

i meant something like: welcome here, this channel is about $topic and not about anything else

1
Erik Osterman

that’s a good point. I want to make sure we’re doing that.

Erik Osterman

Stupid question by me: when you joined, you didn’t see a message about this:

Erik Osterman
06:51:39 PM
Erik Osterman

@

Erik Osterman

hrm… yea, i left and rejoined, didn’t see anything.

Erik Osterman

don’t know if that’s b/c I was already in the channel

I noticed the topic, but my question was about https://github.com/cloudposse/terraform-aws-cloudfront-s3-cdn and I wasn’t sure whether this is about the same or if that’s a different company. #terraform is a place for whole community around terraform including other companies as well then? This is just for “pure” terraform company modules then? I’m quite sure I’ll get there with some questions later

cloudposse/terraform-aws-cloudfront-s3-cdn

Terraform module to easily provision CloudFront CDN backed by an S3 origin - cloudposse/terraform-aws-cloudfront-s3-cdn

2018-11-30

Erik Osterman
12:03:46 AM

@Erik Osterman set the channel topic: https://github.com/terraform-aws-modules/

2018-11-14

Kasun

hey

Kasun
  • aws_elasticsearch_domain_policy.default: InvalidTypeException: Error setting policy: [{ “Version”: “2012-10-17”, “Statement”: [ { “Sid”: “”, “Effect”: “Allow”, “Action”: [ “es:ESHttpPut”, “es:ESHttpPost”, “es:ESHttpGet” ], “Resource”: [ “arnesXXXXX:domain/new-test-es/*”, “arnesXXXXX:domain/new-test-es” ], “Principal”: { “AWS”: “arniam:XXXXXXinstance-profile/kasun-role” } } ] }] status code: 409, request id: b46c5087-e7ee-11e8-8ec7-21744bcecad8
Kasun

after running terraform

Hey Kasun, maybe explain what the problem is and with which Module of terraform-aws-modules and then maybe someone can help you out.

Kasun
cloudposse/terraform-aws-elasticsearch

Terraform module to provision an Elasticsearch cluster with built-in integrations with Kibana and Logstash. - cloudposse/terraform-aws-elasticsearch

Kasun

ecs already created

Kasun

but i could access it publicly

Kasun

seems that dns resolve the vpc ip address .. anyway to access kibana in publicly

09:59:56 AM
1

Ah ok, move it to #terraform , this channel was specifically made for modules of https://github.com/terraform-aws-modules/

Terraform AWS modules

Collection of Terraform AWS modules supported by the community - Terraform AWS modules

2018-11-12

@antonbabenko Hi Anton, I’ve always used this as egress with your modules, since updating last terraform I’m getting continuous updates. Just to check with you.. this is alright correct ?

  egress_with_cidr_blocks = [
      {
        rule        = "all-all"
        cidr_blocks = "0.0.0.0/0"
      },
    ]
jonboulle
02:11:20 PM

@jonboulle has joined the channel

Maybe AWS changed something ? This is how it’s defined in the module and has always been working: all-all = [-1, -1, “-1”, “All protocols”]

Now it seems that with -1 protocol aws still wants from_port and to_port to be both 0

jonboulle

oops

jonboulle

@ yeah I ran into something similar last week with a different API

jonboulle

99.9% sure it’s an AWS change

aknysh

looks like it does require ports be set to 0 if protocol=-1

antonbabenko

Hi guys. I can’t verify this now, but I saw very recently a PR in terraform aws provider which is very much related to this. Maybe there is a breaking change.

antonbabenko
resource/aws_security_group_rule: Properly handle updating description when protocol is -1/ALL by bflad · Pull Request #6407 · terraform-providers/terraform-provider-aws

Fixes #1920 Previously: — FAIL: TestAccAWSSecurityGroupRule_Description_AllPorts (21.74s) testing.go Step 2 error: Error applying: 1 error occurred: * aws_security_group_rule.te…

jonboulle

doh

Gabe
05:11:29 PM

@Gabe has joined the channel

2018-11-10

antonbabenko
06:05:02 PM

@antonbabenko has joined the channel

antonbabenko

I should join this channel, though don’t expect a lot of attention from me unless you mention my username

aknysh

Hi @antonbabenko , nice to have you here :)

Erik Osterman

Ya no worries Anton - don’t expect much activity right now

1

2018-11-09

11:25:22 AM

@ has joined the channel

12:57:27 PM

@ has joined the channel

2018-11-08

endofcake
08:12:33 AM

@endofcake has joined the channel

joshmyers

I’m in the middle of a TF module for a serverless AWS photo gallery driven by dumping images into S3 :D

Erik Osterman

Related but not related, came across this the other day: https://github.com/awslabs/serverless-image-handler

awslabs/serverless-image-handler

A solution to dynamically handle images on the fly, utilizing Thumbor (http://thumbor.org) - awslabs/serverless-image-handler

Erik Osterman

Run Thunbor on lambda

joshmyers

Oh, thumbor looks nice

Andy
11:04:30 AM

@Andy has joined the channel

Steven
01:33:34 PM

@Steven has joined the channel

aknysh
01:33:46 PM

@aknysh has joined the channel

nian
04:34:03 PM

@nian has joined the channel

Yoann
07:23:29 PM

@Yoann has joined the channel

mmarseglia
10:14:22 PM

@mmarseglia has joined the channel

davidvasandani
11:36:05 PM

@davidvasandani has joined the channel

Pablo Costa
01:04:44 AM

@Pablo Costa has joined the channel

2018-11-07

Erik Osterman
06:11:57 AM

@Erik Osterman has joined the channel

Erik Osterman
06:11:57 AM

@Erik Osterman set the channel purpose: Discussions related to https://github.com/terraform-aws-modules

joshmyers
06:45:06 AM

@joshmyers has joined the channel

solairerove
07:06:51 AM

@solairerove has joined the channel

07:25:34 AM

@ has joined the channel

Nikola Velkovski
07:27:03 AM

@Nikola Velkovski has joined the channel

Erik Osterman

I know we’ve been pretty focused on CloudPosse modules, but I want to see if we could enable some a group collaboration for other projects

07:36:49 AM

@ has joined the channel

    keyboard_arrow_up