#terraform-aws-modules (2019-04)

Morning all. Sorry if this is the wrong channel but: Would anyone happen to know if this module can be used to dynamically create 255 /24 subnets? https://github.com/cloudposse/terraform-aws-dynamic-subnets/

Hello terraformers, I am using this eks module https://github.com/terraform-aws-modules/terraform-aws-vpc and recieving this error

Error: module.eks_cluster.aws_eks_cluster.this: vpc_config.0: invalid or unknown key: endpoint_private_access

Can anyone help?

@Vidhi Virmani i think you are using https://github.com/terraform-aws-modules/terraform-aws-eks, ping @antonbabenko for help with the module

Thanks @Andriy Knysh (Cloud Posse). I have messaged him.

Open an issue in that repo and maybe someone will be able to help with EKS module.

Try to update the aws provider: “terraform init -upgrade” because endpoint private access is a recent feature

@antonbabenko Is there a way to add custom providers to terraform-aws-atlantis without making a new atlantis image?

Do you mean terraform providers which you can use in your terraform configs?

Yes

You can call custom command/script (https://www.runatlantis.io/docs/custom-workflows.html#custom-init-plan-apply-commands) which will download providers before running terraform plan

but I think embedding them into an image is good option if you are not going to change them very often.

I thought of that, but concluded it’s too hacky.. haha

agree

Thank you

Hey folks, I’m trying to use this module - https://registry.terraform.io/modules/cloudposse/cloudfront-s3-cdn/aws/0.7.0 - and am encountering a CORS error when Terraform is setting up the S3 bucket

Hey @Edd this channel is for https://github.com/terraform-aws-modules/

maybe try #terraform

anyone ever use this module? https://github.com/terraform-aws-modules/terraform-aws-security-group/tree/v2.16.0

in the readme example, they’re passing in a VPC ID as a CIDR block for a security group rule

module "db_computed_merged_sg" {
  # omitted for brevity

  computed_ingress_cidr_blocks = ["10.10.0.0/16", "${data.aws_security_group.default.id}", "${module.vpc.vpc_id}"]
  number_of_computed_ingress_cidr_blocks = 3
}

but I’m having some issue doing the same

@cabrinha just briefly looking at the code above (I did not use the module), looks like both "${data.aws_security_group.default.id}", "${module.vpc.vpc_id}" do not return CIDR blocks - they return IDs

exactly, so im wondering if its supposed to be possible to pass in a VPC ID into the module

maybe i should just open an issue asking that question

Hi all, I have a question about this module (let me know if I am asking in the wrong channel!) https://github.com/cloudposse/terraform-aws-ecs-web-app?ref=tags/0.5.0 . Is there a way to create a task definition with multiple images defined? It seems possible via this module - https://github.com/cloudposse/terraform-aws-ecs-container-definition/blob/master/examples/multiple_definitions/main.tf - but this is being used by the terraform-aws-ecs-web-app and I believe I can’t pass directly to it. Thank you for any and all help?

hi @Noah Kernis let’s move to #terraform

@Andriy Knysh (Cloud Posse) moving there

https://registry.terraform.io/modules/cloudposse/efs/aws/0.8.1

I feel like we should be able to override certain tags/names

like namespace – this means nothing to me or my org

but it turns out the name of the DNS record created is affected by this and I have no control over that DNS name

in the end, the cloudposse modules are designed to be internally consistent

due to limitations of the HCL language, we cannot easily accommodate the differences in naming conventions

(for example, environment vs stage)

this is quite opinionated, but is the only way we’ve been able to manage writing 140+ terraform modules that work relatively well together

why not use the established convention namespace-stage-name? what’s wrong with using `namespace? It could be your org name or abbreviation, or just something else specific to your use-case

i feel like it could be easy to override the tags or leave them out

(nothing is easy when the change means percolating it out to 140 repositories = 140+ pull requests)

so the main reason of doing that is to have consistent and globally unique names for ALL AWS resources

especially for global resources like S3 buckets

where you can easily have naming conflicts

so by using everything consistently, we usually eliminate the possibilities of conflicts (on global resources as well)

when you automate everything, naming global AWS resources is difficult

thats fine and makes sense

i guess i can still add my own additional tags

so why not use the same patterns to name ALL resources? it’s easy to automate w/o thinking about it

i just dont like that this EFS module created a DNS record prefixed with eg-

eg-$my_env-$my_name-efs.$my_domain

so that’s a great name however, a CNAME to your service discovery domain would be even nicer

the e.g. is for “Example given”

we default to that ugly prefix so users change it

i’d love to have service discovery here, we’re working on that

yeah so … changing it…

why can i change but not omit?

i just want $my_env-$my_name-efs.$my_domain as the cname

I think in current versions of terraform-null-label we don’t enforce the namespace, however, it’s not been percolated out

perhaps i could open a PR

that said, from a consistency perspective, i don’t like it since it leads to inconsistency and while that works in smaller infrastructures it falls apart at scale.

a naming convention is a naming convention … as long as it’s consistent, it can be xyz-efs.$my_domain – users should be able to create their own conventions

https://github.com/cloudposse/terraform-null-label/blob/master/main.tf#L7

not sure if this is where i’m supposed to be looking

https://github.com/cloudposse/terraform-aws-efs/pull/24

Ah, perhaps the real fix is here: https://github.com/cloudposse/terraform-aws-route53-cluster-hostname

I’m not sure I’m understanding how all these modules are chained together, but I think it’s understood what I’m trying to do.

actually, by setting namespace to an empty string, it works!

BUT

I still would like complete control over the DNS name that gets created. Why not offer that to users of the module and if nothing is set, it’ll use the defaults currently in place?

I feel like there should just be simple way to override the naming of these things.

From looking at the code, it’s kind of hard to tell how the DNS CNAME is going to come out the other end.

@Erik Osterman (Cloud Posse) @Andriy Knysh (Cloud Posse) what do you think? https://github.com/cloudposse/terraform-aws-efs/pull/25

If you guys want me to update the docs and stuff like that just lmk if we can move this forward.

@cabrinha thanks, reviewed the PR

Updated

SO nice to be able to get an option added to this module within the cours of a couple hours!

next time, let’s do it in #terraform

this channel is for https://github.com/terraform-aws-modules/

will do

Hi, is there any option on terraform-aws-cloudtrail to configure a trail for an organization?

For all member accounts of that organization, the option is_organization_trail on the aws_cloudtrail

@Roger Gomez https://github.com/cloudposse/terraform-aws-cloudtrail was created before AWS added CloudTrail for organizations

you can open a PR to add is_organization_trail

ok, I will do that, thanks, working on it now

let’s move to #terraform , this channel is for https://github.com/terraform-aws-modules/